View Bazaar branches
Get this repository:
git clone https://git.launchpad.net/ubuntu/+source/ecryptfs-utils
Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
importer/ubuntu/dsc 2018-04-08 03:55:00 UTC 2018-04-08
DSC file for 111-0ubuntu5

Author: Ubuntu Git Importer
Author Date: 2018-04-08 03:55:00 UTC

DSC file for 111-0ubuntu5

importer/ubuntu/pristine-tar 2018-04-08 03:52:43 UTC 2018-04-08
pristine-tar data for ecryptfs-utils_111.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-04-08 03:52:43 UTC

pristine-tar data for ecryptfs-utils_111.orig.tar.gz

importer/debian/dsc 2018-04-08 03:01:06 UTC 2018-04-08
DSC file for 111-4

Author: Ubuntu Git Importer
Author Date: 2018-04-08 03:01:06 UTC

DSC file for 111-4

importer/debian/pristine-tar 2018-04-08 03:00:15 UTC 2018-04-08
pristine-tar data for ecryptfs-utils_111.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-04-08 03:00:15 UTC

pristine-tar data for ecryptfs-utils_111.orig.tar.gz

ubuntu/bionic-devel 2017-09-27 14:13:20 UTC 2017-09-27
Import patches-unapplied version 111-0ubuntu5 to ubuntu/artful-proposed

Author: Mathieu Trudel-Lapierre
Author Date: 2017-09-25 17:31:22 UTC

Import patches-unapplied version 111-0ubuntu5 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: f7768e17bde502b555c9d0a9a20c8a71c1adbfa9

New changelog entries:
  [ Alberto Pianon ]
  * debian/patches/swapfile-support.patch: Fix swapfile support. (LP: #1670336)
    - src/utils/ecryptfs-setup-swap: revise script for a world with swapfiles.
    - src/utils/ecryptfs-setup-swap: make sure we can restart ecryptfs with
      systemd.

ubuntu/artful-devel 2017-09-27 14:13:20 UTC 2017-09-27
Import patches-unapplied version 111-0ubuntu5 to ubuntu/artful-proposed

Author: Mathieu Trudel-Lapierre
Author Date: 2017-09-25 17:31:22 UTC

Import patches-unapplied version 111-0ubuntu5 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: f7768e17bde502b555c9d0a9a20c8a71c1adbfa9

New changelog entries:
  [ Alberto Pianon ]
  * debian/patches/swapfile-support.patch: Fix swapfile support. (LP: #1670336)
    - src/utils/ecryptfs-setup-swap: revise script for a world with swapfiles.
    - src/utils/ecryptfs-setup-swap: make sure we can restart ecryptfs with
      systemd.

ubuntu/bionic 2017-09-27 14:13:20 UTC 2017-09-27
Import patches-unapplied version 111-0ubuntu5 to ubuntu/artful-proposed

Author: Mathieu Trudel-Lapierre
Author Date: 2017-09-25 17:31:22 UTC

Import patches-unapplied version 111-0ubuntu5 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: f7768e17bde502b555c9d0a9a20c8a71c1adbfa9

New changelog entries:
  [ Alberto Pianon ]
  * debian/patches/swapfile-support.patch: Fix swapfile support. (LP: #1670336)
    - src/utils/ecryptfs-setup-swap: revise script for a world with swapfiles.
    - src/utils/ecryptfs-setup-swap: make sure we can restart ecryptfs with
      systemd.

ubuntu/artful-proposed 2017-09-27 14:13:20 UTC 2017-09-27
Import patches-unapplied version 111-0ubuntu5 to ubuntu/artful-proposed

Author: Mathieu Trudel-Lapierre
Author Date: 2017-09-25 17:31:22 UTC

Import patches-unapplied version 111-0ubuntu5 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: f7768e17bde502b555c9d0a9a20c8a71c1adbfa9

New changelog entries:
  [ Alberto Pianon ]
  * debian/patches/swapfile-support.patch: Fix swapfile support. (LP: #1670336)
    - src/utils/ecryptfs-setup-swap: revise script for a world with swapfiles.
    - src/utils/ecryptfs-setup-swap: make sure we can restart ecryptfs with
      systemd.

ubuntu/artful 2017-09-27 14:13:20 UTC 2017-09-27
Import patches-unapplied version 111-0ubuntu5 to ubuntu/artful-proposed

Author: Mathieu Trudel-Lapierre
Author Date: 2017-09-25 17:31:22 UTC

Import patches-unapplied version 111-0ubuntu5 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: f7768e17bde502b555c9d0a9a20c8a71c1adbfa9

New changelog entries:
  [ Alberto Pianon ]
  * debian/patches/swapfile-support.patch: Fix swapfile support. (LP: #1670336)
    - src/utils/ecryptfs-setup-swap: revise script for a world with swapfiles.
    - src/utils/ecryptfs-setup-swap: make sure we can restart ecryptfs with
      systemd.

ubuntu/devel 2017-09-27 14:13:20 UTC 2017-09-27
Import patches-unapplied version 111-0ubuntu5 to ubuntu/artful-proposed

Author: Mathieu Trudel-Lapierre
Author Date: 2017-09-25 17:31:22 UTC

Import patches-unapplied version 111-0ubuntu5 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: f7768e17bde502b555c9d0a9a20c8a71c1adbfa9

New changelog entries:
  [ Alberto Pianon ]
  * debian/patches/swapfile-support.patch: Fix swapfile support. (LP: #1670336)
    - src/utils/ecryptfs-setup-swap: revise script for a world with swapfiles.
    - src/utils/ecryptfs-setup-swap: make sure we can restart ecryptfs with
      systemd.

ubuntu/cosmic-devel 2017-09-27 14:13:20 UTC 2017-09-27
Import patches-unapplied version 111-0ubuntu5 to ubuntu/artful-proposed

Author: Mathieu Trudel-Lapierre
Author Date: 2017-09-25 17:31:22 UTC

Import patches-unapplied version 111-0ubuntu5 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: f7768e17bde502b555c9d0a9a20c8a71c1adbfa9

New changelog entries:
  [ Alberto Pianon ]
  * debian/patches/swapfile-support.patch: Fix swapfile support. (LP: #1670336)
    - src/utils/ecryptfs-setup-swap: revise script for a world with swapfiles.
    - src/utils/ecryptfs-setup-swap: make sure we can restart ecryptfs with
      systemd.

ubuntu/cosmic 2017-09-27 14:13:20 UTC 2017-09-27
Import patches-unapplied version 111-0ubuntu5 to ubuntu/artful-proposed

Author: Mathieu Trudel-Lapierre
Author Date: 2017-09-25 17:31:22 UTC

Import patches-unapplied version 111-0ubuntu5 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: f7768e17bde502b555c9d0a9a20c8a71c1adbfa9

New changelog entries:
  [ Alberto Pianon ]
  * debian/patches/swapfile-support.patch: Fix swapfile support. (LP: #1670336)
    - src/utils/ecryptfs-setup-swap: revise script for a world with swapfiles.
    - src/utils/ecryptfs-setup-swap: make sure we can restart ecryptfs with
      systemd.

applied/debian/sid 2017-03-18 16:12:34 UTC 2017-03-18
Import patches-applied version 111-4 to applied/debian/sid

Author: Laszlo Boszormenyi
Author Date: 2017-03-18 12:32:08 UTC

Import patches-applied version 111-4 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 9433925ee1064121d3257a412b629417c481b79f
Unapplied parent: d247d33abae62978cc9e2b479514ea8586fd920d

New changelog entries:
  * Correct _libecryptfs.so symlink in python-ecryptfs (closes: #857417).

applied/debian/stretch 2017-03-18 16:12:34 UTC 2017-03-18
Import patches-applied version 111-4 to applied/debian/sid

Author: Laszlo Boszormenyi
Author Date: 2017-03-18 12:32:08 UTC

Import patches-applied version 111-4 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 9433925ee1064121d3257a412b629417c481b79f
Unapplied parent: d247d33abae62978cc9e2b479514ea8586fd920d

New changelog entries:
  * Correct _libecryptfs.so symlink in python-ecryptfs (closes: #857417).

applied/debian/buster 2017-03-18 16:12:34 UTC 2017-03-18
Import patches-applied version 111-4 to applied/debian/sid

Author: Laszlo Boszormenyi
Author Date: 2017-03-18 12:32:08 UTC

Import patches-applied version 111-4 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 9433925ee1064121d3257a412b629417c481b79f
Unapplied parent: d247d33abae62978cc9e2b479514ea8586fd920d

New changelog entries:
  * Correct _libecryptfs.so symlink in python-ecryptfs (closes: #857417).

debian/buster 2017-03-18 16:12:34 UTC 2017-03-18
Import patches-unapplied version 111-4 to debian/sid

Author: Laszlo Boszormenyi
Author Date: 2017-03-18 12:32:08 UTC

Import patches-unapplied version 111-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2abc944aece5a765f5b2ba35a550244707c0bdb5

New changelog entries:
  * Correct _libecryptfs.so symlink in python-ecryptfs (closes: #857417).

debian/sid 2017-03-18 16:12:34 UTC 2017-03-18
Import patches-unapplied version 111-4 to debian/sid

Author: Laszlo Boszormenyi
Author Date: 2017-03-18 12:32:08 UTC

Import patches-unapplied version 111-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2abc944aece5a765f5b2ba35a550244707c0bdb5

New changelog entries:
  * Correct _libecryptfs.so symlink in python-ecryptfs (closes: #857417).

debian/stretch 2017-03-18 16:12:34 UTC 2017-03-18
Import patches-unapplied version 111-4 to debian/sid

Author: Laszlo Boszormenyi
Author Date: 2017-03-18 12:32:08 UTC

Import patches-unapplied version 111-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2abc944aece5a765f5b2ba35a550244707c0bdb5

New changelog entries:
  * Correct _libecryptfs.so symlink in python-ecryptfs (closes: #857417).

ubuntu/yakkety-devel 2016-09-13 09:49:41 UTC 2016-09-13
Import patches-unapplied version 111-0ubuntu4 to ubuntu/yakkety-proposed

Author: Matthias Klose
Author Date: 2016-09-13 09:34:34 UTC

Import patches-unapplied version 111-0ubuntu4 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: a309301c5b71482e27f7a57596e7902371b847ad

New changelog entries:
  * Drop the hard-coded libnss3-1d dependency.

ubuntu/zesty-devel 2016-09-13 09:49:41 UTC 2016-09-13
Import patches-unapplied version 111-0ubuntu4 to ubuntu/yakkety-proposed

Author: Matthias Klose
Author Date: 2016-09-13 09:34:34 UTC

Import patches-unapplied version 111-0ubuntu4 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: a309301c5b71482e27f7a57596e7902371b847ad

New changelog entries:
  * Drop the hard-coded libnss3-1d dependency.

ubuntu/yakkety-proposed 2016-09-13 09:49:41 UTC 2016-09-13
Import patches-unapplied version 111-0ubuntu4 to ubuntu/yakkety-proposed

Author: Matthias Klose
Author Date: 2016-09-13 09:34:34 UTC

Import patches-unapplied version 111-0ubuntu4 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: a309301c5b71482e27f7a57596e7902371b847ad

New changelog entries:
  * Drop the hard-coded libnss3-1d dependency.

ubuntu/yakkety 2016-09-13 09:49:41 UTC 2016-09-13
Import patches-unapplied version 111-0ubuntu4 to ubuntu/yakkety-proposed

Author: Matthias Klose
Author Date: 2016-09-13 09:34:34 UTC

Import patches-unapplied version 111-0ubuntu4 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: a309301c5b71482e27f7a57596e7902371b847ad

New changelog entries:
  * Drop the hard-coded libnss3-1d dependency.

ubuntu/zesty 2016-09-13 09:49:41 UTC 2016-09-13
Import patches-unapplied version 111-0ubuntu4 to ubuntu/yakkety-proposed

Author: Matthias Klose
Author Date: 2016-09-13 09:34:34 UTC

Import patches-unapplied version 111-0ubuntu4 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: a309301c5b71482e27f7a57596e7902371b847ad

New changelog entries:
  * Drop the hard-coded libnss3-1d dependency.

ubuntu/wily-devel 2016-07-14 15:15:03 UTC 2016-07-14
Import patches-unapplied version 108-0ubuntu1.2 to ubuntu/wily-security

Author: Tyler Hicks
Author Date: 2016-07-13 05:57:21 UTC

Import patches-unapplied version 108-0ubuntu1.2 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: b783127d9ed349eb846c6afad43e391e715482d6

New changelog entries:
  * SECURITY UPDATE: Information exposure via unencrypted swap partitions. The
    swap partition was not configured to use encryption when GPT partitioning
    was in use on NVMe and MMC drives.
    - debian/patches/set-up-encrypted-swap-on-nvme-and-mmc.patch: Properly
      handle the formatting of the path to swap partitions on NVMe and MMC
      drives so that they're correctly marked as not to be automatically
      mounted by systemd. Based on upstream patch from Jason Gerard DeRose.
      (LP: #1597154)
    - debian/ecryptfs-utils.postinst: Fix any unencrypted GPT swap partitions
      that have mistakenly remained marked as auto mount. This should only
      modify the swap partitions on systems that ecryptfs-setup-swap has been
      used on. (LP: #1447282, LP: #1597154)
    - CVE not yet assigned

ubuntu/wily-security 2016-07-14 15:15:03 UTC 2016-07-14
Import patches-unapplied version 108-0ubuntu1.2 to ubuntu/wily-security

Author: Tyler Hicks
Author Date: 2016-07-13 05:57:21 UTC

Import patches-unapplied version 108-0ubuntu1.2 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: b783127d9ed349eb846c6afad43e391e715482d6

New changelog entries:
  * SECURITY UPDATE: Information exposure via unencrypted swap partitions. The
    swap partition was not configured to use encryption when GPT partitioning
    was in use on NVMe and MMC drives.
    - debian/patches/set-up-encrypted-swap-on-nvme-and-mmc.patch: Properly
      handle the formatting of the path to swap partitions on NVMe and MMC
      drives so that they're correctly marked as not to be automatically
      mounted by systemd. Based on upstream patch from Jason Gerard DeRose.
      (LP: #1597154)
    - debian/ecryptfs-utils.postinst: Fix any unencrypted GPT swap partitions
      that have mistakenly remained marked as auto mount. This should only
      modify the swap partitions on systems that ecryptfs-setup-swap has been
      used on. (LP: #1447282, LP: #1597154)
    - CVE not yet assigned

ubuntu/wily-updates 2016-07-14 15:15:03 UTC 2016-07-14
Import patches-unapplied version 108-0ubuntu1.2 to ubuntu/wily-security

Author: Tyler Hicks
Author Date: 2016-07-13 05:57:21 UTC

Import patches-unapplied version 108-0ubuntu1.2 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: b783127d9ed349eb846c6afad43e391e715482d6

New changelog entries:
  * SECURITY UPDATE: Information exposure via unencrypted swap partitions. The
    swap partition was not configured to use encryption when GPT partitioning
    was in use on NVMe and MMC drives.
    - debian/patches/set-up-encrypted-swap-on-nvme-and-mmc.patch: Properly
      handle the formatting of the path to swap partitions on NVMe and MMC
      drives so that they're correctly marked as not to be automatically
      mounted by systemd. Based on upstream patch from Jason Gerard DeRose.
      (LP: #1597154)
    - debian/ecryptfs-utils.postinst: Fix any unencrypted GPT swap partitions
      that have mistakenly remained marked as auto mount. This should only
      modify the swap partitions on systems that ecryptfs-setup-swap has been
      used on. (LP: #1447282, LP: #1597154)
    - CVE not yet assigned

ubuntu/xenial-devel 2016-07-14 15:15:03 UTC 2016-07-14
Import patches-unapplied version 111-0ubuntu1.1 to ubuntu/xenial-security

Author: Tyler Hicks
Author Date: 2016-07-13 05:36:59 UTC

Import patches-unapplied version 111-0ubuntu1.1 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 1c1677debc2e26c5f3c7fd28cfc06c0412b898fd

New changelog entries:
  * SECURITY UPDATE: Information exposure via unencrypted swap partitions. The
    swap partition was not configured to use encryption when GPT partitioning
    was in use on NVMe and MMC drives.
    - debian/patches/set-up-encrypted-swap-on-nvme-and-mmc.patch: Properly
      handle the formatting of the path to swap partitions on NVMe and MMC
      drives so that they're correctly marked as not to be automatically
      mounted by systemd. Based on upstream patch from Jason Gerard DeRose.
      (LP: #1597154)
    - debian/ecryptfs-utils.postinst: Fix any unencrypted GPT swap partitions
      that have mistakenly remained marked as auto mount. This should only
      modify the swap partitions on systems that ecryptfs-setup-swap has been
      used on. (LP: #1447282, LP: #1597154)
    - CVE not yet assigned

ubuntu/xenial-security 2016-07-14 15:15:03 UTC 2016-07-14
Import patches-unapplied version 111-0ubuntu1.1 to ubuntu/xenial-security

Author: Tyler Hicks
Author Date: 2016-07-13 05:36:59 UTC

Import patches-unapplied version 111-0ubuntu1.1 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 1c1677debc2e26c5f3c7fd28cfc06c0412b898fd

New changelog entries:
  * SECURITY UPDATE: Information exposure via unencrypted swap partitions. The
    swap partition was not configured to use encryption when GPT partitioning
    was in use on NVMe and MMC drives.
    - debian/patches/set-up-encrypted-swap-on-nvme-and-mmc.patch: Properly
      handle the formatting of the path to swap partitions on NVMe and MMC
      drives so that they're correctly marked as not to be automatically
      mounted by systemd. Based on upstream patch from Jason Gerard DeRose.
      (LP: #1597154)
    - debian/ecryptfs-utils.postinst: Fix any unencrypted GPT swap partitions
      that have mistakenly remained marked as auto mount. This should only
      modify the swap partitions on systems that ecryptfs-setup-swap has been
      used on. (LP: #1447282, LP: #1597154)
    - CVE not yet assigned

ubuntu/xenial-updates 2016-07-14 15:15:03 UTC 2016-07-14
Import patches-unapplied version 111-0ubuntu1.1 to ubuntu/xenial-security

Author: Tyler Hicks
Author Date: 2016-07-13 05:36:59 UTC

Import patches-unapplied version 111-0ubuntu1.1 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 1c1677debc2e26c5f3c7fd28cfc06c0412b898fd

New changelog entries:
  * SECURITY UPDATE: Information exposure via unencrypted swap partitions. The
    swap partition was not configured to use encryption when GPT partitioning
    was in use on NVMe and MMC drives.
    - debian/patches/set-up-encrypted-swap-on-nvme-and-mmc.patch: Properly
      handle the formatting of the path to swap partitions on NVMe and MMC
      drives so that they're correctly marked as not to be automatically
      mounted by systemd. Based on upstream patch from Jason Gerard DeRose.
      (LP: #1597154)
    - debian/ecryptfs-utils.postinst: Fix any unencrypted GPT swap partitions
      that have mistakenly remained marked as auto mount. This should only
      modify the swap partitions on systems that ecryptfs-setup-swap has been
      used on. (LP: #1447282, LP: #1597154)
    - CVE not yet assigned

applied/debian/wheezy 2016-04-02 23:23:06 UTC 2016-04-02
Import patches-applied version 99-1+deb7u1 to applied/debian/wheezy

Author: Salvatore Bonaccorso
Author Date: 2016-01-18 20:28:39 UTC

Import patches-applied version 99-1+deb7u1 to applied/debian/wheezy

Imported using git-ubuntu import.

Changelog parent: bda7ba64b99efd50e9f972a38f08860b021a74c3
Unapplied parent: 1e5c5d81fc8d62969b2d8178861a8e66a401c19e

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * CVE-2016-1572: privilege escalation by mounting over /proc/$pid.

debian/wheezy 2016-04-02 23:23:06 UTC 2016-04-02
Import patches-unapplied version 99-1+deb7u1 to debian/wheezy

Author: Salvatore Bonaccorso
Author Date: 2016-01-18 20:28:39 UTC

Import patches-unapplied version 99-1+deb7u1 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: 674588fa1edf9524bd75a5720ab6b8900670d4a2

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * CVE-2016-1572: privilege escalation by mounting over /proc/$pid.

applied/debian/jessie 2016-04-02 22:54:13 UTC 2016-04-02
Import patches-applied version 103-5+deb8u1 to applied/debian/jessie

Author: Salvatore Bonaccorso
Author Date: 2016-01-18 19:38:32 UTC

Import patches-applied version 103-5+deb8u1 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: f4a430325b222c330e80a9a6ce3e20f5e615a3ae
Unapplied parent: 0dbd5fe0a33492c7ea729f223470c8ddab316dbd

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * CVE-2016-1572: privilege escalation by mounting over /proc/$pid.

debian/jessie 2016-04-02 22:54:13 UTC 2016-04-02
Import patches-unapplied version 103-5+deb8u1 to debian/jessie

Author: Salvatore Bonaccorso
Author Date: 2016-01-18 19:38:32 UTC

Import patches-unapplied version 103-5+deb8u1 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 838edce8daeb740028448514ab30cb969891766b

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * CVE-2016-1572: privilege escalation by mounting over /proc/$pid.

ubuntu/xenial 2016-02-27 00:23:52 UTC 2016-02-27
Import patches-unapplied version 111-0ubuntu1 to ubuntu/xenial-proposed

Author: Dustin Kirkland 
Author Date: 2016-02-26 23:58:16 UTC

Import patches-unapplied version 111-0ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: dd52703b628dbc7ba718e7d068506782c275f428

New changelog entries:
  * src/utils/ecryptfs-setup-private: LP: #1328689
    - fix a long standing bug, where setting up an encrypted private,
      encrypted home, or migrating to an encrypted home did not work
      correctly over ssh sessions
    - the root cause of the bug is some complexity in the handling of
      user keyrings and session keyrings
    - the long term solution would be to correctly use session keyrings
    - the short term solution is to continue linking user and session
      keyrings
  * xenial
  [ Tyler Hicks ]
  * Remove unnecessary dependencies in the Debian packaging (LP: #1548975)
    - debian/control: Remove opencryptoki from ecryptfs-utils
      Suggests and libopencryptoki-dev from libecryptfs-dev Depends as
      openCryptoki is not a dependency of eCryptfs.
    - debian/rules: Remove openCryptoki related logic since it was not being
      used and is no longer needed
    - debian/control: Remove libtspi-dev from libecryptfs-dev Depends since
      --disable-tspi is passed to the configure script
    - debian/control: Remove libpkcs11-helper1-dev from libecryptfs-dev
      Depends since --disable-pkcs11-helper is passed to the configure script
    - debian/control: Remove libgpg-error-dev and libgpgme11-dev from
      libecryptfs-dev Depends since --disable-gpg is passed to the configure
      script
    - debian/control: Remove libgcrypt11-dev from Build-Depends and
      libecryptfs-dev Depends since --enable-nss is passed to the configure
      script to use NSS instead of Libgcrypt
    - debian/control: Remove libkeyutils-dev and libpam0g-dev from
      libecryptfs-dev Depends since these are build-time dependencies and not
      run-time dependencies
  [ Maikel ]
  * doc/manpage/ecryptfs-migrate-home.8: Fix typos in man page (LP: #1518787)
  [ Kylie McClain ]
  * src/utils/mount.ecryptfs.c, src/utils/mount.ecryptfs_private.c: Fix build
    issues on musl libc (LP: #1514625)
  [ Colin Ian King ]
  * src/daemon/main.c:
    - Static analysis with Clang's scan-build shows that we can potentially
      overflow the input buffer if the input is equal or more than the buffer
      size. Need to guard against this by:
      1. Only reading in input_size - 1 chars
      2. Checking earlier on to see if input_size is value to insure that we
         read in at least 1 char
  [ Tyler Hicks ]
  * src/utils/mount.ecryptfs_private.c:
    - Refuse to mount over non-standard filesystems. Mounting over
      certain types filesystems is a red flag that the user is doing
      something devious, such as mounting over the /proc/self symlink
      target with malicious content in order to confuse programs that may
      attempt to parse those files. (LP: #1530566)
  [ Martin Pitt ]
  * src/utils/ecryptfs-setup-swap:
    - Add setup-swap-check-links.patch: When commenting out existing swap, also
      consider device symlinks like /dev/mapper/ubuntu--vg-swap_1 or
      /dev/disks/by-uuid/ into account. Fixes broken cryptswap under LVM and
      manual setups. (LP: #1453738)
  * src/utils/ecryptfs-setup-swap, debian/ecryptfs-utils.postinst:
    - On upgrade, uncomment underlying
      unencrypted swap partitions that are referred to by a device link when
      crypttab and fstab have a "cryptswap*" device referring to them.
  * debian/control, debian/libecryptfs0.install,
    debian/libecryptfs0.links, debian/libecryptfs0.shlibs:
    - Rename libecryptfs0 to libecryptfs1 and adjust the packaging. It has
      actually shipped libecryptfs.so.1 since at least trusty. Add
      C/R/P: libecryptfs0 for smoother upgrades, this needs to be kept until
      after 16.04 LTS.
  [ Tyler Hicks ]
  * src/utils/mount.ecryptfs_private.c: Implement proper option parsing to
    restore the -f option when unmounting and display a helpful usage message
    (LP: #1454388)
  * src/utils/mount.ecryptfs_private.c: Add an option, -d, to
    umount.ecryptfs_private to treat the situation where the encrypted private
    session counter is nonzero, after decrementing it, as a non-error
    situation. No error message is printed to stderr and the exit status is 0.
  * src/pam_ecryptfs/pam_ecryptfs.c: Use the new umount.ecryptfs_private '-d'
    option to silence the error message that was printed to stderr when the
    encrypted private session counter is nonzero after being decremented.
    (LP: #1454319)
  * src/utils/ecryptfs-umount-private: Return 1 if umount.ecryptfs_private
    encounters an error. The ecryptfs-umount-private script was previously
    returning 0 even when umount.ecryptfs_private exited upon error.
  * debian/control: Fix 'Please add dh-python package to Build-Depends'
    build warning
  [ Dustin Kirkland ]
  * debian/libecryptfs1.install, debian/libecryptfs1.links,
    debian/libecryptfs1.shlibs:
    - fix ftbfs, add missing files
  [ Dustin Kirkland ]
  * scripts/release.sh:
    - a few more release script improvements, build the source
      package for the Ubuntu development distro
  * debian/control:
    - build depend on distro-info, which we use in our release script
  [ Tyler Hicks ]
  * src/libecryptfs/key_management.c:
    - Fix a regression when reading version 1 wrapped passphrase files. A
      return code indicating success was always returned even when an error
      was encountered. The impact is low since the error situation is still
      caught when validating either the wrapping password's signature or the
      wrapped passphrase's signature. Thanks to László Böszörményi for
      catching this mistake.
    - Reject empty passphrases passed into ecryptfs_wrap_passphrase()
  * src/libecryptfs/main.c:
    - Reject empty wrapping passphrases passed into generate_passphrase_sig()
  [ Dustin Kirkland and Martin Pitt ]
  * debian/ecryptfs-utils.postinst: LP: #953875
    - detect and clean up after nonexisting cryptswap devices
  [ Tyler Hicks ]
  * tests/userspace/Makefile.am: Fix the 'make check' failure present in the
    ecryptfs-utils-105 release tarball. The failure was due to the automake
    file not specifying that some data files should be distributed as part
    of the v1-to-v2-wrapped-passphrase test, causing the test to fail due to
    the missing files.
  [ Dustin Kirkland ]
  * scripts/release.sh:
    - ensure that we try a binary build as part of the release process
    - make sure we're in the original working directory when we release
    - remove the -x option, too noisy
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs.7: LP: #1267640
    - fix inconsistency in man page for passphrase_passwd_file format
  * doc/manpage/ecryptfs-setup-private.1, src/utils/ecryptfs-setup-
    private, src/utils/ecryptfs-setup-swap: LP: #1420424
    - use /dev/random rather than /dev/urandom for long lived keys
  * src/utils/ecryptfs-setup-private:
    - use /dev/urandom for our testing, as we read a lot of info
  * src/utils/ecryptfs-setup-swap: LP: #953875, #1086140
    - fix a whitespace bug in a grep, that might cause us to not
      comment out the old swap space in /etc/fstab
    - offset the start of the encrypted swap space by 1KB, which
      ensures that we don't overwrite the UUID label on the header
      of the partition
    - use the aes-xts block cipher, and plain64 initialization vector,
      which are current best practice here
    - fixed a grammar nitpick
  [ Colin King ]
  * src/libecryptfs/key_management.c, src/utils/mount.ecryptfs.c:
    - A couple of minor fixes: Fix a memory leak and handle out of memory
      error, as found by using cppcheck.
  * src/utils/mount.ecryptfs.c
    - fix potential double free on yesno if get_string_stdin exits early
      without allocating a new buffer and we free yesno on the exit clean
      up path.
  * src/libecryptfs/cmd_ln_parser.c
    - remove redundant if / goto statement that does nothing.
  [ Anders Kaseorg ]
  * src/pam_ecryptfs/pam_ecryptfs.c: exit (not return) from forked child on
    error (LP: #1323421)
  [ Tyler Hicks ]
  * Introduce the version 2 wrapped-passphrase file format. It adds the
    ability to combine a randomly generated salt with the wrapping password
    (typically, a user's login password) prior to performing key
    strengthening. The version 2 file format is considered to be a
    intermediate step in strengthening the wrapped-passphrase files of
    existing encrypted home/private users. Support for reading/writing version
    2 wrapped-passphrase files and transparent migration, through
    pam_ecryptfs, from version 1 to version 2 files is considered safe enough
    to backport to stable distro releases. The libecryptfs ABI around
    wrapped-passphrase file handling is not broken.
    - CVE-2014-9687
  * Run wrap-unwrap.sh test as part of the make check target.
  * Add a new test, called v1-to-v2-wrapped-passphrase.sh, which is suitable
    for the make check target and verifies v1 to v2 wrapped-passphrase file
    migration.
  * Create a temporary file when creating a new wrapped-passphrase file and
    copy it to its final destination after the file has been fully synced to
    disk (LP: #1020902)
  [ Colin King ]
  * src/libecryptfs/ecryptfs-stat.c, tests/kernel/extend-file-
    random/test.c, tests/kernel/inode-race-stat/test.c,
    tests/kernel/trunc-file/test.c:
    - Fixed some 32 bit build warnings
  * src/libecryptfs/decision_graph.c, src/libecryptfs/key_management.c,
    src/libecryptfs/main.c, src/libecryptfs/module_mgr.c, src/utils/io.c,
    src/utils/mount.ecryptfs_private.c, tests/kernel/inotify/test.c,
    tests/kernel/trunc-file/test.c, tests/userspace/wrap-unwrap/test.c:
    - Fixed a pile of minor bugs (memory leaks, unclosed file descriptors,
      etc.) mostly in error paths
  * src/key_mod/ecryptfs_key_mod_passphrase.c, src/libecryptfs/main.c,
    src/pam_ecryptfs/pam_ecryptfs.c:
    - more Coverity fixes, memory leak, error checking, etc.
  [ Nobuto MURATA ]
  * fix an empty update-notifier window (LP: #1107650)
    - changes made in Rev.758 was incomplete
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7:
    - adjust man page text to avoid confusion about whether the interactive
      mount helper takes a capital 'N' for the answer to y/n questions
      (LP: #1130460)
  * src/utils/ecryptfs_rewrap_passphrase.c:
    - Handle errors when interactively reading the new wrapping passphrase
      and the confirmation from stdin. Fixes a segfault (invalid memory read)
      in ecryptfs-rewrap-passphrase if there was an error while reading either
      of these passphrases.
  * configure.ac:
    - Set AM_CPPFLAGS to always include config.h as the first include file.
      Some .c files correctly included config.h before anything else. The
      majority of .c files got this wrong by including it after other header
      files, including it multiple times, or not including it at all.
      Including it in the AM_CPPFLAGS should solve these problems and keep
      future mistakes from happening in new source files.
    - Enable large file support (LFS) through the use of the AC_SYS_LARGEFILE
      autoconf macro. ecryptfs-utils has been well tested with LFS enabled
      because ecryptfs-utils is being built with
      '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' in Debian-based distros.
      This is mainly needed for some of the in-tree regression tests but
      ecryptfs-utils, in general, should be built with LFS enabled.
  * debian/rules:
    - Don't append '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' to the CFLAGS
      now that the upstream build enables LFS
  * tests/userspace/lfs.sh, tests/userspace/lfs/test.c:
    - Add a test to verify that LFS is enabled. This test is run under the
      make check target.
  * tests/kernel/enospc/test.c:
    - Fix test failures on 32 bit architectures due to large file sizes
      overflowing data types
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-swap: LP: #1172014
    - write crypttab entry using UUID
  * src/utils/ecryptfs-recover-private: LP: #1028532
    - error out, if we fail to mount the private data correctly
  [ Colin King and Dustin Kirkland ]
  * configure.ac, src/daemon/main.c, src/libecryptfs/cmd_ln_parser.c,
    src/libecryptfs/decision_graph.c, src/utils/mount.ecryptfs.c,
    tests/kernel/trunc-file/test.c:
    - remove some dead code, fix some minor issues raised by Coverity
  [ Tyler Hicks ]
  * debian/rules:
    - Use dpkg-buildflags to inject distro compiler hardening flags into the
      build. This also fixes the hardening-no-fortify-functions lintian
      warnings.
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
    doc/manpage/ecryptfs-find.1, doc/manpage/ecryptfs-generate-tpm-
    key.1, doc/manpage/ecryptfs-insert-wrapped-passphrase-into-
    keyring.1, doc/manpage/ecryptfs-manager.8, doc/manpage/ecryptfs-
    migrate-home.8, doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
    passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
    swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
    private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
    doc/manpage/ecryptfs-verify.1, doc/manpage/ecryptfs-wrap-
    passphrase.1, doc/manpage/Makefile.am, doc/manpage/mount.ecryptfs.8,
    doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
    doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1, src/desktop/ecryptfs-find =>
    src/utils/ecryptfs-find, src/desktop/Makefile.am,
    src/utils/Makefile.am:
    - add 3 new manpages, for ecryptfs-find, ecryptfs-verify, and
      ecryptfs-migrate-home
    - Add SEE ALSO section to manpages which were missing it
    - Mention "Debian and Ubuntu" in license location
    - move the ecryptfs-find utility to the proper location in src/utils
  * src/utils/Makefile.am:
    - fix broken build
  * debian/ecryptfs-utils.links:
    - link no longer needed for ecryptfs-find
  [ Colin King ]
  * === added directory tests/kernel/mmap-bmap, === added directory
    tests/kernel/xattr, tests/kernel/link.sh, tests/kernel/Makefile.am,
    tests/kernel/mknod.sh, tests/kernel/mmap-bmap.sh, tests/kernel/mmap-
    bmap/test.c, tests/kernel/tests.rc, tests/kernel/xattr.sh,
    tests/kernel/xattr/test.c:
    - ran the current eCryptfs tests on 3.8-rc4 with kernel gcov enabled
      and spotted a few trivial areas where it would be useful to up the
      test coverage on the code
    - so here are a few very simple additional tests to exercise eCryptfs
      a little further
  [ Dustin Kirkland ]
  * debian/control:
    - bump standards, no change
  [ Tyler Hicks ]
  * autogen.sh, scripts/release.sh, Makefile.am:
    - Break out the autoreconf and intltoolize commands from release.sh into
      an executable autogen.sh
    - Use the --copy option when invoking intltoolize
    - Include the new autogen.sh script in the release tarball
  * debian/rules, debian/control:
    - Use dh-autoreconf so that upstream sources can easily be used to build
      packages for all the stable Ubuntu releases in the ecryptfs-utils daily
      build PPA
    - Override the dh_autoreconf target by running the autogen.sh script
    - Drop Build-Depends on autotools-dev since dh-autoreconf is a superset of
      autotools-dev
    - Drop Build-Depends on autoconf, automake, and libtool since
      dh-autoreconf depends on all of these packages
  * m4/ac_python_devel.m4:
    - Fix FTBFS in Raring Ringtail due to multiarch Python. Be sure to include
      platform specific Python include directions in SWIG_PYTHON_CPPFLAGS.
  * src/utils/mount.ecryptfs_private.c:
    - Fix conditionals when checking whether to remove authentication tokens
      from the kernel keyring upon umount. This conditional was incorrectly
      modified in ecryptfs-utils-101, yet the authentication tokens still seem
      to be removed from the kernel keyring so it isn't clear if there was
      actually a user-facing regression.
    - Pass the FEKEK sig, rather than the FNEK sig, to
      ecryptfs_private_is_mounted()
    - Restore behavior of not printing error messages to syslog when
      unmounting and keys cannot be found in the kernel keyring.
    - Restore behavior of printing a useful error message about
      ecryptfs-mount-private when mounting and keys cannot be found in the
      kernel keyring
    - Fix memory leak and clean up free()'s in an error path
    - Use pointer assignment tests, rather than strlen(), to determine which
      key signatures were fetched
  * src/daemon/main.c, src/include/ecryptfs.h,
    src/libecryptfs/{Makefile.am,messaging.c,miscdev.c,netlink.c,sysfs.c},
    doc/manpage/ecryptfsd.8, doc/design_doc/ecryptfs_design_doc_v0_2.tex:
    - Remove netlink messaging interface support
    - Netlink messaging support was superceded by the miscdev interface
      (/dev/ecryptfs) in upstream kernel version 2.6.26 in July, 2008
    - Netlink messaging support was completely removed from the upstream
      kernel starting with version 2.6.32 in December, 2009
  * src/jprobes/*, scripts/delete-cruft.sh:
    - Remove all jprobes code, as I don't use jprobes to debug eCryptfs kernel
      issues and I don't like the idea of maintaining these jprobes outside of
      the kernel tree
  * src/escrow/*:
    - Remove all escrow code, as it isn't used or maintained
  * tests/kernel/llseek.sh, tests/kernel/llseek/test.c,
    tests/userspace/wrap-unwrap.sh, tests/userspace/wrap-unwrap/test.c:
    - Migrate some old testcases over to the modern test framework
  * tests/lib/etl_funcs.sh:
    - Update etl_create_test_dir() to allow a parent directory to be specified
      when creating the directory
  * src/testcases:
    - Delete old testcases that were either too basic, covered by more
      extensive tests in the modern test framework, or just didn't work
  [ Nobuto MURATA ]
  * src/desktop/ecryptfs-record-passphrase:
  [ Eric Lammerts ]
  * src/libecryptfs/sysfs.c: LP: #1007880
    - Handle NULL mnt pointer when sysfs is not mounted
  [ Tyler Hicks ]
  * src/utils/ecryptfs-migrate-home: LP: #1026180
    - Correct minor misspelling
  * src/utils/ecryptfs-recover-private: LP: #1004082
    - Fix option parsing when --rw is specified
  * src/utils/ecryptfs-recover-private: LP: #1028923
    - Simplify success message to prevent incorrectly reporting that a
      read-only mount was performed when the --rw option is specified
  * tests/lib/etl_func.sh:
    - Add test library function to return a lower path from an upper path,
      based on inode numbers
  * tests/kernel/mmap-close.sh, tests/kernel/mmap-close/test.c:
    - Add regression test for open->mmap()->close()->dirty memory->munmap()
      pattern
  * tests/kernel/lp-561129.sh:
    - Add test for checking that a pre-existing target inode is properly
      evicted after a rename
  * tests/README:
    - Add documentation on the steps to take when adding new test cases
  [ Colin King ]
  * tests/kernel/lp-911507.sh:
    - Add test case for initializing empty lower files during open()
  * tests/kernel/lp-872905.sh:
    - Add test case to check for proper unlinking of lower files when
      lower file initialization fails
  * src/key_mod/ecryptfs_key_mod_openssl.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    src/libecryptfs/key_management.c,
    src/utils/mount.ecryptfs_private.c, src/utils/umount.ecryptfs.c:
    - address some issues raised by smatch static analysis
    - fix some memory leaks with frees
    - fix some pointer refs and derefs
    - fix some comment typos
  [ Dustin Kirkland ]
  * src/libecryptfs/key_management.c:
    - silence pam error message when errno == EACCES
      + "Error attempting to parse .ecryptfsrc file; rc = [-13]"
  * src/utils/mount.ecryptfs_private.c: LP: #1052038
    - fix race condition, which typically manifests itself with a user
      saying that their home directory is not accessible, or that their
      filenames are not decrypted
    - the root of the problem is that we were reading the signature file,
      ~/.ecryptfs/Private.sig, twice; in some cases, the first one succeeds,
      so the file encryption signature is read and key is loaded, but then
      some other process (usually from PAM, perhaps a cron job or a
      subsequent login) mounts the home directory before the filename
      encryption key is loaded; thus, $HOME is mounted but filenames are
      not decrypted, so the second read of ~/.ecryptfs/Private.sig fails
      as that file is not found
    - the solution is to rework the internal fetch_sig() function and read
      one or both signatures within a single open/read/close operation of
      the file
    - free memory used by char **sig on failure
  * debian/copyright:
    - fix lintian warning
  [ Tyler Hicks ]
  * src/pam_ecryptfs/pam_ecryptfs.c, src/libecryptfs/key_management.c:
      LP: #1024476
    - fix regression introduced in ecryptfs-utils-99 when Encrypted
      Home/Private is in use and the eCryptfs kernel code is compiled as a
      module
    - drop check for kernel filename encryption support in pam_ecryptfs, as
      appropriate privileges to load the eCryptfs kernel module may not be
      available and filename encryption has been supported since 2.6.29
    - always add filename encryption key to the kernel keyring from pam_mount
  [ Colin King ]
  * tests/kernel/inode-race-stat/test.c:
    - limit number of forks based on fd limits
  * tests/kernel/enospc.sh, tests/kernel/enospc/test.c,
    tests/kernel/Makefile.am, tests/kernel/tests.rc:
    - add test case for ENOSPC
  [ Tim Harder ]
  * m4/ac_python_devel.m4: LP: #1029217
    - proplery save and restore CPPFLAGS and LIBS when python support is
      enabled
  [ Dustin Kirkland ]
  * debian/ecryptfs-utils.postinst: LP: #936093
    - ensure desktop file is executable
  [ Wesley Wiedenmeier ]
  * src/utils/mount.ecryptfs.c: LP: #329264
    - remove old hack, that worked around a temporary kernel regression;
      ensure that all mount memory is mlocked
  [ Sebastian Krahmer ]
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #732614
    - drop group privileges in the same places that user privileges are
      dropped
    - check return status of setresuid() calls and return if they fail
    - drop privileges before checking for the existence of
      ~/.ecryptfs/auto-mount to prevent possible file existence leakage
      by a symlink to a path that typically would not be searchable by
      the user
    - drop privileges before reading salt from the rc file to prevent the
      leakage of root's salt and, more importantly, using the incorrect salt
    - discovered, independently, by Vasiliy Kulikov and Sebastian Krahmer
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #1020904
    - after dropping privileges, clear the environment before executing the
      private eCryptfs mount helper
    - discovered by Sebastian Krahmer
  * src/utils/mount.ecryptfs_private.c: LP: #1020904
    - do not allow private eCryptfs mount aliases to contain ".." characters
      as a preventative measure against a crafted file path being used as an
      alias
    - force the MS_NOSUID mount flag to protect against user controlled lower
      filesystems, such as an auto mounted USB drive, that may contain a
      setuid-root binary
      + CVE-2012-3409
    - force the MS_NODEV mount flag
    - after dropping privileges, clear the environment before executing umount
    - discovered by Sebastian Krahmer
  [ Tyler Hicks ]
  * src/libecryptfs/key_management.c: LP: #732614
    - zero statically declared buffers to prevent the leakage of stack
      contents in the case of a short file read
    - discovered by Vasiliy Kulikov
  * src/libecryptfs/module_mgr.c, src/pam_ecryptfs/pam_ecryptfs.c:
    - fix compiler warnings
  [ Dustin Kirkland ]
  * debian/ecryptfs-utils.prerm:
    - drop the pre-removal ERRORs down to WARNINGs
    - these have caused a ton of trouble; whatever is causing ecryptfs-utils
      to be marked for removal should be fixed; but ecryptfs exiting 1 seems
      to be causing more trouble than it's worth
    - LP: #871021, #812270, #988960, #990630, #995381, #1010961
  * doc/ecryptfs-faq.html:
    - update the frequently asked questions, which haven't seen much
      attention in a while now
    - drop a few references to sourceforge
  * doc/ecryptfs-pam-doc.txt, doc/manpage/fr/ecryptfs-add-passphrase.1,
    doc/manpage/fr/ecryptfs-generate-tpm-key.1, doc/manpage/fr/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-
    mount-private.1, doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
    doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
    umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
    doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
    zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
    doc/sourceforge_webpage/ecryptfs-article.pdf,
    doc/sourceforge_webpage/ecryptfs_design_doc_v0_1.pdf,
    doc/sourceforge_webpage/ecryptfs-faq.html,
    doc/sourceforge_webpage/ecryptfs-key-diagram-356.png,
    doc/sourceforge_webpage/ecryptfs-key-diagram-640.png,
    doc/sourceforge_webpage/ecryptfs-pageuptodate-call-graph.png,
    doc/sourceforge_webpage/ecryptfs-pam-doc.txt,
    doc/sourceforge_webpage/ecryptfs.pdf,
    doc/sourceforge_webpage/index.html, doc/sourceforge_webpage/README,
    === removed directory doc/manpage/fr, === removed directory
    doc/sourceforge_webpage, rpm/ecryptfs-utils.spec:
    - remove some deprecated documentation
    - fish it out of bzr, if we ever need it again, but let's
      quit publishing it in our release tarballs
  [ Kees Cook ]
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #938326
    - exit, rather than return to prevent duplicate processes
  [ Andreas Raster ]
  * src/desktop/ecryptfs-find:
    - $mounts was quoted once too often
  [ George Wilson ]
  * src/key_mod/ecryptfs_key_mod_openssl.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    src/key_mod/ecryptfs_key_mod_tspi.c: LP: #937331
    - IBM would like to grant a license exception for key modules that
      require linking to OpenSSL. The change should make the modules
      shippable by Linux distributions
  [ Dustin Kirkland ]
  * debian/copyright:
    - note the GPLv2 SSL exception granted by IBM for the key modules
  * debian/control, debian/copyright, doc/manpage/ecryptfs.7,
    doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
    doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
    manager.8, doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
    passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
    swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
    private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
    doc/manpage/ecryptfs-wrap-passphrase.1,
    doc/manpage/mount.ecryptfs.8, doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/pam_ecryptfs.8, doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1, README,
    src/utils/mount.ecryptfs.c:
    - use the new ecryptfs.org website where appropriate
  * debian/control:
    - update to suggest zescrow-client
  [ Sergio Peña ]
  * src/libecryptfs/cipher_list.c: LP: #922821
    - add the new name of the blowfish cipher (linux >= 3.2)
  * src/include/ecryptfs.h, src/libecryptfs/main.c,
    src/utils/mount.ecryptfs.c: LP: #917509
    - use execl() to mount ecryptfs
    - this allows us to support any arbitrary mount options in
      /etc/fstab
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7:
    - Remove the note saying that the passphrase and openssl key modules are
      available by default. That's true upstream but not always true in distro
      builds.
  * tests/run_tests.sh:
    - Make upper and lower mount point arguments optional by automatically
      creating directories in /tmp by default.
    - Make it possible to run only userspace tests without having to specify
      unused mount information
    - Accept a comma-separated list of lower filesystems to test on and loop
      through all kernel tests for each lower filesystem
    - Accept a comma-separated list of tests to run
  * tests/lib/etl_funcs.sh:
    - Unset $ETL_DISK just before etl_remove_disk() successfully returns
  * tests/userspace/Makefile.am:
    - Also build 'make check' tests when building with --enable-tests
  * include/ecryptfs.h, libecryptfs/Makefile.am,
    libecryptfs/cipher_list.c, libecryptfs/module_mgr.c,
    utils/io.h: LP: #994813
    - remove overly complicated implementation to detect what ciphers
      are supported by the currently running kernel's crypto api
    - prompt for the entire supported cipher list, if the user selects a
      cipher that their kernel doesn't support, the mount will fail
      and the kernel will write an error message to the syslog
  * src/libecryptfs/module_mgr.c:
    - Use correct blowfish block size when displaying supported ciphers to
      the user
  * tests/kernel/lp-1009207.sh, tests/kernel/Makefile.am,
    tests/kernel/tests.rc:
    - Add simple test case for incorrect handling of umask and default POSIX
      ACL masks
  * tests/kernel/lp-994247.sh, tests/kernel/lp-994247/test.c,
    tests/kernel/Makefile.am, tests/kernel/tests.rc:
    - Add test case for incorrect handling of open /dev/ecryptfs file
      descriptors that are passed or inherited by other processes
  [ Colin King ]
  * tests/lib/etl_funcs.sh:
    - etl_lumount() should use DST rather than SRC dir so it can run on Lucid
    - use file system appropriate mkfs force flag
    - cater for correct ext2 default mount flags
  * tests/kernel/lp-509180.sh, tests/kernel/lp-509180/test.c:
    - test for trailing garbage at end of files
  * tests/kernel/lp-524919.sh, tests/kernel/lp-524919/test.c:
    - test case for checking lstat/readlink size
  * tests/kernel/lp-870326.sh, tests/kernel/lp-870326/test.c:
    - test case for open(), mmap(), close(), modify mmap'd region
  * tests/kernel/lp-469664.sh:
    - test case for lsattr
  * tests/kernel/lp-613873.sh:
    - test case for stat modify time
  * tests/kernel/lp-745836.sh:
    - test case for clearing ECRYPTFS_NEW_FILE flag during truncate
  * tests/lib/etl_funcs.sh, tests/kernel/extend-file-random.sh,
    tests/kernel/trunc-file.sh (LP: #1007159):
    - Add test library function for estimating available space in lower fs
    - Use new library function in tests that need to create large files
  [ Colin Watson ]
  * src/utils/ecryptfs-setup-swap: Skip /dev/zram* swap devices
    LP: #979350
  [ Serge Hallyn ]
  * src/utils/mount.ecryptfs_private.c:
    - EoL fixes
  [ Dustin Kirkland ]
  * CONTRIBUTING:
    - added a new file to describe how to contribute to ecryptfs
  * === added directory img/old, img/old/ecryptfs_14.png,
    img/old/ecryptfs_192.png, img/old/ecryptfs_64.png:
    - saving the old logos/branding for posterity
  * debian/copyright, img/COPYING:
    - added CC-by-SA 3.0 license
    - use the text version
  * img/ecryptfs_14.png, img/ecryptfs_192.png, img/ecryptfs_64.png:
    - added scaled copies of images used for Launchpad.net branding
  * src/utils/ecryptfs-recover-private: LP: #847505
    - add an option to allow user to enter the mount passphrase,
      in case they've recorded that, but forgotten their login
      passphrase
  * src/libecryptfs/sysfs.c: LP: #802197
    - default sysfs to /sys, if not found in /etc/mtab
    - it seems that reading /etc/mtab for this is outdated
    - ensure that ecryptfs works even if there is no sysfs entry
      in /etc/mtab
  * src/key_mod/ecryptfs_key_mod_tspi.c: LP: #462225
    - fix TPM and string_to_uuid 64bits issue
    - thanks to Janos for the patch
  [ Tyler Hicks ]
  * CONTRIBUTING:
    - clarified how to contribute to the ecryptfs kernel module
  * tests/lib/etl_funcs.sh:
    - created eCryptfs test library of bash functions for use in test
      cases and test harnesses
  * test/etl_add_passphrase_key_to_keyring.c:
    - created a C helper program to allow bash scripts to interface to
      the libecryptfs function that adds passphrase-based keys to the
      kernel keyring
  * tests/kernel/tests.rc, tests/userspace/tests.rc:
    - created a test case category files for test harnesses to source
      when running testcases of a certain category (destructive, safe,
      etc.)
  * tests/run_tests.sh:
    - created a test harness to run eCryptfs test cases
  * tests/kernel/miscdev-bad-count.sh,
    tests/kernel/miscdev-bad-count/test.c:
    - created test case for miscdev issue reported to mailing list
  * tests/kernel/lp-885744.sh:
    - created test case for pathconf bug
  * tests/kernel/lp-926292.sh:
    - created test case for checking stale inode attrs after setxattr
  * tests/new.sh:
    - created new test case template to copy from
  * tests/userspace/verify-passphrase-sig.sh,
    tests/userspace/verify-passphrase-sig/test.c:
    - created test case, for make check, to test the creation of
      passphrase-based fekeks and signatures
  * configure.ac, Makefile.am, tests/Makefile.am, tests/lib/Makefile.am,
    tests/kernel/Makefile.am, tests/userspace/Makefile.am:
    - updated and created autoconf/automake files to build the new tests
      directory
    - added make check target
  [ Eddie Garcia ]
  * img/*: LP: #907131
    - contributing a new set of logos and branding under the CC-by-SA3.0
      license
  [ Colin King ]
  * tests/kernel/extend-file-random.sh,
    tests/kernel/extend-file-random/test.c:
    - Test to randomly extend file size, read/write + unlink
  * tests/kernel/trunc-file.sh, tests/kernel/trunc-file/test.c:
    - Test to exercise file truncation
  * tests/kernel/directory-concurrent.sh,
    tests/kernel/directory-concurrent/test.c:
    - test for directory creation/deletion races with multiple processes
  * tests/kernel/file-concurrent.sh,
    tests/kernel/file-concurrent/test.c:
    - test for file creation/truncation/unlink races with multiple
      processes
  * tests/kernel/inotify.sh, tests/kernel/inotify/test.c:
    - test for proper inotify support
  * tests/kernel/mmap-dir.sh, tests/kernel/mmap-dir/test.c:
    - test that directory files cannot be mmap'ed
  * tests/kernel/read-dir.sh, tests/kernel/read-dir/test.c:
    - test that read() on directory files returns the right error
  * tests/kernel/setattr-flush-dirty.sh:
    - test that the modified timestamp isn't clobbered in writeback
  * tests/kernel/inode-race-stat.sh, tests/kernel/inode-race-stat/test.c:
    - test for inode initialization race condition
  [ Serge Hallyn ]
  * fix infinite loop on arm: fgetc returns an int, and -1 at end of
    options. Arm makes char unsigned. (LP: #884407)
  [ Dustin Kirkland ]
  * debian/compat, debian/control, debian/ecryptfs-utils.install,
    debian/ecryptfs-utils.lintian-overrides,
    debian/libecryptfs0.install, debian/libecryptfs-dev.install,
    debian/lintian/ecryptfs-utils, debian/python-ecryptfs.install,
    debian/rules, debian/source/options, doc/ecryptfs-pam-doc.txt,
    doc/manpage/ecryptfs-setup-private.1, lintian/ecryptfs-utils, ===
    removed directory debian/lintian:
    - merge a bunch of packaging changes from Debian's Daniel Baumann
    - fixes LP: #800647
  * scripts/release.sh:
    - minor release fixes
  [ Dustin Kirkland ]
  * scripts/release.sh:
    - fix release script
    - bump ubuntu release
  * doc/manpage/ecryptfs-recover-private.1, src/utils/ecryptfs-migrate-
    home (properties changed: -x to +x), src/utils/ecryptfs-recover-
    private:
    - add a --rw option for ecryptfs-recover-private
  * src/utils/ecryptfs-migrate-home: LP: #820416
    - show progress on rsync
  * debian/ecryptfs-utils.ecryptfs-utils-restore.upstart,
    debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
    src/utils/ecryptfs-migrate-home,
    src/utils/ecryptfs-setup-private: LP: #883238
    - remove 2 upstart scripts, which attempted to "save" users who didn't
      login after migrating their home; instead, we now require the root
      user to enter user passwords at migration time
  * debian/copyright, debian/ecryptfs-utils.ecryptfs-utils-
    restore.upstart, debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
    doc/manpage/ecryptfs.7, doc/manpage/ecryptfs-add-passphrase.1,
    doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
    mount-private.1, doc/manpage/ecryptfs-recover-private.1,
    doc/manpage/ecryptfs-rewrap-passphrase.1, doc/manpage/ecryptfs-
    rewrite-file.1, doc/manpage/ecryptfs-setup-private.1,
    doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
    doc/manpage/ecryptfs-umount-private.1, doc/manpage/ecryptfs-unwrap-
    passphrase.1, doc/manpage/ecryptfs-wrap-passphrase.1,
    doc/manpage/fr/ecryptfs-add-passphrase.1, doc/manpage/fr/ecryptfs-
    generate-tpm-key.1, doc/manpage/fr/ecryptfs-insert-wrapped-
    passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-mount-private.1,
    doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
    doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
    umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
    doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
    zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
    doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
    doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1,
    src/pam_ecryptfs/pam_ecryptfs.c,
    src/utils/ecryptfs_add_passphrase.c,
    src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    src/utils/ecryptfs-migrate-home, src/utils/ecryptfs-mount-private,
    src/utils/ecryptfs-recover-private,
    src/utils/ecryptfs_rewrap_passphrase.c, src/utils/ecryptfs-rewrite-
    file, src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-
    swap, src/utils/ecryptfs-umount-private,
    src/utils/ecryptfs_unwrap_passphrase.c,
    src/utils/ecryptfs_wrap_passphrase.c:
    - update some email addresses, moving kirkland@canonical.com ->
      kirkland@ubuntu.com (which I can still read)
  * src/libecryptfs/key_management.c: LP: #715066
    - fix 2 places where we were handling
      ecryptfs_add_passphrase_key_to_keyring() inconsistently
    - if we're trying to add a key to the keyring, and it's already there,
      treat that as "success"
  * debian/control:
    - ecryptfs-setup-swap is strongly recommended, which depends on
      cryptsetup; so promote cryptsetup from suggests -> recommends
  [ Stephan Ritscher and Tyler Hicks ]
  * src/libecryptfs/cmd_ln_parser.c: LP: #683535
    - fix passphrase_passwd_fd for pipes
    - handle memory allocation failures
    - free memory in error paths
  [ Arfrever Frehtes Taifersar Arahesis ]
  * configure.ac: LP: #893327
    - no need to check for python, if --disable-pywrap is passed
  * src/utils/ecryptfs-verify, src/utils/Makefile.am:
    - add an ecryptfs-verify utility, LP: #845738
  * src/testcases/write-read.sh:
    - added a write/read test utility
  * doc/manpage/ecryptfs-mount-private.1, doc/manpage/ecryptfs-setup-
    private.1, doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/umount.ecryptfs_private.1: LP: #882267
    - remove inaccurate documentation about being a member of the ecryptfs
      group
  * src/utils/ecryptfs-setup-private: LP: #882314
    - fix preseeded encrypted home Ubuntu installations (thanks Timo!)
  * src/libecryptfs/key_management.c: LP: #725862
    - fix nasty bug affecting users who do *not* encrypt filenames;
      the first login works, but on logout, only one key gets
      cleaned out; subsequent logins do not insert the necessary key
      due to an early "goto out"; this fix needs to be SRU'd
  * debian/rules: LP: #586281
    - fix perms on desktop mount file
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #838471
    - rework syslogging to be less noisy and note pam_ecryptfs
  [ Diego E. "Flameeyes" Pettenò ]
  * configure.ac:
    - fix reliance on nss-config, which hinders cross-compilation
  [ Marc Deslauriers ]
  * src/utils/mount.ecryptfs_private.c:
  * SECURITY UPDATE: wrong mtab ownership and permissions (LP: #830850)
    - debian/patches/CVE-2011-3145.patch: also set gid and umask before
      updating mtab in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-3145
  [ Marc Deslauriers ]
  * SECURITY UPDATE: privilege escalation via mountpoint race conditions
    (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
      before checking permissions in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1831
    - CVE-2011-1832
  * SECURITY UPDATE: race condition when checking source during mount
    (LP: #732628)
    - debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
      kernel option when mounting directory in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1833
  * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
      file first and make sure it succeeds before replacing the real mtab
      in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1834
  * SECURITY UPDATE: key poisoning via insecure temp directory handling
    (LP: #732628)
    - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
      user controlled directory in src/utils/ecryptfs-setup-private.
    - CVE-2011-1835
  * SECURITY UPDATE: information disclosure via recovery mount in /tmp
    (LP: #732628)
    - debian/patches/CVE-2011-1836.patch: mount inside protected
      subdirectory in src/utils/ecryptfs-recover-private.
    - CVE-2011-1836
  * SECURITY UPDATE: arbitrary file overwrite via lock counter race
    condition (LP: #732628)
    - debian/patches/CVE-2011-1837.patch: verify permissions with a file
      descriptor, and don't follow symlinks in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1837
  [ Dustin Kirkland ]
  * debian/control:
    - add missing build dependency needed for release
  * doc/manpage/ecryptfs-wrap-passphrase.1: fix minor error in manpage
  * src/desktop/ecryptfs-find, src/desktop/Makefile.am: LP: #799157
    - add a tool, /usr/share/ecryptfs-utils/ecryptfs-find that can
      help find cleartext/encrypted filenames by inode number
  * src/desktop/ecryptfs-find:
    - test file exists first; ditch the match;
      search all ecryptfs mounts that user can read/traverse
  * debian/ecryptfs-utils.links:
    - add a symlink for Ubuntu
  * scripts/release.sh:
    - improve release script
  [ Serge Hallyn ]
  * Fix from Christophe Dumez: mount.ecryptfs_private: Do not attempt to
    update mtab if it is a symbolic link. (LP: #789888)
  * src/utils/mount.ecryptfs_private.c:
    - reduce the window size for the TOCTOU race;
      does not entirely solve LP: #732628, which is going to need to be
      fixed in the kernel with some heavy locking
  * debian/control: update urls
  * src/utils/ecryptfs-mount-private: LP: #725862
    - fix ecryptfs-mount-private to insert only the fek, if filename
      encryption is disabled
  [ Paolo Bonzini <pbonzini@redhat.com> ]
  * src/utils/ecryptfs-setup-private: update the Private.* selinux
    contexts
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-private:
    - add -p to mkdir, address noise for a non-error
    - must insert keys during testing phase, since we remove keys on
      unmount now, LP: #725862
  * src/utils/ecryptfs_rewrap_passphrase.c: confirm passphrases in
    interactive mode, LP: #667331
  [ Jakob Unterwurzacher ]
  * src/pam_ecryptfs/pam_ecryptfs.c:
    - check if this file exists and ask the user for the wrapping passphrase
      if it does
    - eliminate both ecryptfs_pam_wrapping_independent_set() and
      ecryptfs_pam_automount_set() and replace with a reusable
      file_exists_dotecryptfs() function
  [ Serge Hallyn and Dustin Kirkland ]
  * src/utils/mount.ecryptfs_private.c:
    - support multiple, user configurable private directories by way of
      a command line "alias" argument
    - this "alias" references a configuration file by the name of:
      $HOME/.ecryptfs/alias.conf, which is in an fstab(5) format,
      as well as $HOME/.ecryptfs/alias.sig, in the same format as
      Private.sig
    - if no argument specified, the utility operates in legacy mode,
      defaulting to "Private"
    - rename variables, s/dev/src/ and s/mnt/dest/
    - add a read_config() function
    - add an alias char* to replace the #defined ECRYPTFS_PRIVATE_DIR
    - this is half of the fix to LP: #615657
  * doc/manpage/mount.ecryptfs_private.1: document these changes
  * src/libecryptfs/main.c, src/utils/mount.ecryptfs_private.c:
    - allow umount.ecryptfs_private to succeed when the key is no
      longer in user keyring.
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-recover-private: clean sigs of invalid characters
  * src/utils/mount.ecryptfs_private.c:
    - fix bug LP: #313812, clear used keys on unmount
    - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from
      umount.ecryptfs behave similarly
    - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek
  [ presgas@gmail.com ]
  * src/utils/ecryptfs-migrate-home:
    - support user databases outside of /etc/passwd, LP: #627506
  * src/desktop/ecryptfs-record-passphrase: fix typo, LP: #524139
  * debian/rules, debian/control:
    - disable the gpg key module, as it's not yet functional
    - clean up unneeded build-deps
    - also, not using opencryptoki either
  * doc/manpage/ecryptfs.7: fix minor documentation bug, reported by
    email by Jon 'maddog' Hall
  * doc/manpage/ecryptfs-recover-private.1, doc/manpage/Makefile.am,
    po/POTFILES.in, src/utils/ecryptfs-recover-private,
    src/utils/Makefile.am: add a utility to simplify data recovery
    of an encrypted private directory from a Live ISO, LP: #689969
  [ David Planella ]
  * Makefile.am, configure.ac, debian/control, debian/po/POTFILES.sh,
    debian/po/ecryptfs-utils.pot, debian/po/fr.po, debian/rules,
    po/POTFILES.in, src/desktop/Makefile.am,
    src/desktop/ecryptfs-mount-private.desktop,
    src/desktop/ecryptfs-mount-private.desktop.in,
    src/desktop/ecryptfs-record-passphrase,
    src/desktop/ecryptfs-setup-private.desktop,
    src/desktop/ecryptfs-setup-private.desktop.in:
    - internationalization work for LP: #358283
  * po/LINGUAS, po/ca.po: Catalan translation
  [ Yan Li <yan.i.li@intel.com> ]
  * src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/ecryptfs-migrate-home: add a script and pam hooks to
    support automatic migration to encrypted home directory
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-migrate-home: clean up for merge
    - use $() rather than ``
    - drop set -u
    - use = and !=, and quote vars, rather than testing with -ne, -eq,
      for better shell portability
    - improve usage statement and error text
    - check if already encrypted
    - handle migration of multiple users on boot
    - fix all whitespace, use tabs for indents
    - use quotes around variables, rather than ${} (stylistic preference)
    - major simplification for immediate release
      + remove boot and user modes; only support administrator mode for
        security reasons and to avoid race conditions
      + other modes can be re-added, if necessary, and if security
        concerns can be addressed
    - ensure running as root
    - drop VERBOSE option, always print useful info messages
    - call the user $USER_NAME rather than $USER_ID since id implies
      number, and here we're deailing with names
    - no decimals on awk calculation
    - mktemp on the target user, not root
    - check that there is enough disk space available to do the migration
    - ensure the user's homedir group is correct
    - add critical instructions, user *must* login after the migration and
      before the reboot, as their wrapped passphrase will be cleared on
      reboot (possible we should use an init script to move these to
      /var/tmp on reboot)
    - ensure permissions are set correctly
    - improve text at the end of the migration, organize into notes
  * ecryptfs-utils.ecryptfs-utils-restore.upstart,
    ecryptfs-utils.ecryptfs-utils-save.upstart, rules:
    - try to protect migrating users who don't login before the next reboot
  * debian/ecryptfs-utils.install: install the locale messages
  * src/desktop/ecryptfs-record-passphrase: improve dialog text
  * src/desktop/ecryptfs-record-passphrase: revert the _ bit, as it's not quite
    working yet, will need to talk to David to fix
  * src/utils/ecryptfs-setup-private: fix bug where setup-private
    incorrectly assumed that the home/private dir ownerships should
    be owned by USER:USER; instead, default to USER:GROUP, where
    GROUP is the USER's primary group by default, LP: #445301
  * src/utils/ecryptfs-setup-private, debian/control: LP: #456565
    - fix typo, s/getext/gettext
    - depend on gettext-base
  * src/utils/ecryptfs-setup-private: fix printing of error strings,
    which was broken by the gettext integration, LP: #471725;
    in doing so, use $() in place of ``, use '' for gettext arguments,
    and wrap gettext in "", like this: foo="$(gettext 'blah blah')"
  * debian/control: one package per line, helps tremendously when looking
    at diffs
  * debian/copyright: Add new fields
  * debian/ecryptfs-utils.postinst: minor set -e change
  [ Michael Terry ]
  * src/utils/ecryptfs-setup=swap: clean up some error message reporting,
    LP: #430891, #430890
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs.7: note the 64-char passphrase limit, LP: #386504
  * src/utils/ecryptfs-setup-private: minor documentation change
  [ Evan Dandrea ]
  * src/utils/ecryptfs-setup-swap: allow for setting up encrpyted swap,
    without activating it immediately, necessary for livecd installations
  [ Dustin Kirkland ]
  * debian/control: updated bzr and browser urls, bumped standards version
  * src/pam_ecryptfs/pam_ecryptfs.c: silence useless, oft-shown info
    message
  * src/utils/ecryptfs-mount-private, src/utils/ecryptfs-rewrite-file,
    src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-swap,
    src/utils/ecryptfs-umount-private: use gettext for all string printing,
    such that we can internationalize ecryptfs
  * po/POTFILES.sh, po/ecryptfs-utils.pot, po/fr.po, rules: add po to the
    build system; for now, in the debian/ directory; this should be put in
    the upstream source tree eventually (but I need some help with the
    automake/autoconf integration)
  * ecryptfs-setup-swap: exit(0) if there's no swaps to encrypt, ensures
    that this script succeeds if there is no swap space that needs to be
    secured, or if the existing swap space is already secured
  * doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
    doc/manpage/umount.ecryptfs.8, doc/manpage/Makefile.am: added manpagess
  * doc/manpage/ecryptfs.7: fix lintian warning
  * debian/lintian/ecryptfs-utils: added a lintian overrides file
  * debian/lintian/ecryptfs-utils, debian/ecryptfs-utils.install: add and
    install some proper lintian overrides
  * src/libecryptfs/module_mgr.c: fix typo, LP: #408437
  [ Evan Dandrea ]
  * ecryptfs-setup-swap: support more than one encrypted swap device
  [ Dorin Scutarașu ]
  * src/libecryptfs/key_management.c: fix null pointer deref, LP: #409565
  [ James Westby ]
  * src/libecryptfs/main.c flockfile the filehandle after checking that
    we were able to successfully open it (LP: #403011)
  * debian/libecryptfs0.shlibs: bump shlibs dep to 77 since we added new
    symbols there
  [ Dustin Kirkland ]
  * src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c:
    revert the zombie code removal from pam_ecryptfs as it seems this
    bit is still needed; fix the source of the problem introduced in
    commit r407; check for non-zero return codes; this problem would
    manifest itself as a) unable to unlock screensaver, b) unable to
    switch users, c) unable to mount home folder on initial login;
    LP: #402222, #402029
  * src/utils/ecryptfs-umount-private: use for loop to loop over key
    ids on removal
  * src/utils/mount.ecryptfs_private.c: return non-zero on unmount failure
    due to open sessions; handle this in ecryptfs-umount-private too; make
    the flock() blocking; use /dev/shm for counter; add an iterator to the
    counter file to prevent users from DoS'ing one another from accessing
    their encrypted directories, LP: #402745
  * debian/ecryptfs-utils.postinst: move /tmp counters to /dev/shm
  * configure.ac: link against pam, silence shlib warning
  * src/include/ecryptfs.h, src/libecryptfs/main.c,
    src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/mount.ecryptfs_private.c: move two functions from
    mount.ecryptfs_private to libecryptfs, namely is_mounted() and
    fetch_private_mnt(); use these in both pam_ecryptfs and
    mount.ecryptfs_private; also move PRIVATE to ECRYPTFS_PRIVATE in
    the ecryptfs.h headers; this will allow us to short-circuit some of the
    costly key-loading code on pam_auth if the private dir is already
    mounted, speeding up some subsequent authentications significantly,
    LP: #402748
  * doc/ecryptfs-mount-private.txt: removed the "$" to make copy-n-paste
    more user friendly
  * src/utils/ecryptfs-setup-private: when encrypting home, put the
    .ecryptfs and .Private data in /home/.ecryptfs rather than /var/lib,
    as users are forgetting to backup /var/lib, and are often putting
    /home on a separate partition; furthermore, this gives users a place
    to access their encrypted data for backup, rather than hiding the
    data below $HOME, LP: #371719
  [ Tyler Hicks ]
  * src/libecryptfs/cipher_list.c, src/libecryptfs/module_mgr.c:
    add blowfish/56-bytes to the list of ciphers we officially support,
    LP: #402790
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-swap: switch from vol_id to blkid,
    LP: #376486
  * debian/ecryptfs-utils.postinst, src/utils/ecryptfs-setup-private:
    don't echo mount passphrase if running in bootstrap mode; prune
    potential leakages from install log, LP: #383650
  * SECURITY UPDATE: mount passphrase recorded in install log (LP: #383650).
    - debian/ecryptfs-utils.postinst: prune private information from
      installer log
    - src/utils/ecryptfs-setup-private: don't echo passphrase if running in
      bootstrap mode
    - CVE-2009-1296
  * src/utils/ecryptfs-setup-private: make some of the lanuage more readable,
    (thanks, anrxc)
  * README, configure.ac, debian/control, debian/rules,
    doc/sourceforge_webpage/README, src/libecryptfs-swig/libecryptfs.py,
    src/libecryptfs-swig/libecryptfs_wrap.c,
    src/libecryptfs/key_management.c, src/libecryptfs/libecryptfs.pc.in,
    src/libecryptfs/main.c, src/pam_ecryptfs/Makefile.am,
    src/utils/manager.c, src/utils/mount.ecryptfs.c: move build from gcrypt
    to nss (this change has been pending for some time)
  * src/utils/ecryptfs-dot-private: dropped, was too hacky
  * ecryptfs-mount-private.1, ecryptfs-setup-private.1: align the
    documentation and implementation of the wrapping-independent feature,
    LP: #383746
  * src/utils/ecryptfs-umount-private: use keyctl list @u, since keyctl show
    stopped working, LP: #400484, #395082
  * src/utils/mount.ecryptfs_private.c: fix counter file locking; solves
    a longstanding bug about "random" umount caused by cronjobs, LP: #358573
  [ Michal Hlavinka (edits by Dustin Kirkland) ]
  * doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs.7,
    doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/umount.ecryptfs_private.1: documentation updated to note
    possible ecryptfs group membership requirements; Fix ecrypfs.7 man
    page and key_mod_openssl's error message; fix typo
  * src/libecryptfs/decision_graph.c: put a finite limit (5 tries) on
    interactive input; fix memory leaks when asking questions
  * src/libecryptfs/module_mgr.c: Don't error out with EINVAL when
    verbosity=0 and some options are missing.
  * src/utils/umount.ecryptfs.c: no error for missing key when removing it
  * src/libecryptfs-swig/libecryptfs.i: fix compile werror, cast char*
  * src/utils/ecryptfs_add_passphrase.c: fix/test/use return codes;
    return nonzero for --fnek when not supported but used
  * src/include/ecryptfs.h, src/key_mod/ecryptfs_key_mod_openssl.c,
    src/libecryptfs/module_mgr.c: refuse mounting with too small rsa
    key (key_mod_openssl)
  * src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c: fix return
    codes
  * src/utils/ecryptfs-rewrite-file: polish output
  * src/libecryptfs/key_management.c: inform about full keyring; insert fnek
    sig into keyring if fnek support check fails; don't fail if key already
    exists in keyring
  * src/utils/ecryptfs-setup-private: if the ecryptfs group exists, restrict
    ecryptfs-setup-private to members of this group
  * src/pam_ecryptfs/pam_ecryptfs.c: dynamically load ecryptfs module by
    checking ecryptfs version
  * src/libecryptfs/decision_graph.c, src/utils/io.c,
    src/utils/mount.ecryptfs.c: fix EOF handling, LP: #371587
  * src/desktop/Makefile.am: make desktop files trusted, LP: #371426
  [ Dustin Kirkland and Daniel Baumann ]
  * debian/control, debian/copyright, debian/ecryptfs-utils.dirs,
    debian/ecryptfs-utils.install, debian/ecryptfs-utils.postinst,
    debian/rules, ecryptfs-utils.pam-auth-update: sync Ubuntu's
    packaging with Debian; drop dpatch, drop libssl build dep, clean
    up extraneous debhelper bits, match cflags; remaining diff is only
    ecryptfs-utils.prerm
  [ Arfrever Frehtes Taifersar Arahesis ]
  * key_mod/ecryptfs_key_mod_gpg.c,
    key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    libecryptfs/key_management.c, utils/ecryptfs_unwrap_passphrase.c:
    Fix warnings, initialize a few variables, drop unused ones
  [ David Hicks ]
  * src/lib/key_management.c: fix stray semicolon that prevents .ecryptfsrc
    files from working properly, LP: #372709
  [ Michael Rooney ]
  * src/python/ecryptfsapi.py: added python api
  [ Dustin Kirkland ]
  * debian/rules: drop hackery that moves stuff /usr/share/ecryptfs-utils
  * src/utils/mount.ecryptfs_private.c: update inline documentation
  * debian/changelog, src/libecryptfs/cmd_ln_parser.c,
    src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c,
    src/utils/ecryptfs_add_passphrase.c,
    src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    src/utils/ecryptfs_rewrap_passphrase.c,
    src/utils/ecryptfs_unwrap_passphrase.c,
    src/utils/ecryptfs_wrap_passphrase.c: silence some useless logging,
    LP: #313330
  * include/ecryptfs.h, libecryptfs/key_management.c,
    utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    utils/ecryptfs_unwrap_passphrase.c: if the file to unwrap is
    unspecified, try to use the default ~/.ecryptfs/wrapped-passphrase
    before bailing out, LP: #359997
  * src/utils/ecryptfs-setup-private: unix_chkpwd is not always present
    (eg, gentoo), LP: #332341
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7: ecryptfs_encrypted_view option desription
    was wrong LP: #328761
  [ Michal Hlavinka ]
  * decision_graph.c: fix uninitialized return code
  * mount.ecryptfs.c: don't pass verbosity option to kernel
  [ anrxc & Dustin Kirkland ]
  * doc/Makefile.am, src/desktop/Makefile.am: fix automake installation from
    /usr/share to /usr/share/ecryptfs-utils
  [ Daniel Baumann & Dustin Kirkland ]
  * debian/rules, debian/control: sync differences between Debian & Ubuntu's
    packaging
  [ Arfrever Frehtes Taifersar Arahesis ]
  * src/key_mod/ecryptfs_key_mod_gpg.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c: fix implicit declations
  [ Frédéric Guihéry ]
  * key_mod/ecryptfs_key_mod_tspi.c, utils/ecryptfs_generate_tpm_key.c:
    the SRK password should be set to 20 bytes of NULL (wellknown
    password), in order for different tools to request key protection
    with the Storage Root Key
  [ Michal Hlavinka ]
  * Changes for RH/Fedora release
    - change error codes to be more descriptive
    - decision_graph.h, *: change definition of node return codes to positive
      values
    - mount.ecryptfs.c: insist for yes/no answer for unkown sigs
    - don't print error for removing key from keyring if it succeeded
    - module_mgr.c: insist on yes/no answer
    - use ECRYPTFS_NONEMPTY_VALUE_REQUIRED where reasonable
    - pam_ecryptfs.c: don't try to unwrap key for users not using pam mounting
    - add verbosity to man page
    - decision_graph.* : add ECRYPTFS_NONEMPTY_VALUE_REQUIRED flag for nodes
    - decision_graph.* : add WRONG_VALUE return code to nodes for asking
      question again
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-private: fix bug in grep when running with LANG
    in other locales, LP: #347969
  * doc/manpage/ecryptfs.7: add notes about verbose option
  * src/desktop: add the desktop files to the dist tarball
  * src/utils/ecryptfs-dot-private: sourceable file for accessing your
    encrypted data; useful for conducting backups
  [ Martin Pitt and Dustin Kirkland ]
  Reworked the fixes for LP: #352307, remind user to record their passphrase
  * src/desktop/ecryptfs-record-passphrase: run if
    ~/.ecryptfs/.wrapped-passphrase.recorded does NOT exist; touch that
    file upon successful run of unwrap passphrase
  * debian/patches/00list,
    debian/patches/update-notifier-remind-passphrase.dpatch: dropped, since
    this was moved into PAM

ubuntu/xenial-proposed 2016-02-27 00:23:52 UTC 2016-02-27
Import patches-unapplied version 111-0ubuntu1 to ubuntu/xenial-proposed

Author: Dustin Kirkland 
Author Date: 2016-02-26 23:58:16 UTC

Import patches-unapplied version 111-0ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: dd52703b628dbc7ba718e7d068506782c275f428

New changelog entries:
  * src/utils/ecryptfs-setup-private: LP: #1328689
    - fix a long standing bug, where setting up an encrypted private,
      encrypted home, or migrating to an encrypted home did not work
      correctly over ssh sessions
    - the root cause of the bug is some complexity in the handling of
      user keyrings and session keyrings
    - the long term solution would be to correctly use session keyrings
    - the short term solution is to continue linking user and session
      keyrings
  * xenial
  [ Tyler Hicks ]
  * Remove unnecessary dependencies in the Debian packaging (LP: #1548975)
    - debian/control: Remove opencryptoki from ecryptfs-utils
      Suggests and libopencryptoki-dev from libecryptfs-dev Depends as
      openCryptoki is not a dependency of eCryptfs.
    - debian/rules: Remove openCryptoki related logic since it was not being
      used and is no longer needed
    - debian/control: Remove libtspi-dev from libecryptfs-dev Depends since
      --disable-tspi is passed to the configure script
    - debian/control: Remove libpkcs11-helper1-dev from libecryptfs-dev
      Depends since --disable-pkcs11-helper is passed to the configure script
    - debian/control: Remove libgpg-error-dev and libgpgme11-dev from
      libecryptfs-dev Depends since --disable-gpg is passed to the configure
      script
    - debian/control: Remove libgcrypt11-dev from Build-Depends and
      libecryptfs-dev Depends since --enable-nss is passed to the configure
      script to use NSS instead of Libgcrypt
    - debian/control: Remove libkeyutils-dev and libpam0g-dev from
      libecryptfs-dev Depends since these are build-time dependencies and not
      run-time dependencies
  [ Maikel ]
  * doc/manpage/ecryptfs-migrate-home.8: Fix typos in man page (LP: #1518787)
  [ Kylie McClain ]
  * src/utils/mount.ecryptfs.c, src/utils/mount.ecryptfs_private.c: Fix build
    issues on musl libc (LP: #1514625)
  [ Colin Ian King ]
  * src/daemon/main.c:
    - Static analysis with Clang's scan-build shows that we can potentially
      overflow the input buffer if the input is equal or more than the buffer
      size. Need to guard against this by:
      1. Only reading in input_size - 1 chars
      2. Checking earlier on to see if input_size is value to insure that we
         read in at least 1 char
  [ Tyler Hicks ]
  * src/utils/mount.ecryptfs_private.c:
    - Refuse to mount over non-standard filesystems. Mounting over
      certain types filesystems is a red flag that the user is doing
      something devious, such as mounting over the /proc/self symlink
      target with malicious content in order to confuse programs that may
      attempt to parse those files. (LP: #1530566)
  [ Martin Pitt ]
  * src/utils/ecryptfs-setup-swap:
    - Add setup-swap-check-links.patch: When commenting out existing swap, also
      consider device symlinks like /dev/mapper/ubuntu--vg-swap_1 or
      /dev/disks/by-uuid/ into account. Fixes broken cryptswap under LVM and
      manual setups. (LP: #1453738)
  * src/utils/ecryptfs-setup-swap, debian/ecryptfs-utils.postinst:
    - On upgrade, uncomment underlying
      unencrypted swap partitions that are referred to by a device link when
      crypttab and fstab have a "cryptswap*" device referring to them.
  * debian/control, debian/libecryptfs0.install,
    debian/libecryptfs0.links, debian/libecryptfs0.shlibs:
    - Rename libecryptfs0 to libecryptfs1 and adjust the packaging. It has
      actually shipped libecryptfs.so.1 since at least trusty. Add
      C/R/P: libecryptfs0 for smoother upgrades, this needs to be kept until
      after 16.04 LTS.
  [ Tyler Hicks ]
  * src/utils/mount.ecryptfs_private.c: Implement proper option parsing to
    restore the -f option when unmounting and display a helpful usage message
    (LP: #1454388)
  * src/utils/mount.ecryptfs_private.c: Add an option, -d, to
    umount.ecryptfs_private to treat the situation where the encrypted private
    session counter is nonzero, after decrementing it, as a non-error
    situation. No error message is printed to stderr and the exit status is 0.
  * src/pam_ecryptfs/pam_ecryptfs.c: Use the new umount.ecryptfs_private '-d'
    option to silence the error message that was printed to stderr when the
    encrypted private session counter is nonzero after being decremented.
    (LP: #1454319)
  * src/utils/ecryptfs-umount-private: Return 1 if umount.ecryptfs_private
    encounters an error. The ecryptfs-umount-private script was previously
    returning 0 even when umount.ecryptfs_private exited upon error.
  * debian/control: Fix 'Please add dh-python package to Build-Depends'
    build warning
  [ Dustin Kirkland ]
  * debian/libecryptfs1.install, debian/libecryptfs1.links,
    debian/libecryptfs1.shlibs:
    - fix ftbfs, add missing files
  [ Dustin Kirkland ]
  * scripts/release.sh:
    - a few more release script improvements, build the source
      package for the Ubuntu development distro
  * debian/control:
    - build depend on distro-info, which we use in our release script
  [ Tyler Hicks ]
  * src/libecryptfs/key_management.c:
    - Fix a regression when reading version 1 wrapped passphrase files. A
      return code indicating success was always returned even when an error
      was encountered. The impact is low since the error situation is still
      caught when validating either the wrapping password's signature or the
      wrapped passphrase's signature. Thanks to László Böszörményi for
      catching this mistake.
    - Reject empty passphrases passed into ecryptfs_wrap_passphrase()
  * src/libecryptfs/main.c:
    - Reject empty wrapping passphrases passed into generate_passphrase_sig()
  [ Dustin Kirkland and Martin Pitt ]
  * debian/ecryptfs-utils.postinst: LP: #953875
    - detect and clean up after nonexisting cryptswap devices
  [ Tyler Hicks ]
  * tests/userspace/Makefile.am: Fix the 'make check' failure present in the
    ecryptfs-utils-105 release tarball. The failure was due to the automake
    file not specifying that some data files should be distributed as part
    of the v1-to-v2-wrapped-passphrase test, causing the test to fail due to
    the missing files.
  [ Dustin Kirkland ]
  * scripts/release.sh:
    - ensure that we try a binary build as part of the release process
    - make sure we're in the original working directory when we release
    - remove the -x option, too noisy
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs.7: LP: #1267640
    - fix inconsistency in man page for passphrase_passwd_file format
  * doc/manpage/ecryptfs-setup-private.1, src/utils/ecryptfs-setup-
    private, src/utils/ecryptfs-setup-swap: LP: #1420424
    - use /dev/random rather than /dev/urandom for long lived keys
  * src/utils/ecryptfs-setup-private:
    - use /dev/urandom for our testing, as we read a lot of info
  * src/utils/ecryptfs-setup-swap: LP: #953875, #1086140
    - fix a whitespace bug in a grep, that might cause us to not
      comment out the old swap space in /etc/fstab
    - offset the start of the encrypted swap space by 1KB, which
      ensures that we don't overwrite the UUID label on the header
      of the partition
    - use the aes-xts block cipher, and plain64 initialization vector,
      which are current best practice here
    - fixed a grammar nitpick
  [ Colin King ]
  * src/libecryptfs/key_management.c, src/utils/mount.ecryptfs.c:
    - A couple of minor fixes: Fix a memory leak and handle out of memory
      error, as found by using cppcheck.
  * src/utils/mount.ecryptfs.c
    - fix potential double free on yesno if get_string_stdin exits early
      without allocating a new buffer and we free yesno on the exit clean
      up path.
  * src/libecryptfs/cmd_ln_parser.c
    - remove redundant if / goto statement that does nothing.
  [ Anders Kaseorg ]
  * src/pam_ecryptfs/pam_ecryptfs.c: exit (not return) from forked child on
    error (LP: #1323421)
  [ Tyler Hicks ]
  * Introduce the version 2 wrapped-passphrase file format. It adds the
    ability to combine a randomly generated salt with the wrapping password
    (typically, a user's login password) prior to performing key
    strengthening. The version 2 file format is considered to be a
    intermediate step in strengthening the wrapped-passphrase files of
    existing encrypted home/private users. Support for reading/writing version
    2 wrapped-passphrase files and transparent migration, through
    pam_ecryptfs, from version 1 to version 2 files is considered safe enough
    to backport to stable distro releases. The libecryptfs ABI around
    wrapped-passphrase file handling is not broken.
    - CVE-2014-9687
  * Run wrap-unwrap.sh test as part of the make check target.
  * Add a new test, called v1-to-v2-wrapped-passphrase.sh, which is suitable
    for the make check target and verifies v1 to v2 wrapped-passphrase file
    migration.
  * Create a temporary file when creating a new wrapped-passphrase file and
    copy it to its final destination after the file has been fully synced to
    disk (LP: #1020902)
  [ Colin King ]
  * src/libecryptfs/ecryptfs-stat.c, tests/kernel/extend-file-
    random/test.c, tests/kernel/inode-race-stat/test.c,
    tests/kernel/trunc-file/test.c:
    - Fixed some 32 bit build warnings
  * src/libecryptfs/decision_graph.c, src/libecryptfs/key_management.c,
    src/libecryptfs/main.c, src/libecryptfs/module_mgr.c, src/utils/io.c,
    src/utils/mount.ecryptfs_private.c, tests/kernel/inotify/test.c,
    tests/kernel/trunc-file/test.c, tests/userspace/wrap-unwrap/test.c:
    - Fixed a pile of minor bugs (memory leaks, unclosed file descriptors,
      etc.) mostly in error paths
  * src/key_mod/ecryptfs_key_mod_passphrase.c, src/libecryptfs/main.c,
    src/pam_ecryptfs/pam_ecryptfs.c:
    - more Coverity fixes, memory leak, error checking, etc.
  [ Nobuto MURATA ]
  * fix an empty update-notifier window (LP: #1107650)
    - changes made in Rev.758 was incomplete
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7:
    - adjust man page text to avoid confusion about whether the interactive
      mount helper takes a capital 'N' for the answer to y/n questions
      (LP: #1130460)
  * src/utils/ecryptfs_rewrap_passphrase.c:
    - Handle errors when interactively reading the new wrapping passphrase
      and the confirmation from stdin. Fixes a segfault (invalid memory read)
      in ecryptfs-rewrap-passphrase if there was an error while reading either
      of these passphrases.
  * configure.ac:
    - Set AM_CPPFLAGS to always include config.h as the first include file.
      Some .c files correctly included config.h before anything else. The
      majority of .c files got this wrong by including it after other header
      files, including it multiple times, or not including it at all.
      Including it in the AM_CPPFLAGS should solve these problems and keep
      future mistakes from happening in new source files.
    - Enable large file support (LFS) through the use of the AC_SYS_LARGEFILE
      autoconf macro. ecryptfs-utils has been well tested with LFS enabled
      because ecryptfs-utils is being built with
      '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' in Debian-based distros.
      This is mainly needed for some of the in-tree regression tests but
      ecryptfs-utils, in general, should be built with LFS enabled.
  * debian/rules:
    - Don't append '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' to the CFLAGS
      now that the upstream build enables LFS
  * tests/userspace/lfs.sh, tests/userspace/lfs/test.c:
    - Add a test to verify that LFS is enabled. This test is run under the
      make check target.
  * tests/kernel/enospc/test.c:
    - Fix test failures on 32 bit architectures due to large file sizes
      overflowing data types
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-swap: LP: #1172014
    - write crypttab entry using UUID
  * src/utils/ecryptfs-recover-private: LP: #1028532
    - error out, if we fail to mount the private data correctly
  [ Colin King and Dustin Kirkland ]
  * configure.ac, src/daemon/main.c, src/libecryptfs/cmd_ln_parser.c,
    src/libecryptfs/decision_graph.c, src/utils/mount.ecryptfs.c,
    tests/kernel/trunc-file/test.c:
    - remove some dead code, fix some minor issues raised by Coverity
  [ Tyler Hicks ]
  * debian/rules:
    - Use dpkg-buildflags to inject distro compiler hardening flags into the
      build. This also fixes the hardening-no-fortify-functions lintian
      warnings.
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
    doc/manpage/ecryptfs-find.1, doc/manpage/ecryptfs-generate-tpm-
    key.1, doc/manpage/ecryptfs-insert-wrapped-passphrase-into-
    keyring.1, doc/manpage/ecryptfs-manager.8, doc/manpage/ecryptfs-
    migrate-home.8, doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
    passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
    swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
    private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
    doc/manpage/ecryptfs-verify.1, doc/manpage/ecryptfs-wrap-
    passphrase.1, doc/manpage/Makefile.am, doc/manpage/mount.ecryptfs.8,
    doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
    doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1, src/desktop/ecryptfs-find =>
    src/utils/ecryptfs-find, src/desktop/Makefile.am,
    src/utils/Makefile.am:
    - add 3 new manpages, for ecryptfs-find, ecryptfs-verify, and
      ecryptfs-migrate-home
    - Add SEE ALSO section to manpages which were missing it
    - Mention "Debian and Ubuntu" in license location
    - move the ecryptfs-find utility to the proper location in src/utils
  * src/utils/Makefile.am:
    - fix broken build
  * debian/ecryptfs-utils.links:
    - link no longer needed for ecryptfs-find
  [ Colin King ]
  * === added directory tests/kernel/mmap-bmap, === added directory
    tests/kernel/xattr, tests/kernel/link.sh, tests/kernel/Makefile.am,
    tests/kernel/mknod.sh, tests/kernel/mmap-bmap.sh, tests/kernel/mmap-
    bmap/test.c, tests/kernel/tests.rc, tests/kernel/xattr.sh,
    tests/kernel/xattr/test.c:
    - ran the current eCryptfs tests on 3.8-rc4 with kernel gcov enabled
      and spotted a few trivial areas where it would be useful to up the
      test coverage on the code
    - so here are a few very simple additional tests to exercise eCryptfs
      a little further
  [ Dustin Kirkland ]
  * debian/control:
    - bump standards, no change
  [ Tyler Hicks ]
  * autogen.sh, scripts/release.sh, Makefile.am:
    - Break out the autoreconf and intltoolize commands from release.sh into
      an executable autogen.sh
    - Use the --copy option when invoking intltoolize
    - Include the new autogen.sh script in the release tarball
  * debian/rules, debian/control:
    - Use dh-autoreconf so that upstream sources can easily be used to build
      packages for all the stable Ubuntu releases in the ecryptfs-utils daily
      build PPA
    - Override the dh_autoreconf target by running the autogen.sh script
    - Drop Build-Depends on autotools-dev since dh-autoreconf is a superset of
      autotools-dev
    - Drop Build-Depends on autoconf, automake, and libtool since
      dh-autoreconf depends on all of these packages
  * m4/ac_python_devel.m4:
    - Fix FTBFS in Raring Ringtail due to multiarch Python. Be sure to include
      platform specific Python include directions in SWIG_PYTHON_CPPFLAGS.
  * src/utils/mount.ecryptfs_private.c:
    - Fix conditionals when checking whether to remove authentication tokens
      from the kernel keyring upon umount. This conditional was incorrectly
      modified in ecryptfs-utils-101, yet the authentication tokens still seem
      to be removed from the kernel keyring so it isn't clear if there was
      actually a user-facing regression.
    - Pass the FEKEK sig, rather than the FNEK sig, to
      ecryptfs_private_is_mounted()
    - Restore behavior of not printing error messages to syslog when
      unmounting and keys cannot be found in the kernel keyring.
    - Restore behavior of printing a useful error message about
      ecryptfs-mount-private when mounting and keys cannot be found in the
      kernel keyring
    - Fix memory leak and clean up free()'s in an error path
    - Use pointer assignment tests, rather than strlen(), to determine which
      key signatures were fetched
  * src/daemon/main.c, src/include/ecryptfs.h,
    src/libecryptfs/{Makefile.am,messaging.c,miscdev.c,netlink.c,sysfs.c},
    doc/manpage/ecryptfsd.8, doc/design_doc/ecryptfs_design_doc_v0_2.tex:
    - Remove netlink messaging interface support
    - Netlink messaging support was superceded by the miscdev interface
      (/dev/ecryptfs) in upstream kernel version 2.6.26 in July, 2008
    - Netlink messaging support was completely removed from the upstream
      kernel starting with version 2.6.32 in December, 2009
  * src/jprobes/*, scripts/delete-cruft.sh:
    - Remove all jprobes code, as I don't use jprobes to debug eCryptfs kernel
      issues and I don't like the idea of maintaining these jprobes outside of
      the kernel tree
  * src/escrow/*:
    - Remove all escrow code, as it isn't used or maintained
  * tests/kernel/llseek.sh, tests/kernel/llseek/test.c,
    tests/userspace/wrap-unwrap.sh, tests/userspace/wrap-unwrap/test.c:
    - Migrate some old testcases over to the modern test framework
  * tests/lib/etl_funcs.sh:
    - Update etl_create_test_dir() to allow a parent directory to be specified
      when creating the directory
  * src/testcases:
    - Delete old testcases that were either too basic, covered by more
      extensive tests in the modern test framework, or just didn't work
  [ Nobuto MURATA ]
  * src/desktop/ecryptfs-record-passphrase:
  [ Eric Lammerts ]
  * src/libecryptfs/sysfs.c: LP: #1007880
    - Handle NULL mnt pointer when sysfs is not mounted
  [ Tyler Hicks ]
  * src/utils/ecryptfs-migrate-home: LP: #1026180
    - Correct minor misspelling
  * src/utils/ecryptfs-recover-private: LP: #1004082
    - Fix option parsing when --rw is specified
  * src/utils/ecryptfs-recover-private: LP: #1028923
    - Simplify success message to prevent incorrectly reporting that a
      read-only mount was performed when the --rw option is specified
  * tests/lib/etl_func.sh:
    - Add test library function to return a lower path from an upper path,
      based on inode numbers
  * tests/kernel/mmap-close.sh, tests/kernel/mmap-close/test.c:
    - Add regression test for open->mmap()->close()->dirty memory->munmap()
      pattern
  * tests/kernel/lp-561129.sh:
    - Add test for checking that a pre-existing target inode is properly
      evicted after a rename
  * tests/README:
    - Add documentation on the steps to take when adding new test cases
  [ Colin King ]
  * tests/kernel/lp-911507.sh:
    - Add test case for initializing empty lower files during open()
  * tests/kernel/lp-872905.sh:
    - Add test case to check for proper unlinking of lower files when
      lower file initialization fails
  * src/key_mod/ecryptfs_key_mod_openssl.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    src/libecryptfs/key_management.c,
    src/utils/mount.ecryptfs_private.c, src/utils/umount.ecryptfs.c:
    - address some issues raised by smatch static analysis
    - fix some memory leaks with frees
    - fix some pointer refs and derefs
    - fix some comment typos
  [ Dustin Kirkland ]
  * src/libecryptfs/key_management.c:
    - silence pam error message when errno == EACCES
      + "Error attempting to parse .ecryptfsrc file; rc = [-13]"
  * src/utils/mount.ecryptfs_private.c: LP: #1052038
    - fix race condition, which typically manifests itself with a user
      saying that their home directory is not accessible, or that their
      filenames are not decrypted
    - the root of the problem is that we were reading the signature file,
      ~/.ecryptfs/Private.sig, twice; in some cases, the first one succeeds,
      so the file encryption signature is read and key is loaded, but then
      some other process (usually from PAM, perhaps a cron job or a
      subsequent login) mounts the home directory before the filename
      encryption key is loaded; thus, $HOME is mounted but filenames are
      not decrypted, so the second read of ~/.ecryptfs/Private.sig fails
      as that file is not found
    - the solution is to rework the internal fetch_sig() function and read
      one or both signatures within a single open/read/close operation of
      the file
    - free memory used by char **sig on failure
  * debian/copyright:
    - fix lintian warning
  [ Tyler Hicks ]
  * src/pam_ecryptfs/pam_ecryptfs.c, src/libecryptfs/key_management.c:
      LP: #1024476
    - fix regression introduced in ecryptfs-utils-99 when Encrypted
      Home/Private is in use and the eCryptfs kernel code is compiled as a
      module
    - drop check for kernel filename encryption support in pam_ecryptfs, as
      appropriate privileges to load the eCryptfs kernel module may not be
      available and filename encryption has been supported since 2.6.29
    - always add filename encryption key to the kernel keyring from pam_mount
  [ Colin King ]
  * tests/kernel/inode-race-stat/test.c:
    - limit number of forks based on fd limits
  * tests/kernel/enospc.sh, tests/kernel/enospc/test.c,
    tests/kernel/Makefile.am, tests/kernel/tests.rc:
    - add test case for ENOSPC
  [ Tim Harder ]
  * m4/ac_python_devel.m4: LP: #1029217
    - proplery save and restore CPPFLAGS and LIBS when python support is
      enabled
  [ Dustin Kirkland ]
  * debian/ecryptfs-utils.postinst: LP: #936093
    - ensure desktop file is executable
  [ Wesley Wiedenmeier ]
  * src/utils/mount.ecryptfs.c: LP: #329264
    - remove old hack, that worked around a temporary kernel regression;
      ensure that all mount memory is mlocked
  [ Sebastian Krahmer ]
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #732614
    - drop group privileges in the same places that user privileges are
      dropped
    - check return status of setresuid() calls and return if they fail
    - drop privileges before checking for the existence of
      ~/.ecryptfs/auto-mount to prevent possible file existence leakage
      by a symlink to a path that typically would not be searchable by
      the user
    - drop privileges before reading salt from the rc file to prevent the
      leakage of root's salt and, more importantly, using the incorrect salt
    - discovered, independently, by Vasiliy Kulikov and Sebastian Krahmer
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #1020904
    - after dropping privileges, clear the environment before executing the
      private eCryptfs mount helper
    - discovered by Sebastian Krahmer
  * src/utils/mount.ecryptfs_private.c: LP: #1020904
    - do not allow private eCryptfs mount aliases to contain ".." characters
      as a preventative measure against a crafted file path being used as an
      alias
    - force the MS_NOSUID mount flag to protect against user controlled lower
      filesystems, such as an auto mounted USB drive, that may contain a
      setuid-root binary
      + CVE-2012-3409
    - force the MS_NODEV mount flag
    - after dropping privileges, clear the environment before executing umount
    - discovered by Sebastian Krahmer
  [ Tyler Hicks ]
  * src/libecryptfs/key_management.c: LP: #732614
    - zero statically declared buffers to prevent the leakage of stack
      contents in the case of a short file read
    - discovered by Vasiliy Kulikov
  * src/libecryptfs/module_mgr.c, src/pam_ecryptfs/pam_ecryptfs.c:
    - fix compiler warnings
  [ Dustin Kirkland ]
  * debian/ecryptfs-utils.prerm:
    - drop the pre-removal ERRORs down to WARNINGs
    - these have caused a ton of trouble; whatever is causing ecryptfs-utils
      to be marked for removal should be fixed; but ecryptfs exiting 1 seems
      to be causing more trouble than it's worth
    - LP: #871021, #812270, #988960, #990630, #995381, #1010961
  * doc/ecryptfs-faq.html:
    - update the frequently asked questions, which haven't seen much
      attention in a while now
    - drop a few references to sourceforge
  * doc/ecryptfs-pam-doc.txt, doc/manpage/fr/ecryptfs-add-passphrase.1,
    doc/manpage/fr/ecryptfs-generate-tpm-key.1, doc/manpage/fr/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-
    mount-private.1, doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
    doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
    umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
    doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
    zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
    doc/sourceforge_webpage/ecryptfs-article.pdf,
    doc/sourceforge_webpage/ecryptfs_design_doc_v0_1.pdf,
    doc/sourceforge_webpage/ecryptfs-faq.html,
    doc/sourceforge_webpage/ecryptfs-key-diagram-356.png,
    doc/sourceforge_webpage/ecryptfs-key-diagram-640.png,
    doc/sourceforge_webpage/ecryptfs-pageuptodate-call-graph.png,
    doc/sourceforge_webpage/ecryptfs-pam-doc.txt,
    doc/sourceforge_webpage/ecryptfs.pdf,
    doc/sourceforge_webpage/index.html, doc/sourceforge_webpage/README,
    === removed directory doc/manpage/fr, === removed directory
    doc/sourceforge_webpage, rpm/ecryptfs-utils.spec:
    - remove some deprecated documentation
    - fish it out of bzr, if we ever need it again, but let's
      quit publishing it in our release tarballs
  [ Kees Cook ]
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #938326
    - exit, rather than return to prevent duplicate processes
  [ Andreas Raster ]
  * src/desktop/ecryptfs-find:
    - $mounts was quoted once too often
  [ George Wilson ]
  * src/key_mod/ecryptfs_key_mod_openssl.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    src/key_mod/ecryptfs_key_mod_tspi.c: LP: #937331
    - IBM would like to grant a license exception for key modules that
      require linking to OpenSSL. The change should make the modules
      shippable by Linux distributions
  [ Dustin Kirkland ]
  * debian/copyright:
    - note the GPLv2 SSL exception granted by IBM for the key modules
  * debian/control, debian/copyright, doc/manpage/ecryptfs.7,
    doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
    doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
    manager.8, doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
    passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
    swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
    private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
    doc/manpage/ecryptfs-wrap-passphrase.1,
    doc/manpage/mount.ecryptfs.8, doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/pam_ecryptfs.8, doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1, README,
    src/utils/mount.ecryptfs.c:
    - use the new ecryptfs.org website where appropriate
  * debian/control:
    - update to suggest zescrow-client
  [ Sergio Peña ]
  * src/libecryptfs/cipher_list.c: LP: #922821
    - add the new name of the blowfish cipher (linux >= 3.2)
  * src/include/ecryptfs.h, src/libecryptfs/main.c,
    src/utils/mount.ecryptfs.c: LP: #917509
    - use execl() to mount ecryptfs
    - this allows us to support any arbitrary mount options in
      /etc/fstab
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7:
    - Remove the note saying that the passphrase and openssl key modules are
      available by default. That's true upstream but not always true in distro
      builds.
  * tests/run_tests.sh:
    - Make upper and lower mount point arguments optional by automatically
      creating directories in /tmp by default.
    - Make it possible to run only userspace tests without having to specify
      unused mount information
    - Accept a comma-separated list of lower filesystems to test on and loop
      through all kernel tests for each lower filesystem
    - Accept a comma-separated list of tests to run
  * tests/lib/etl_funcs.sh:
    - Unset $ETL_DISK just before etl_remove_disk() successfully returns
  * tests/userspace/Makefile.am:
    - Also build 'make check' tests when building with --enable-tests
  * include/ecryptfs.h, libecryptfs/Makefile.am,
    libecryptfs/cipher_list.c, libecryptfs/module_mgr.c,
    utils/io.h: LP: #994813
    - remove overly complicated implementation to detect what ciphers
      are supported by the currently running kernel's crypto api
    - prompt for the entire supported cipher list, if the user selects a
      cipher that their kernel doesn't support, the mount will fail
      and the kernel will write an error message to the syslog
  * src/libecryptfs/module_mgr.c:
    - Use correct blowfish block size when displaying supported ciphers to
      the user
  * tests/kernel/lp-1009207.sh, tests/kernel/Makefile.am,
    tests/kernel/tests.rc:
    - Add simple test case for incorrect handling of umask and default POSIX
      ACL masks
  * tests/kernel/lp-994247.sh, tests/kernel/lp-994247/test.c,
    tests/kernel/Makefile.am, tests/kernel/tests.rc:
    - Add test case for incorrect handling of open /dev/ecryptfs file
      descriptors that are passed or inherited by other processes
  [ Colin King ]
  * tests/lib/etl_funcs.sh:
    - etl_lumount() should use DST rather than SRC dir so it can run on Lucid
    - use file system appropriate mkfs force flag
    - cater for correct ext2 default mount flags
  * tests/kernel/lp-509180.sh, tests/kernel/lp-509180/test.c:
    - test for trailing garbage at end of files
  * tests/kernel/lp-524919.sh, tests/kernel/lp-524919/test.c:
    - test case for checking lstat/readlink size
  * tests/kernel/lp-870326.sh, tests/kernel/lp-870326/test.c:
    - test case for open(), mmap(), close(), modify mmap'd region
  * tests/kernel/lp-469664.sh:
    - test case for lsattr
  * tests/kernel/lp-613873.sh:
    - test case for stat modify time
  * tests/kernel/lp-745836.sh:
    - test case for clearing ECRYPTFS_NEW_FILE flag during truncate
  * tests/lib/etl_funcs.sh, tests/kernel/extend-file-random.sh,
    tests/kernel/trunc-file.sh (LP: #1007159):
    - Add test library function for estimating available space in lower fs
    - Use new library function in tests that need to create large files
  [ Colin Watson ]
  * src/utils/ecryptfs-setup-swap: Skip /dev/zram* swap devices
    LP: #979350
  [ Serge Hallyn ]
  * src/utils/mount.ecryptfs_private.c:
    - EoL fixes
  [ Dustin Kirkland ]
  * CONTRIBUTING:
    - added a new file to describe how to contribute to ecryptfs
  * === added directory img/old, img/old/ecryptfs_14.png,
    img/old/ecryptfs_192.png, img/old/ecryptfs_64.png:
    - saving the old logos/branding for posterity
  * debian/copyright, img/COPYING:
    - added CC-by-SA 3.0 license
    - use the text version
  * img/ecryptfs_14.png, img/ecryptfs_192.png, img/ecryptfs_64.png:
    - added scaled copies of images used for Launchpad.net branding
  * src/utils/ecryptfs-recover-private: LP: #847505
    - add an option to allow user to enter the mount passphrase,
      in case they've recorded that, but forgotten their login
      passphrase
  * src/libecryptfs/sysfs.c: LP: #802197
    - default sysfs to /sys, if not found in /etc/mtab
    - it seems that reading /etc/mtab for this is outdated
    - ensure that ecryptfs works even if there is no sysfs entry
      in /etc/mtab
  * src/key_mod/ecryptfs_key_mod_tspi.c: LP: #462225
    - fix TPM and string_to_uuid 64bits issue
    - thanks to Janos for the patch
  [ Tyler Hicks ]
  * CONTRIBUTING:
    - clarified how to contribute to the ecryptfs kernel module
  * tests/lib/etl_funcs.sh:
    - created eCryptfs test library of bash functions for use in test
      cases and test harnesses
  * test/etl_add_passphrase_key_to_keyring.c:
    - created a C helper program to allow bash scripts to interface to
      the libecryptfs function that adds passphrase-based keys to the
      kernel keyring
  * tests/kernel/tests.rc, tests/userspace/tests.rc:
    - created a test case category files for test harnesses to source
      when running testcases of a certain category (destructive, safe,
      etc.)
  * tests/run_tests.sh:
    - created a test harness to run eCryptfs test cases
  * tests/kernel/miscdev-bad-count.sh,
    tests/kernel/miscdev-bad-count/test.c:
    - created test case for miscdev issue reported to mailing list
  * tests/kernel/lp-885744.sh:
    - created test case for pathconf bug
  * tests/kernel/lp-926292.sh:
    - created test case for checking stale inode attrs after setxattr
  * tests/new.sh:
    - created new test case template to copy from
  * tests/userspace/verify-passphrase-sig.sh,
    tests/userspace/verify-passphrase-sig/test.c:
    - created test case, for make check, to test the creation of
      passphrase-based fekeks and signatures
  * configure.ac, Makefile.am, tests/Makefile.am, tests/lib/Makefile.am,
    tests/kernel/Makefile.am, tests/userspace/Makefile.am:
    - updated and created autoconf/automake files to build the new tests
      directory
    - added make check target
  [ Eddie Garcia ]
  * img/*: LP: #907131
    - contributing a new set of logos and branding under the CC-by-SA3.0
      license
  [ Colin King ]
  * tests/kernel/extend-file-random.sh,
    tests/kernel/extend-file-random/test.c:
    - Test to randomly extend file size, read/write + unlink
  * tests/kernel/trunc-file.sh, tests/kernel/trunc-file/test.c:
    - Test to exercise file truncation
  * tests/kernel/directory-concurrent.sh,
    tests/kernel/directory-concurrent/test.c:
    - test for directory creation/deletion races with multiple processes
  * tests/kernel/file-concurrent.sh,
    tests/kernel/file-concurrent/test.c:
    - test for file creation/truncation/unlink races with multiple
      processes
  * tests/kernel/inotify.sh, tests/kernel/inotify/test.c:
    - test for proper inotify support
  * tests/kernel/mmap-dir.sh, tests/kernel/mmap-dir/test.c:
    - test that directory files cannot be mmap'ed
  * tests/kernel/read-dir.sh, tests/kernel/read-dir/test.c:
    - test that read() on directory files returns the right error
  * tests/kernel/setattr-flush-dirty.sh:
    - test that the modified timestamp isn't clobbered in writeback
  * tests/kernel/inode-race-stat.sh, tests/kernel/inode-race-stat/test.c:
    - test for inode initialization race condition
  [ Serge Hallyn ]
  * fix infinite loop on arm: fgetc returns an int, and -1 at end of
    options. Arm makes char unsigned. (LP: #884407)
  [ Dustin Kirkland ]
  * debian/compat, debian/control, debian/ecryptfs-utils.install,
    debian/ecryptfs-utils.lintian-overrides,
    debian/libecryptfs0.install, debian/libecryptfs-dev.install,
    debian/lintian/ecryptfs-utils, debian/python-ecryptfs.install,
    debian/rules, debian/source/options, doc/ecryptfs-pam-doc.txt,
    doc/manpage/ecryptfs-setup-private.1, lintian/ecryptfs-utils, ===
    removed directory debian/lintian:
    - merge a bunch of packaging changes from Debian's Daniel Baumann
    - fixes LP: #800647
  * scripts/release.sh:
    - minor release fixes
  [ Dustin Kirkland ]
  * scripts/release.sh:
    - fix release script
    - bump ubuntu release
  * doc/manpage/ecryptfs-recover-private.1, src/utils/ecryptfs-migrate-
    home (properties changed: -x to +x), src/utils/ecryptfs-recover-
    private:
    - add a --rw option for ecryptfs-recover-private
  * src/utils/ecryptfs-migrate-home: LP: #820416
    - show progress on rsync
  * debian/ecryptfs-utils.ecryptfs-utils-restore.upstart,
    debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
    src/utils/ecryptfs-migrate-home,
    src/utils/ecryptfs-setup-private: LP: #883238
    - remove 2 upstart scripts, which attempted to "save" users who didn't
      login after migrating their home; instead, we now require the root
      user to enter user passwords at migration time
  * debian/copyright, debian/ecryptfs-utils.ecryptfs-utils-
    restore.upstart, debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
    doc/manpage/ecryptfs.7, doc/manpage/ecryptfs-add-passphrase.1,
    doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
    mount-private.1, doc/manpage/ecryptfs-recover-private.1,
    doc/manpage/ecryptfs-rewrap-passphrase.1, doc/manpage/ecryptfs-
    rewrite-file.1, doc/manpage/ecryptfs-setup-private.1,
    doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
    doc/manpage/ecryptfs-umount-private.1, doc/manpage/ecryptfs-unwrap-
    passphrase.1, doc/manpage/ecryptfs-wrap-passphrase.1,
    doc/manpage/fr/ecryptfs-add-passphrase.1, doc/manpage/fr/ecryptfs-
    generate-tpm-key.1, doc/manpage/fr/ecryptfs-insert-wrapped-
    passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-mount-private.1,
    doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
    doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
    umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
    doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
    zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
    doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
    doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1,
    src/pam_ecryptfs/pam_ecryptfs.c,
    src/utils/ecryptfs_add_passphrase.c,
    src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    src/utils/ecryptfs-migrate-home, src/utils/ecryptfs-mount-private,
    src/utils/ecryptfs-recover-private,
    src/utils/ecryptfs_rewrap_passphrase.c, src/utils/ecryptfs-rewrite-
    file, src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-
    swap, src/utils/ecryptfs-umount-private,
    src/utils/ecryptfs_unwrap_passphrase.c,
    src/utils/ecryptfs_wrap_passphrase.c:
    - update some email addresses, moving kirkland@canonical.com ->
      kirkland@ubuntu.com (which I can still read)
  * src/libecryptfs/key_management.c: LP: #715066
    - fix 2 places where we were handling
      ecryptfs_add_passphrase_key_to_keyring() inconsistently
    - if we're trying to add a key to the keyring, and it's already there,
      treat that as "success"
  * debian/control:
    - ecryptfs-setup-swap is strongly recommended, which depends on
      cryptsetup; so promote cryptsetup from suggests -> recommends
  [ Stephan Ritscher and Tyler Hicks ]
  * src/libecryptfs/cmd_ln_parser.c: LP: #683535
    - fix passphrase_passwd_fd for pipes
    - handle memory allocation failures
    - free memory in error paths
  [ Arfrever Frehtes Taifersar Arahesis ]
  * configure.ac: LP: #893327
    - no need to check for python, if --disable-pywrap is passed
  * src/utils/ecryptfs-verify, src/utils/Makefile.am:
    - add an ecryptfs-verify utility, LP: #845738
  * src/testcases/write-read.sh:
    - added a write/read test utility
  * doc/manpage/ecryptfs-mount-private.1, doc/manpage/ecryptfs-setup-
    private.1, doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/umount.ecryptfs_private.1: LP: #882267
    - remove inaccurate documentation about being a member of the ecryptfs
      group
  * src/utils/ecryptfs-setup-private: LP: #882314
    - fix preseeded encrypted home Ubuntu installations (thanks Timo!)
  * src/libecryptfs/key_management.c: LP: #725862
    - fix nasty bug affecting users who do *not* encrypt filenames;
      the first login works, but on logout, only one key gets
      cleaned out; subsequent logins do not insert the necessary key
      due to an early "goto out"; this fix needs to be SRU'd
  * debian/rules: LP: #586281
    - fix perms on desktop mount file
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #838471
    - rework syslogging to be less noisy and note pam_ecryptfs
  [ Diego E. "Flameeyes" Pettenò ]
  * configure.ac:
    - fix reliance on nss-config, which hinders cross-compilation
  [ Marc Deslauriers ]
  * src/utils/mount.ecryptfs_private.c:
  * SECURITY UPDATE: wrong mtab ownership and permissions (LP: #830850)
    - debian/patches/CVE-2011-3145.patch: also set gid and umask before
      updating mtab in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-3145
  [ Marc Deslauriers ]
  * SECURITY UPDATE: privilege escalation via mountpoint race conditions
    (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
      before checking permissions in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1831
    - CVE-2011-1832
  * SECURITY UPDATE: race condition when checking source during mount
    (LP: #732628)
    - debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
      kernel option when mounting directory in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1833
  * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
      file first and make sure it succeeds before replacing the real mtab
      in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1834
  * SECURITY UPDATE: key poisoning via insecure temp directory handling
    (LP: #732628)
    - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
      user controlled directory in src/utils/ecryptfs-setup-private.
    - CVE-2011-1835
  * SECURITY UPDATE: information disclosure via recovery mount in /tmp
    (LP: #732628)
    - debian/patches/CVE-2011-1836.patch: mount inside protected
      subdirectory in src/utils/ecryptfs-recover-private.
    - CVE-2011-1836
  * SECURITY UPDATE: arbitrary file overwrite via lock counter race
    condition (LP: #732628)
    - debian/patches/CVE-2011-1837.patch: verify permissions with a file
      descriptor, and don't follow symlinks in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1837
  [ Dustin Kirkland ]
  * debian/control:
    - add missing build dependency needed for release
  * doc/manpage/ecryptfs-wrap-passphrase.1: fix minor error in manpage
  * src/desktop/ecryptfs-find, src/desktop/Makefile.am: LP: #799157
    - add a tool, /usr/share/ecryptfs-utils/ecryptfs-find that can
      help find cleartext/encrypted filenames by inode number
  * src/desktop/ecryptfs-find:
    - test file exists first; ditch the match;
      search all ecryptfs mounts that user can read/traverse
  * debian/ecryptfs-utils.links:
    - add a symlink for Ubuntu
  * scripts/release.sh:
    - improve release script
  [ Serge Hallyn ]
  * Fix from Christophe Dumez: mount.ecryptfs_private: Do not attempt to
    update mtab if it is a symbolic link. (LP: #789888)
  * src/utils/mount.ecryptfs_private.c:
    - reduce the window size for the TOCTOU race;
      does not entirely solve LP: #732628, which is going to need to be
      fixed in the kernel with some heavy locking
  * debian/control: update urls
  * src/utils/ecryptfs-mount-private: LP: #725862
    - fix ecryptfs-mount-private to insert only the fek, if filename
      encryption is disabled
  [ Paolo Bonzini <pbonzini@redhat.com> ]
  * src/utils/ecryptfs-setup-private: update the Private.* selinux
    contexts
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-private:
    - add -p to mkdir, address noise for a non-error
    - must insert keys during testing phase, since we remove keys on
      unmount now, LP: #725862
  * src/utils/ecryptfs_rewrap_passphrase.c: confirm passphrases in
    interactive mode, LP: #667331
  [ Jakob Unterwurzacher ]
  * src/pam_ecryptfs/pam_ecryptfs.c:
    - check if this file exists and ask the user for the wrapping passphrase
      if it does
    - eliminate both ecryptfs_pam_wrapping_independent_set() and
      ecryptfs_pam_automount_set() and replace with a reusable
      file_exists_dotecryptfs() function
  [ Serge Hallyn and Dustin Kirkland ]
  * src/utils/mount.ecryptfs_private.c:
    - support multiple, user configurable private directories by way of
      a command line "alias" argument
    - this "alias" references a configuration file by the name of:
      $HOME/.ecryptfs/alias.conf, which is in an fstab(5) format,
      as well as $HOME/.ecryptfs/alias.sig, in the same format as
      Private.sig
    - if no argument specified, the utility operates in legacy mode,
      defaulting to "Private"
    - rename variables, s/dev/src/ and s/mnt/dest/
    - add a read_config() function
    - add an alias char* to replace the #defined ECRYPTFS_PRIVATE_DIR
    - this is half of the fix to LP: #615657
  * doc/manpage/mount.ecryptfs_private.1: document these changes
  * src/libecryptfs/main.c, src/utils/mount.ecryptfs_private.c:
    - allow umount.ecryptfs_private to succeed when the key is no
      longer in user keyring.
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-recover-private: clean sigs of invalid characters
  * src/utils/mount.ecryptfs_private.c:
    - fix bug LP: #313812, clear used keys on unmount
    - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from
      umount.ecryptfs behave similarly
    - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek
  [ presgas@gmail.com ]
  * src/utils/ecryptfs-migrate-home:
    - support user databases outside of /etc/passwd, LP: #627506
  * src/desktop/ecryptfs-record-passphrase: fix typo, LP: #524139
  * debian/rules, debian/control:
    - disable the gpg key module, as it's not yet functional
    - clean up unneeded build-deps
    - also, not using opencryptoki either
  * doc/manpage/ecryptfs.7: fix minor documentation bug, reported by
    email by Jon 'maddog' Hall
  * doc/manpage/ecryptfs-recover-private.1, doc/manpage/Makefile.am,
    po/POTFILES.in, src/utils/ecryptfs-recover-private,
    src/utils/Makefile.am: add a utility to simplify data recovery
    of an encrypted private directory from a Live ISO, LP: #689969
  [ David Planella ]
  * Makefile.am, configure.ac, debian/control, debian/po/POTFILES.sh,
    debian/po/ecryptfs-utils.pot, debian/po/fr.po, debian/rules,
    po/POTFILES.in, src/desktop/Makefile.am,
    src/desktop/ecryptfs-mount-private.desktop,
    src/desktop/ecryptfs-mount-private.desktop.in,
    src/desktop/ecryptfs-record-passphrase,
    src/desktop/ecryptfs-setup-private.desktop,
    src/desktop/ecryptfs-setup-private.desktop.in:
    - internationalization work for LP: #358283
  * po/LINGUAS, po/ca.po: Catalan translation
  [ Yan Li <yan.i.li@intel.com> ]
  * src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/ecryptfs-migrate-home: add a script and pam hooks to
    support automatic migration to encrypted home directory
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-migrate-home: clean up for merge
    - use $() rather than ``
    - drop set -u
    - use = and !=, and quote vars, rather than testing with -ne, -eq,
      for better shell portability
    - improve usage statement and error text
    - check if already encrypted
    - handle migration of multiple users on boot
    - fix all whitespace, use tabs for indents
    - use quotes around variables, rather than ${} (stylistic preference)
    - major simplification for immediate release
      + remove boot and user modes; only support administrator mode for
        security reasons and to avoid race conditions
      + other modes can be re-added, if necessary, and if security
        concerns can be addressed
    - ensure running as root
    - drop VERBOSE option, always print useful info messages
    - call the user $USER_NAME rather than $USER_ID since id implies
      number, and here we're deailing with names
    - no decimals on awk calculation
    - mktemp on the target user, not root
    - check that there is enough disk space available to do the migration
    - ensure the user's homedir group is correct
    - add critical instructions, user *must* login after the migration and
      before the reboot, as their wrapped passphrase will be cleared on
      reboot (possible we should use an init script to move these to
      /var/tmp on reboot)
    - ensure permissions are set correctly
    - improve text at the end of the migration, organize into notes
  * ecryptfs-utils.ecryptfs-utils-restore.upstart,
    ecryptfs-utils.ecryptfs-utils-save.upstart, rules:
    - try to protect migrating users who don't login before the next reboot
  * debian/ecryptfs-utils.install: install the locale messages
  * src/desktop/ecryptfs-record-passphrase: improve dialog text
  * src/desktop/ecryptfs-record-passphrase: revert the _ bit, as it's not quite
    working yet, will need to talk to David to fix
  * src/utils/ecryptfs-setup-private: fix bug where setup-private
    incorrectly assumed that the home/private dir ownerships should
    be owned by USER:USER; instead, default to USER:GROUP, where
    GROUP is the USER's primary group by default, LP: #445301
  * src/utils/ecryptfs-setup-private, debian/control: LP: #456565
    - fix typo, s/getext/gettext
    - depend on gettext-base
  * src/utils/ecryptfs-setup-private: fix printing of error strings,
    which was broken by the gettext integration, LP: #471725;
    in doing so, use $() in place of ``, use '' for gettext arguments,
    and wrap gettext in "", like this: foo="$(gettext 'blah blah')"
  * debian/control: one package per line, helps tremendously when looking
    at diffs
  * debian/copyright: Add new fields
  * debian/ecryptfs-utils.postinst: minor set -e change
  [ Michael Terry ]
  * src/utils/ecryptfs-setup=swap: clean up some error message reporting,
    LP: #430891, #430890
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs.7: note the 64-char passphrase limit, LP: #386504
  * src/utils/ecryptfs-setup-private: minor documentation change
  [ Evan Dandrea ]
  * src/utils/ecryptfs-setup-swap: allow for setting up encrpyted swap,
    without activating it immediately, necessary for livecd installations
  [ Dustin Kirkland ]
  * debian/control: updated bzr and browser urls, bumped standards version
  * src/pam_ecryptfs/pam_ecryptfs.c: silence useless, oft-shown info
    message
  * src/utils/ecryptfs-mount-private, src/utils/ecryptfs-rewrite-file,
    src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-swap,
    src/utils/ecryptfs-umount-private: use gettext for all string printing,
    such that we can internationalize ecryptfs
  * po/POTFILES.sh, po/ecryptfs-utils.pot, po/fr.po, rules: add po to the
    build system; for now, in the debian/ directory; this should be put in
    the upstream source tree eventually (but I need some help with the
    automake/autoconf integration)
  * ecryptfs-setup-swap: exit(0) if there's no swaps to encrypt, ensures
    that this script succeeds if there is no swap space that needs to be
    secured, or if the existing swap space is already secured
  * doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
    doc/manpage/umount.ecryptfs.8, doc/manpage/Makefile.am: added manpagess
  * doc/manpage/ecryptfs.7: fix lintian warning
  * debian/lintian/ecryptfs-utils: added a lintian overrides file
  * debian/lintian/ecryptfs-utils, debian/ecryptfs-utils.install: add and
    install some proper lintian overrides
  * src/libecryptfs/module_mgr.c: fix typo, LP: #408437
  [ Evan Dandrea ]
  * ecryptfs-setup-swap: support more than one encrypted swap device
  [ Dorin Scutarașu ]
  * src/libecryptfs/key_management.c: fix null pointer deref, LP: #409565
  [ James Westby ]
  * src/libecryptfs/main.c flockfile the filehandle after checking that
    we were able to successfully open it (LP: #403011)
  * debian/libecryptfs0.shlibs: bump shlibs dep to 77 since we added new
    symbols there
  [ Dustin Kirkland ]
  * src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c:
    revert the zombie code removal from pam_ecryptfs as it seems this
    bit is still needed; fix the source of the problem introduced in
    commit r407; check for non-zero return codes; this problem would
    manifest itself as a) unable to unlock screensaver, b) unable to
    switch users, c) unable to mount home folder on initial login;
    LP: #402222, #402029
  * src/utils/ecryptfs-umount-private: use for loop to loop over key
    ids on removal
  * src/utils/mount.ecryptfs_private.c: return non-zero on unmount failure
    due to open sessions; handle this in ecryptfs-umount-private too; make
    the flock() blocking; use /dev/shm for counter; add an iterator to the
    counter file to prevent users from DoS'ing one another from accessing
    their encrypted directories, LP: #402745
  * debian/ecryptfs-utils.postinst: move /tmp counters to /dev/shm
  * configure.ac: link against pam, silence shlib warning
  * src/include/ecryptfs.h, src/libecryptfs/main.c,
    src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/mount.ecryptfs_private.c: move two functions from
    mount.ecryptfs_private to libecryptfs, namely is_mounted() and
    fetch_private_mnt(); use these in both pam_ecryptfs and
    mount.ecryptfs_private; also move PRIVATE to ECRYPTFS_PRIVATE in
    the ecryptfs.h headers; this will allow us to short-circuit some of the
    costly key-loading code on pam_auth if the private dir is already
    mounted, speeding up some subsequent authentications significantly,
    LP: #402748
  * doc/ecryptfs-mount-private.txt: removed the "$" to make copy-n-paste
    more user friendly
  * src/utils/ecryptfs-setup-private: when encrypting home, put the
    .ecryptfs and .Private data in /home/.ecryptfs rather than /var/lib,
    as users are forgetting to backup /var/lib, and are often putting
    /home on a separate partition; furthermore, this gives users a place
    to access their encrypted data for backup, rather than hiding the
    data below $HOME, LP: #371719
  [ Tyler Hicks ]
  * src/libecryptfs/cipher_list.c, src/libecryptfs/module_mgr.c:
    add blowfish/56-bytes to the list of ciphers we officially support,
    LP: #402790
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-swap: switch from vol_id to blkid,
    LP: #376486
  * debian/ecryptfs-utils.postinst, src/utils/ecryptfs-setup-private:
    don't echo mount passphrase if running in bootstrap mode; prune
    potential leakages from install log, LP: #383650
  * SECURITY UPDATE: mount passphrase recorded in install log (LP: #383650).
    - debian/ecryptfs-utils.postinst: prune private information from
      installer log
    - src/utils/ecryptfs-setup-private: don't echo passphrase if running in
      bootstrap mode
    - CVE-2009-1296
  * src/utils/ecryptfs-setup-private: make some of the lanuage more readable,
    (thanks, anrxc)
  * README, configure.ac, debian/control, debian/rules,
    doc/sourceforge_webpage/README, src/libecryptfs-swig/libecryptfs.py,
    src/libecryptfs-swig/libecryptfs_wrap.c,
    src/libecryptfs/key_management.c, src/libecryptfs/libecryptfs.pc.in,
    src/libecryptfs/main.c, src/pam_ecryptfs/Makefile.am,
    src/utils/manager.c, src/utils/mount.ecryptfs.c: move build from gcrypt
    to nss (this change has been pending for some time)
  * src/utils/ecryptfs-dot-private: dropped, was too hacky
  * ecryptfs-mount-private.1, ecryptfs-setup-private.1: align the
    documentation and implementation of the wrapping-independent feature,
    LP: #383746
  * src/utils/ecryptfs-umount-private: use keyctl list @u, since keyctl show
    stopped working, LP: #400484, #395082
  * src/utils/mount.ecryptfs_private.c: fix counter file locking; solves
    a longstanding bug about "random" umount caused by cronjobs, LP: #358573
  [ Michal Hlavinka (edits by Dustin Kirkland) ]
  * doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs.7,
    doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/umount.ecryptfs_private.1: documentation updated to note
    possible ecryptfs group membership requirements; Fix ecrypfs.7 man
    page and key_mod_openssl's error message; fix typo
  * src/libecryptfs/decision_graph.c: put a finite limit (5 tries) on
    interactive input; fix memory leaks when asking questions
  * src/libecryptfs/module_mgr.c: Don't error out with EINVAL when
    verbosity=0 and some options are missing.
  * src/utils/umount.ecryptfs.c: no error for missing key when removing it
  * src/libecryptfs-swig/libecryptfs.i: fix compile werror, cast char*
  * src/utils/ecryptfs_add_passphrase.c: fix/test/use return codes;
    return nonzero for --fnek when not supported but used
  * src/include/ecryptfs.h, src/key_mod/ecryptfs_key_mod_openssl.c,
    src/libecryptfs/module_mgr.c: refuse mounting with too small rsa
    key (key_mod_openssl)
  * src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c: fix return
    codes
  * src/utils/ecryptfs-rewrite-file: polish output
  * src/libecryptfs/key_management.c: inform about full keyring; insert fnek
    sig into keyring if fnek support check fails; don't fail if key already
    exists in keyring
  * src/utils/ecryptfs-setup-private: if the ecryptfs group exists, restrict
    ecryptfs-setup-private to members of this group
  * src/pam_ecryptfs/pam_ecryptfs.c: dynamically load ecryptfs module by
    checking ecryptfs version
  * src/libecryptfs/decision_graph.c, src/utils/io.c,
    src/utils/mount.ecryptfs.c: fix EOF handling, LP: #371587
  * src/desktop/Makefile.am: make desktop files trusted, LP: #371426
  [ Dustin Kirkland and Daniel Baumann ]
  * debian/control, debian/copyright, debian/ecryptfs-utils.dirs,
    debian/ecryptfs-utils.install, debian/ecryptfs-utils.postinst,
    debian/rules, ecryptfs-utils.pam-auth-update: sync Ubuntu's
    packaging with Debian; drop dpatch, drop libssl build dep, clean
    up extraneous debhelper bits, match cflags; remaining diff is only
    ecryptfs-utils.prerm
  [ Arfrever Frehtes Taifersar Arahesis ]
  * key_mod/ecryptfs_key_mod_gpg.c,
    key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    libecryptfs/key_management.c, utils/ecryptfs_unwrap_passphrase.c:
    Fix warnings, initialize a few variables, drop unused ones
  [ David Hicks ]
  * src/lib/key_management.c: fix stray semicolon that prevents .ecryptfsrc
    files from working properly, LP: #372709
  [ Michael Rooney ]
  * src/python/ecryptfsapi.py: added python api
  [ Dustin Kirkland ]
  * debian/rules: drop hackery that moves stuff /usr/share/ecryptfs-utils
  * src/utils/mount.ecryptfs_private.c: update inline documentation
  * debian/changelog, src/libecryptfs/cmd_ln_parser.c,
    src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c,
    src/utils/ecryptfs_add_passphrase.c,
    src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    src/utils/ecryptfs_rewrap_passphrase.c,
    src/utils/ecryptfs_unwrap_passphrase.c,
    src/utils/ecryptfs_wrap_passphrase.c: silence some useless logging,
    LP: #313330
  * include/ecryptfs.h, libecryptfs/key_management.c,
    utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    utils/ecryptfs_unwrap_passphrase.c: if the file to unwrap is
    unspecified, try to use the default ~/.ecryptfs/wrapped-passphrase
    before bailing out, LP: #359997
  * src/utils/ecryptfs-setup-private: unix_chkpwd is not always present
    (eg, gentoo), LP: #332341
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7: ecryptfs_encrypted_view option desription
    was wrong LP: #328761
  [ Michal Hlavinka ]
  * decision_graph.c: fix uninitialized return code
  * mount.ecryptfs.c: don't pass verbosity option to kernel
  [ anrxc & Dustin Kirkland ]
  * doc/Makefile.am, src/desktop/Makefile.am: fix automake installation from
    /usr/share to /usr/share/ecryptfs-utils
  [ Daniel Baumann & Dustin Kirkland ]
  * debian/rules, debian/control: sync differences between Debian & Ubuntu's
    packaging
  [ Arfrever Frehtes Taifersar Arahesis ]
  * src/key_mod/ecryptfs_key_mod_gpg.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c: fix implicit declations
  [ Frédéric Guihéry ]
  * key_mod/ecryptfs_key_mod_tspi.c, utils/ecryptfs_generate_tpm_key.c:
    the SRK password should be set to 20 bytes of NULL (wellknown
    password), in order for different tools to request key protection
    with the Storage Root Key
  [ Michal Hlavinka ]
  * Changes for RH/Fedora release
    - change error codes to be more descriptive
    - decision_graph.h, *: change definition of node return codes to positive
      values
    - mount.ecryptfs.c: insist for yes/no answer for unkown sigs
    - don't print error for removing key from keyring if it succeeded
    - module_mgr.c: insist on yes/no answer
    - use ECRYPTFS_NONEMPTY_VALUE_REQUIRED where reasonable
    - pam_ecryptfs.c: don't try to unwrap key for users not using pam mounting
    - add verbosity to man page
    - decision_graph.* : add ECRYPTFS_NONEMPTY_VALUE_REQUIRED flag for nodes
    - decision_graph.* : add WRONG_VALUE return code to nodes for asking
      question again
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-private: fix bug in grep when running with LANG
    in other locales, LP: #347969
  * doc/manpage/ecryptfs.7: add notes about verbose option
  * src/desktop: add the desktop files to the dist tarball
  * src/utils/ecryptfs-dot-private: sourceable file for accessing your
    encrypted data; useful for conducting backups
  [ Martin Pitt and Dustin Kirkland ]
  Reworked the fixes for LP: #352307, remind user to record their passphrase
  * src/desktop/ecryptfs-record-passphrase: run if
    ~/.ecryptfs/.wrapped-passphrase.recorded does NOT exist; touch that
    file upon successful run of unwrap passphrase
  * debian/patches/00list,
    debian/patches/update-notifier-remind-passphrase.dpatch: dropped, since
    this was moved into PAM

ubuntu/trusty-devel 2016-01-20 15:14:03 UTC 2016-01-20
Import patches-unapplied version 104-0ubuntu1.14.04.4 to ubuntu/trusty-security

Author: Tyler Hicks
Author Date: 2016-01-15 23:48:52 UTC

Import patches-unapplied version 104-0ubuntu1.14.04.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 9f543fdc787855cb02bd1706c0825f83afa55e23

New changelog entries:
  * SECURITY UPDATE: Don't allow mount.ecryptfs_private to be used to mount on
    top of pseudo filesystem such as procfs
    - debian/patches/CVE-2016-1572.patch: Check the filesystem type of the
      mount destination against a whitelist of approved types.
    - CVE-2016-1572
  * debian/patches/CVE-2014-9687.patch: Update patch to return an error when a
    version 1 wrapped passphrase file could not be read.

ubuntu/trusty-updates 2016-01-20 15:14:03 UTC 2016-01-20
Import patches-unapplied version 104-0ubuntu1.14.04.4 to ubuntu/trusty-security

Author: Tyler Hicks
Author Date: 2016-01-15 23:48:52 UTC

Import patches-unapplied version 104-0ubuntu1.14.04.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 9f543fdc787855cb02bd1706c0825f83afa55e23

New changelog entries:
  * SECURITY UPDATE: Don't allow mount.ecryptfs_private to be used to mount on
    top of pseudo filesystem such as procfs
    - debian/patches/CVE-2016-1572.patch: Check the filesystem type of the
      mount destination against a whitelist of approved types.
    - CVE-2016-1572
  * debian/patches/CVE-2014-9687.patch: Update patch to return an error when a
    version 1 wrapped passphrase file could not be read.

ubuntu/trusty-security 2016-01-20 15:14:03 UTC 2016-01-20
Import patches-unapplied version 104-0ubuntu1.14.04.4 to ubuntu/trusty-security

Author: Tyler Hicks
Author Date: 2016-01-15 23:48:52 UTC

Import patches-unapplied version 104-0ubuntu1.14.04.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 9f543fdc787855cb02bd1706c0825f83afa55e23

New changelog entries:
  * SECURITY UPDATE: Don't allow mount.ecryptfs_private to be used to mount on
    top of pseudo filesystem such as procfs
    - debian/patches/CVE-2016-1572.patch: Check the filesystem type of the
      mount destination against a whitelist of approved types.
    - CVE-2016-1572
  * debian/patches/CVE-2014-9687.patch: Update patch to return an error when a
    version 1 wrapped passphrase file could not be read.

ubuntu/precise-security 2016-01-20 15:14:03 UTC 2016-01-20
Import patches-unapplied version 96-0ubuntu3.5 to ubuntu/precise-security

Author: Tyler Hicks
Author Date: 2016-01-15 23:49:10 UTC

Import patches-unapplied version 96-0ubuntu3.5 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 69697d382ff8f75b29c2360320edbf3412c69f4a

New changelog entries:
  * SECURITY UPDATE: Don't allow mount.ecryptfs_private to be used to mount on
    top of pseudo filesystem such as procfs
    - debian/patches/CVE-2016-1572.patch: Check the filesystem type of the
      mount destination against a whitelist of approved types.
    - CVE-2016-1572
  * debian/patches/CVE-2014-9687.patch: Update patch to return an error when a
    version 1 wrapped passphrase file could not be read.

ubuntu/vivid-security 2016-01-20 15:14:03 UTC 2016-01-20
Import patches-unapplied version 107-0ubuntu1.3 to ubuntu/vivid-security

Author: Tyler Hicks
Author Date: 2016-01-15 23:48:42 UTC

Import patches-unapplied version 107-0ubuntu1.3 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: e67b6f32b0790ff788ae613f84cdfbfb09604f4d

New changelog entries:
  * SECURITY UPDATE: Don't allow mount.ecryptfs_private to be used to mount on
    top of pseudo filesystem such as procfs
    - debian/patches/CVE-2016-1572.patch: Check the filesystem type of the
      mount destination against a whitelist of approved types.
    - CVE-2016-1572

ubuntu/vivid-devel 2016-01-20 15:14:03 UTC 2016-01-20
Import patches-unapplied version 107-0ubuntu1.3 to ubuntu/vivid-security

Author: Tyler Hicks
Author Date: 2016-01-15 23:48:42 UTC

Import patches-unapplied version 107-0ubuntu1.3 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: e67b6f32b0790ff788ae613f84cdfbfb09604f4d

New changelog entries:
  * SECURITY UPDATE: Don't allow mount.ecryptfs_private to be used to mount on
    top of pseudo filesystem such as procfs
    - debian/patches/CVE-2016-1572.patch: Check the filesystem type of the
      mount destination against a whitelist of approved types.
    - CVE-2016-1572

ubuntu/precise-devel 2016-01-20 15:14:03 UTC 2016-01-20
Import patches-unapplied version 96-0ubuntu3.5 to ubuntu/precise-security

Author: Tyler Hicks
Author Date: 2016-01-15 23:49:10 UTC

Import patches-unapplied version 96-0ubuntu3.5 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 69697d382ff8f75b29c2360320edbf3412c69f4a

New changelog entries:
  * SECURITY UPDATE: Don't allow mount.ecryptfs_private to be used to mount on
    top of pseudo filesystem such as procfs
    - debian/patches/CVE-2016-1572.patch: Check the filesystem type of the
      mount destination against a whitelist of approved types.
    - CVE-2016-1572
  * debian/patches/CVE-2014-9687.patch: Update patch to return an error when a
    version 1 wrapped passphrase file could not be read.

ubuntu/precise-updates 2016-01-20 15:14:03 UTC 2016-01-20
Import patches-unapplied version 96-0ubuntu3.5 to ubuntu/precise-security

Author: Tyler Hicks
Author Date: 2016-01-15 23:49:10 UTC

Import patches-unapplied version 96-0ubuntu3.5 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 69697d382ff8f75b29c2360320edbf3412c69f4a

New changelog entries:
  * SECURITY UPDATE: Don't allow mount.ecryptfs_private to be used to mount on
    top of pseudo filesystem such as procfs
    - debian/patches/CVE-2016-1572.patch: Check the filesystem type of the
      mount destination against a whitelist of approved types.
    - CVE-2016-1572
  * debian/patches/CVE-2014-9687.patch: Update patch to return an error when a
    version 1 wrapped passphrase file could not be read.

ubuntu/vivid-updates 2016-01-20 15:14:03 UTC 2016-01-20
Import patches-unapplied version 107-0ubuntu1.3 to ubuntu/vivid-security

Author: Tyler Hicks
Author Date: 2016-01-15 23:48:42 UTC

Import patches-unapplied version 107-0ubuntu1.3 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: e67b6f32b0790ff788ae613f84cdfbfb09604f4d

New changelog entries:
  * SECURITY UPDATE: Don't allow mount.ecryptfs_private to be used to mount on
    top of pseudo filesystem such as procfs
    - debian/patches/CVE-2016-1572.patch: Check the filesystem type of the
      mount destination against a whitelist of approved types.
    - CVE-2016-1572

ubuntu/wily 2015-08-06 18:03:21 UTC 2015-08-06
Import patches-unapplied version 108-0ubuntu1 to ubuntu/wily-proposed

Author: Dustin Kirkland 
Author Date: 2015-08-06 17:46:37 UTC

Import patches-unapplied version 108-0ubuntu1 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: dd52703b628dbc7ba718e7d068506782c275f428

New changelog entries:
  [ Martin Pitt ]
  * src/utils/ecryptfs-setup-swap:
    - Add setup-swap-check-links.patch: When commenting out existing swap, also
      consider device symlinks like /dev/mapper/ubuntu--vg-swap_1 or
      /dev/disks/by-uuid/ into account. Fixes broken cryptswap under LVM and
      manual setups. (LP: #1453738)
  * src/utils/ecryptfs-setup-swap, debian/ecryptfs-utils.postinst:
    - On upgrade, uncomment underlying
      unencrypted swap partitions that are referred to by a device link when
      crypttab and fstab have a "cryptswap*" device referring to them.
  * debian/control, debian/libecryptfs0.install,
    debian/libecryptfs0.links, debian/libecryptfs0.shlibs:
    - Rename libecryptfs0 to libecryptfs1 and adjust the packaging. It has
      actually shipped libecryptfs.so.1 since at least trusty. Add
      C/R/P: libecryptfs0 for smoother upgrades, this needs to be kept until
      after 16.04 LTS.
  [ Tyler Hicks ]
  * src/utils/mount.ecryptfs_private.c: Implement proper option parsing to
    restore the -f option when unmounting and display a helpful usage message
    (LP: #1454388)
  * src/utils/mount.ecryptfs_private.c: Add an option, -d, to
    umount.ecryptfs_private to treat the situation where the encrypted private
    session counter is nonzero, after decrementing it, as a non-error
    situation. No error message is printed to stderr and the exit status is 0.
  * src/pam_ecryptfs/pam_ecryptfs.c: Use the new umount.ecryptfs_private '-d'
    option to silence the error message that was printed to stderr when the
    encrypted private session counter is nonzero after being decremented.
    (LP: #1454319)
  * src/utils/ecryptfs-umount-private: Return 1 if umount.ecryptfs_private
    encounters an error. The ecryptfs-umount-private script was previously
    returning 0 even when umount.ecryptfs_private exited upon error.
  * debian/control: Fix 'Please add dh-python package to Build-Depends'
    build warning
  [ Dustin Kirkland ]
  * debian/libecryptfs1.install, debian/libecryptfs1.links,
    debian/libecryptfs1.shlibs:
    - fix ftbfs, add missing files
  * wily
  [ Dustin Kirkland ]
  * scripts/release.sh:
    - a few more release script improvements, build the source
      package for the Ubuntu development distro
  * debian/control:
    - build depend on distro-info, which we use in our release script
  [ Tyler Hicks ]
  * src/libecryptfs/key_management.c:
    - Fix a regression when reading version 1 wrapped passphrase files. A
      return code indicating success was always returned even when an error
      was encountered. The impact is low since the error situation is still
      caught when validating either the wrapping password's signature or the
      wrapped passphrase's signature. Thanks to László Böszörményi for
      catching this mistake.
    - Reject empty passphrases passed into ecryptfs_wrap_passphrase()
  * src/libecryptfs/main.c:
    - Reject empty wrapping passphrases passed into generate_passphrase_sig()
  [ Dustin Kirkland and Martin Pitt ]
  * debian/ecryptfs-utils.postinst: LP: #953875
    - detect and clean up after nonexisting cryptswap devices
  [ Tyler Hicks ]
  * tests/userspace/Makefile.am: Fix the 'make check' failure present in the
    ecryptfs-utils-105 release tarball. The failure was due to the automake
    file not specifying that some data files should be distributed as part
    of the v1-to-v2-wrapped-passphrase test, causing the test to fail due to
    the missing files.
  [ Dustin Kirkland ]
  * scripts/release.sh:
    - ensure that we try a binary build as part of the release process
    - make sure we're in the original working directory when we release
    - remove the -x option, too noisy
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs.7: LP: #1267640
    - fix inconsistency in man page for passphrase_passwd_file format
  * doc/manpage/ecryptfs-setup-private.1, src/utils/ecryptfs-setup-
    private, src/utils/ecryptfs-setup-swap: LP: #1420424
    - use /dev/random rather than /dev/urandom for long lived keys
  * src/utils/ecryptfs-setup-private:
    - use /dev/urandom for our testing, as we read a lot of info
  * src/utils/ecryptfs-setup-swap: LP: #953875, #1086140
    - fix a whitespace bug in a grep, that might cause us to not
      comment out the old swap space in /etc/fstab
    - offset the start of the encrypted swap space by 1KB, which
      ensures that we don't overwrite the UUID label on the header
      of the partition
    - use the aes-xts block cipher, and plain64 initialization vector,
      which are current best practice here
    - fixed a grammar nitpick
  [ Colin King ]
  * src/libecryptfs/key_management.c, src/utils/mount.ecryptfs.c:
    - A couple of minor fixes: Fix a memory leak and handle out of memory
      error, as found by using cppcheck.
  * src/utils/mount.ecryptfs.c
    - fix potential double free on yesno if get_string_stdin exits early
      without allocating a new buffer and we free yesno on the exit clean
      up path.
  * src/libecryptfs/cmd_ln_parser.c
    - remove redundant if / goto statement that does nothing.
  [ Anders Kaseorg ]
  * src/pam_ecryptfs/pam_ecryptfs.c: exit (not return) from forked child on
    error (LP: #1323421)
  [ Tyler Hicks ]
  * Introduce the version 2 wrapped-passphrase file format. It adds the
    ability to combine a randomly generated salt with the wrapping password
    (typically, a user's login password) prior to performing key
    strengthening. The version 2 file format is considered to be a
    intermediate step in strengthening the wrapped-passphrase files of
    existing encrypted home/private users. Support for reading/writing version
    2 wrapped-passphrase files and transparent migration, through
    pam_ecryptfs, from version 1 to version 2 files is considered safe enough
    to backport to stable distro releases. The libecryptfs ABI around
    wrapped-passphrase file handling is not broken.
    - CVE-2014-9687
  * Run wrap-unwrap.sh test as part of the make check target.
  * Add a new test, called v1-to-v2-wrapped-passphrase.sh, which is suitable
    for the make check target and verifies v1 to v2 wrapped-passphrase file
    migration.
  * Create a temporary file when creating a new wrapped-passphrase file and
    copy it to its final destination after the file has been fully synced to
    disk (LP: #1020902)
  [ Colin King ]
  * src/libecryptfs/ecryptfs-stat.c, tests/kernel/extend-file-
    random/test.c, tests/kernel/inode-race-stat/test.c,
    tests/kernel/trunc-file/test.c:
    - Fixed some 32 bit build warnings
  * src/libecryptfs/decision_graph.c, src/libecryptfs/key_management.c,
    src/libecryptfs/main.c, src/libecryptfs/module_mgr.c, src/utils/io.c,
    src/utils/mount.ecryptfs_private.c, tests/kernel/inotify/test.c,
    tests/kernel/trunc-file/test.c, tests/userspace/wrap-unwrap/test.c:
    - Fixed a pile of minor bugs (memory leaks, unclosed file descriptors,
      etc.) mostly in error paths
  * src/key_mod/ecryptfs_key_mod_passphrase.c, src/libecryptfs/main.c,
    src/pam_ecryptfs/pam_ecryptfs.c:
    - more Coverity fixes, memory leak, error checking, etc.
  [ Nobuto MURATA ]
  * fix an empty update-notifier window (LP: #1107650)
    - changes made in Rev.758 was incomplete
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7:
    - adjust man page text to avoid confusion about whether the interactive
      mount helper takes a capital 'N' for the answer to y/n questions
      (LP: #1130460)
  * src/utils/ecryptfs_rewrap_passphrase.c:
    - Handle errors when interactively reading the new wrapping passphrase
      and the confirmation from stdin. Fixes a segfault (invalid memory read)
      in ecryptfs-rewrap-passphrase if there was an error while reading either
      of these passphrases.
  * configure.ac:
    - Set AM_CPPFLAGS to always include config.h as the first include file.
      Some .c files correctly included config.h before anything else. The
      majority of .c files got this wrong by including it after other header
      files, including it multiple times, or not including it at all.
      Including it in the AM_CPPFLAGS should solve these problems and keep
      future mistakes from happening in new source files.
    - Enable large file support (LFS) through the use of the AC_SYS_LARGEFILE
      autoconf macro. ecryptfs-utils has been well tested with LFS enabled
      because ecryptfs-utils is being built with
      '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' in Debian-based distros.
      This is mainly needed for some of the in-tree regression tests but
      ecryptfs-utils, in general, should be built with LFS enabled.
  * debian/rules:
    - Don't append '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' to the CFLAGS
      now that the upstream build enables LFS
  * tests/userspace/lfs.sh, tests/userspace/lfs/test.c:
    - Add a test to verify that LFS is enabled. This test is run under the
      make check target.
  * tests/kernel/enospc/test.c:
    - Fix test failures on 32 bit architectures due to large file sizes
      overflowing data types
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-swap: LP: #1172014
    - write crypttab entry using UUID
  * src/utils/ecryptfs-recover-private: LP: #1028532
    - error out, if we fail to mount the private data correctly
  [ Colin King and Dustin Kirkland ]
  * configure.ac, src/daemon/main.c, src/libecryptfs/cmd_ln_parser.c,
    src/libecryptfs/decision_graph.c, src/utils/mount.ecryptfs.c,
    tests/kernel/trunc-file/test.c:
    - remove some dead code, fix some minor issues raised by Coverity
  [ Tyler Hicks ]
  * debian/rules:
    - Use dpkg-buildflags to inject distro compiler hardening flags into the
      build. This also fixes the hardening-no-fortify-functions lintian
      warnings.
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
    doc/manpage/ecryptfs-find.1, doc/manpage/ecryptfs-generate-tpm-
    key.1, doc/manpage/ecryptfs-insert-wrapped-passphrase-into-
    keyring.1, doc/manpage/ecryptfs-manager.8, doc/manpage/ecryptfs-
    migrate-home.8, doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
    passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
    swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
    private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
    doc/manpage/ecryptfs-verify.1, doc/manpage/ecryptfs-wrap-
    passphrase.1, doc/manpage/Makefile.am, doc/manpage/mount.ecryptfs.8,
    doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
    doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1, src/desktop/ecryptfs-find =>
    src/utils/ecryptfs-find, src/desktop/Makefile.am,
    src/utils/Makefile.am:
    - add 3 new manpages, for ecryptfs-find, ecryptfs-verify, and
      ecryptfs-migrate-home
    - Add SEE ALSO section to manpages which were missing it
    - Mention "Debian and Ubuntu" in license location
    - move the ecryptfs-find utility to the proper location in src/utils
  * src/utils/Makefile.am:
    - fix broken build
  * debian/ecryptfs-utils.links:
    - link no longer needed for ecryptfs-find
  [ Colin King ]
  * === added directory tests/kernel/mmap-bmap, === added directory
    tests/kernel/xattr, tests/kernel/link.sh, tests/kernel/Makefile.am,
    tests/kernel/mknod.sh, tests/kernel/mmap-bmap.sh, tests/kernel/mmap-
    bmap/test.c, tests/kernel/tests.rc, tests/kernel/xattr.sh,
    tests/kernel/xattr/test.c:
    - ran the current eCryptfs tests on 3.8-rc4 with kernel gcov enabled
      and spotted a few trivial areas where it would be useful to up the
      test coverage on the code
    - so here are a few very simple additional tests to exercise eCryptfs
      a little further
  [ Dustin Kirkland ]
  * debian/control:
    - bump standards, no change
  [ Tyler Hicks ]
  * autogen.sh, scripts/release.sh, Makefile.am:
    - Break out the autoreconf and intltoolize commands from release.sh into
      an executable autogen.sh
    - Use the --copy option when invoking intltoolize
    - Include the new autogen.sh script in the release tarball
  * debian/rules, debian/control:
    - Use dh-autoreconf so that upstream sources can easily be used to build
      packages for all the stable Ubuntu releases in the ecryptfs-utils daily
      build PPA
    - Override the dh_autoreconf target by running the autogen.sh script
    - Drop Build-Depends on autotools-dev since dh-autoreconf is a superset of
      autotools-dev
    - Drop Build-Depends on autoconf, automake, and libtool since
      dh-autoreconf depends on all of these packages
  * m4/ac_python_devel.m4:
    - Fix FTBFS in Raring Ringtail due to multiarch Python. Be sure to include
      platform specific Python include directions in SWIG_PYTHON_CPPFLAGS.
  * src/utils/mount.ecryptfs_private.c:
    - Fix conditionals when checking whether to remove authentication tokens
      from the kernel keyring upon umount. This conditional was incorrectly
      modified in ecryptfs-utils-101, yet the authentication tokens still seem
      to be removed from the kernel keyring so it isn't clear if there was
      actually a user-facing regression.
    - Pass the FEKEK sig, rather than the FNEK sig, to
      ecryptfs_private_is_mounted()
    - Restore behavior of not printing error messages to syslog when
      unmounting and keys cannot be found in the kernel keyring.
    - Restore behavior of printing a useful error message about
      ecryptfs-mount-private when mounting and keys cannot be found in the
      kernel keyring
    - Fix memory leak and clean up free()'s in an error path
    - Use pointer assignment tests, rather than strlen(), to determine which
      key signatures were fetched
  * src/daemon/main.c, src/include/ecryptfs.h,
    src/libecryptfs/{Makefile.am,messaging.c,miscdev.c,netlink.c,sysfs.c},
    doc/manpage/ecryptfsd.8, doc/design_doc/ecryptfs_design_doc_v0_2.tex:
    - Remove netlink messaging interface support
    - Netlink messaging support was superceded by the miscdev interface
      (/dev/ecryptfs) in upstream kernel version 2.6.26 in July, 2008
    - Netlink messaging support was completely removed from the upstream
      kernel starting with version 2.6.32 in December, 2009
  * src/jprobes/*, scripts/delete-cruft.sh:
    - Remove all jprobes code, as I don't use jprobes to debug eCryptfs kernel
      issues and I don't like the idea of maintaining these jprobes outside of
      the kernel tree
  * src/escrow/*:
    - Remove all escrow code, as it isn't used or maintained
  * tests/kernel/llseek.sh, tests/kernel/llseek/test.c,
    tests/userspace/wrap-unwrap.sh, tests/userspace/wrap-unwrap/test.c:
    - Migrate some old testcases over to the modern test framework
  * tests/lib/etl_funcs.sh:
    - Update etl_create_test_dir() to allow a parent directory to be specified
      when creating the directory
  * src/testcases:
    - Delete old testcases that were either too basic, covered by more
      extensive tests in the modern test framework, or just didn't work
  [ Nobuto MURATA ]
  * src/desktop/ecryptfs-record-passphrase:
  [ Eric Lammerts ]
  * src/libecryptfs/sysfs.c: LP: #1007880
    - Handle NULL mnt pointer when sysfs is not mounted
  [ Tyler Hicks ]
  * src/utils/ecryptfs-migrate-home: LP: #1026180
    - Correct minor misspelling
  * src/utils/ecryptfs-recover-private: LP: #1004082
    - Fix option parsing when --rw is specified
  * src/utils/ecryptfs-recover-private: LP: #1028923
    - Simplify success message to prevent incorrectly reporting that a
      read-only mount was performed when the --rw option is specified
  * tests/lib/etl_func.sh:
    - Add test library function to return a lower path from an upper path,
      based on inode numbers
  * tests/kernel/mmap-close.sh, tests/kernel/mmap-close/test.c:
    - Add regression test for open->mmap()->close()->dirty memory->munmap()
      pattern
  * tests/kernel/lp-561129.sh:
    - Add test for checking that a pre-existing target inode is properly
      evicted after a rename
  * tests/README:
    - Add documentation on the steps to take when adding new test cases
  [ Colin King ]
  * tests/kernel/lp-911507.sh:
    - Add test case for initializing empty lower files during open()
  * tests/kernel/lp-872905.sh:
    - Add test case to check for proper unlinking of lower files when
      lower file initialization fails
  * src/key_mod/ecryptfs_key_mod_openssl.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    src/libecryptfs/key_management.c,
    src/utils/mount.ecryptfs_private.c, src/utils/umount.ecryptfs.c:
    - address some issues raised by smatch static analysis
    - fix some memory leaks with frees
    - fix some pointer refs and derefs
    - fix some comment typos
  [ Dustin Kirkland ]
  * src/libecryptfs/key_management.c:
    - silence pam error message when errno == EACCES
      + "Error attempting to parse .ecryptfsrc file; rc = [-13]"
  * src/utils/mount.ecryptfs_private.c: LP: #1052038
    - fix race condition, which typically manifests itself with a user
      saying that their home directory is not accessible, or that their
      filenames are not decrypted
    - the root of the problem is that we were reading the signature file,
      ~/.ecryptfs/Private.sig, twice; in some cases, the first one succeeds,
      so the file encryption signature is read and key is loaded, but then
      some other process (usually from PAM, perhaps a cron job or a
      subsequent login) mounts the home directory before the filename
      encryption key is loaded; thus, $HOME is mounted but filenames are
      not decrypted, so the second read of ~/.ecryptfs/Private.sig fails
      as that file is not found
    - the solution is to rework the internal fetch_sig() function and read
      one or both signatures within a single open/read/close operation of
      the file
    - free memory used by char **sig on failure
  * debian/copyright:
    - fix lintian warning
  [ Tyler Hicks ]
  * src/pam_ecryptfs/pam_ecryptfs.c, src/libecryptfs/key_management.c:
      LP: #1024476
    - fix regression introduced in ecryptfs-utils-99 when Encrypted
      Home/Private is in use and the eCryptfs kernel code is compiled as a
      module
    - drop check for kernel filename encryption support in pam_ecryptfs, as
      appropriate privileges to load the eCryptfs kernel module may not be
      available and filename encryption has been supported since 2.6.29
    - always add filename encryption key to the kernel keyring from pam_mount
  [ Colin King ]
  * tests/kernel/inode-race-stat/test.c:
    - limit number of forks based on fd limits
  * tests/kernel/enospc.sh, tests/kernel/enospc/test.c,
    tests/kernel/Makefile.am, tests/kernel/tests.rc:
    - add test case for ENOSPC
  [ Tim Harder ]
  * m4/ac_python_devel.m4: LP: #1029217
    - proplery save and restore CPPFLAGS and LIBS when python support is
      enabled
  [ Dustin Kirkland ]
  * debian/ecryptfs-utils.postinst: LP: #936093
    - ensure desktop file is executable
  [ Wesley Wiedenmeier ]
  * src/utils/mount.ecryptfs.c: LP: #329264
    - remove old hack, that worked around a temporary kernel regression;
      ensure that all mount memory is mlocked
  [ Sebastian Krahmer ]
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #732614
    - drop group privileges in the same places that user privileges are
      dropped
    - check return status of setresuid() calls and return if they fail
    - drop privileges before checking for the existence of
      ~/.ecryptfs/auto-mount to prevent possible file existence leakage
      by a symlink to a path that typically would not be searchable by
      the user
    - drop privileges before reading salt from the rc file to prevent the
      leakage of root's salt and, more importantly, using the incorrect salt
    - discovered, independently, by Vasiliy Kulikov and Sebastian Krahmer
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #1020904
    - after dropping privileges, clear the environment before executing the
      private eCryptfs mount helper
    - discovered by Sebastian Krahmer
  * src/utils/mount.ecryptfs_private.c: LP: #1020904
    - do not allow private eCryptfs mount aliases to contain ".." characters
      as a preventative measure against a crafted file path being used as an
      alias
    - force the MS_NOSUID mount flag to protect against user controlled lower
      filesystems, such as an auto mounted USB drive, that may contain a
      setuid-root binary
      + CVE-2012-3409
    - force the MS_NODEV mount flag
    - after dropping privileges, clear the environment before executing umount
    - discovered by Sebastian Krahmer
  [ Tyler Hicks ]
  * src/libecryptfs/key_management.c: LP: #732614
    - zero statically declared buffers to prevent the leakage of stack
      contents in the case of a short file read
    - discovered by Vasiliy Kulikov
  * src/libecryptfs/module_mgr.c, src/pam_ecryptfs/pam_ecryptfs.c:
    - fix compiler warnings
  [ Dustin Kirkland ]
  * debian/ecryptfs-utils.prerm:
    - drop the pre-removal ERRORs down to WARNINGs
    - these have caused a ton of trouble; whatever is causing ecryptfs-utils
      to be marked for removal should be fixed; but ecryptfs exiting 1 seems
      to be causing more trouble than it's worth
    - LP: #871021, #812270, #988960, #990630, #995381, #1010961
  * doc/ecryptfs-faq.html:
    - update the frequently asked questions, which haven't seen much
      attention in a while now
    - drop a few references to sourceforge
  * doc/ecryptfs-pam-doc.txt, doc/manpage/fr/ecryptfs-add-passphrase.1,
    doc/manpage/fr/ecryptfs-generate-tpm-key.1, doc/manpage/fr/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-
    mount-private.1, doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
    doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
    umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
    doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
    zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
    doc/sourceforge_webpage/ecryptfs-article.pdf,
    doc/sourceforge_webpage/ecryptfs_design_doc_v0_1.pdf,
    doc/sourceforge_webpage/ecryptfs-faq.html,
    doc/sourceforge_webpage/ecryptfs-key-diagram-356.png,
    doc/sourceforge_webpage/ecryptfs-key-diagram-640.png,
    doc/sourceforge_webpage/ecryptfs-pageuptodate-call-graph.png,
    doc/sourceforge_webpage/ecryptfs-pam-doc.txt,
    doc/sourceforge_webpage/ecryptfs.pdf,
    doc/sourceforge_webpage/index.html, doc/sourceforge_webpage/README,
    === removed directory doc/manpage/fr, === removed directory
    doc/sourceforge_webpage, rpm/ecryptfs-utils.spec:
    - remove some deprecated documentation
    - fish it out of bzr, if we ever need it again, but let's
      quit publishing it in our release tarballs
  [ Kees Cook ]
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #938326
    - exit, rather than return to prevent duplicate processes
  [ Andreas Raster ]
  * src/desktop/ecryptfs-find:
    - $mounts was quoted once too often
  [ George Wilson ]
  * src/key_mod/ecryptfs_key_mod_openssl.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    src/key_mod/ecryptfs_key_mod_tspi.c: LP: #937331
    - IBM would like to grant a license exception for key modules that
      require linking to OpenSSL. The change should make the modules
      shippable by Linux distributions
  [ Dustin Kirkland ]
  * debian/copyright:
    - note the GPLv2 SSL exception granted by IBM for the key modules
  * debian/control, debian/copyright, doc/manpage/ecryptfs.7,
    doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
    doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
    manager.8, doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
    passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
    swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
    private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
    doc/manpage/ecryptfs-wrap-passphrase.1,
    doc/manpage/mount.ecryptfs.8, doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/pam_ecryptfs.8, doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1, README,
    src/utils/mount.ecryptfs.c:
    - use the new ecryptfs.org website where appropriate
  * debian/control:
    - update to suggest zescrow-client
  [ Sergio Peña ]
  * src/libecryptfs/cipher_list.c: LP: #922821
    - add the new name of the blowfish cipher (linux >= 3.2)
  * src/include/ecryptfs.h, src/libecryptfs/main.c,
    src/utils/mount.ecryptfs.c: LP: #917509
    - use execl() to mount ecryptfs
    - this allows us to support any arbitrary mount options in
      /etc/fstab
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7:
    - Remove the note saying that the passphrase and openssl key modules are
      available by default. That's true upstream but not always true in distro
      builds.
  * tests/run_tests.sh:
    - Make upper and lower mount point arguments optional by automatically
      creating directories in /tmp by default.
    - Make it possible to run only userspace tests without having to specify
      unused mount information
    - Accept a comma-separated list of lower filesystems to test on and loop
      through all kernel tests for each lower filesystem
    - Accept a comma-separated list of tests to run
  * tests/lib/etl_funcs.sh:
    - Unset $ETL_DISK just before etl_remove_disk() successfully returns
  * tests/userspace/Makefile.am:
    - Also build 'make check' tests when building with --enable-tests
  * include/ecryptfs.h, libecryptfs/Makefile.am,
    libecryptfs/cipher_list.c, libecryptfs/module_mgr.c,
    utils/io.h: LP: #994813
    - remove overly complicated implementation to detect what ciphers
      are supported by the currently running kernel's crypto api
    - prompt for the entire supported cipher list, if the user selects a
      cipher that their kernel doesn't support, the mount will fail
      and the kernel will write an error message to the syslog
  * src/libecryptfs/module_mgr.c:
    - Use correct blowfish block size when displaying supported ciphers to
      the user
  * tests/kernel/lp-1009207.sh, tests/kernel/Makefile.am,
    tests/kernel/tests.rc:
    - Add simple test case for incorrect handling of umask and default POSIX
      ACL masks
  * tests/kernel/lp-994247.sh, tests/kernel/lp-994247/test.c,
    tests/kernel/Makefile.am, tests/kernel/tests.rc:
    - Add test case for incorrect handling of open /dev/ecryptfs file
      descriptors that are passed or inherited by other processes
  [ Colin King ]
  * tests/lib/etl_funcs.sh:
    - etl_lumount() should use DST rather than SRC dir so it can run on Lucid
    - use file system appropriate mkfs force flag
    - cater for correct ext2 default mount flags
  * tests/kernel/lp-509180.sh, tests/kernel/lp-509180/test.c:
    - test for trailing garbage at end of files
  * tests/kernel/lp-524919.sh, tests/kernel/lp-524919/test.c:
    - test case for checking lstat/readlink size
  * tests/kernel/lp-870326.sh, tests/kernel/lp-870326/test.c:
    - test case for open(), mmap(), close(), modify mmap'd region
  * tests/kernel/lp-469664.sh:
    - test case for lsattr
  * tests/kernel/lp-613873.sh:
    - test case for stat modify time
  * tests/kernel/lp-745836.sh:
    - test case for clearing ECRYPTFS_NEW_FILE flag during truncate
  * tests/lib/etl_funcs.sh, tests/kernel/extend-file-random.sh,
    tests/kernel/trunc-file.sh (LP: #1007159):
    - Add test library function for estimating available space in lower fs
    - Use new library function in tests that need to create large files
  [ Colin Watson ]
  * src/utils/ecryptfs-setup-swap: Skip /dev/zram* swap devices
    LP: #979350
  [ Serge Hallyn ]
  * src/utils/mount.ecryptfs_private.c:
    - EoL fixes
  [ Dustin Kirkland ]
  * CONTRIBUTING:
    - added a new file to describe how to contribute to ecryptfs
  * === added directory img/old, img/old/ecryptfs_14.png,
    img/old/ecryptfs_192.png, img/old/ecryptfs_64.png:
    - saving the old logos/branding for posterity
  * debian/copyright, img/COPYING:
    - added CC-by-SA 3.0 license
    - use the text version
  * img/ecryptfs_14.png, img/ecryptfs_192.png, img/ecryptfs_64.png:
    - added scaled copies of images used for Launchpad.net branding
  * src/utils/ecryptfs-recover-private: LP: #847505
    - add an option to allow user to enter the mount passphrase,
      in case they've recorded that, but forgotten their login
      passphrase
  * src/libecryptfs/sysfs.c: LP: #802197
    - default sysfs to /sys, if not found in /etc/mtab
    - it seems that reading /etc/mtab for this is outdated
    - ensure that ecryptfs works even if there is no sysfs entry
      in /etc/mtab
  * src/key_mod/ecryptfs_key_mod_tspi.c: LP: #462225
    - fix TPM and string_to_uuid 64bits issue
    - thanks to Janos for the patch
  [ Tyler Hicks ]
  * CONTRIBUTING:
    - clarified how to contribute to the ecryptfs kernel module
  * tests/lib/etl_funcs.sh:
    - created eCryptfs test library of bash functions for use in test
      cases and test harnesses
  * test/etl_add_passphrase_key_to_keyring.c:
    - created a C helper program to allow bash scripts to interface to
      the libecryptfs function that adds passphrase-based keys to the
      kernel keyring
  * tests/kernel/tests.rc, tests/userspace/tests.rc:
    - created a test case category files for test harnesses to source
      when running testcases of a certain category (destructive, safe,
      etc.)
  * tests/run_tests.sh:
    - created a test harness to run eCryptfs test cases
  * tests/kernel/miscdev-bad-count.sh,
    tests/kernel/miscdev-bad-count/test.c:
    - created test case for miscdev issue reported to mailing list
  * tests/kernel/lp-885744.sh:
    - created test case for pathconf bug
  * tests/kernel/lp-926292.sh:
    - created test case for checking stale inode attrs after setxattr
  * tests/new.sh:
    - created new test case template to copy from
  * tests/userspace/verify-passphrase-sig.sh,
    tests/userspace/verify-passphrase-sig/test.c:
    - created test case, for make check, to test the creation of
      passphrase-based fekeks and signatures
  * configure.ac, Makefile.am, tests/Makefile.am, tests/lib/Makefile.am,
    tests/kernel/Makefile.am, tests/userspace/Makefile.am:
    - updated and created autoconf/automake files to build the new tests
      directory
    - added make check target
  [ Eddie Garcia ]
  * img/*: LP: #907131
    - contributing a new set of logos and branding under the CC-by-SA3.0
      license
  [ Colin King ]
  * tests/kernel/extend-file-random.sh,
    tests/kernel/extend-file-random/test.c:
    - Test to randomly extend file size, read/write + unlink
  * tests/kernel/trunc-file.sh, tests/kernel/trunc-file/test.c:
    - Test to exercise file truncation
  * tests/kernel/directory-concurrent.sh,
    tests/kernel/directory-concurrent/test.c:
    - test for directory creation/deletion races with multiple processes
  * tests/kernel/file-concurrent.sh,
    tests/kernel/file-concurrent/test.c:
    - test for file creation/truncation/unlink races with multiple
      processes
  * tests/kernel/inotify.sh, tests/kernel/inotify/test.c:
    - test for proper inotify support
  * tests/kernel/mmap-dir.sh, tests/kernel/mmap-dir/test.c:
    - test that directory files cannot be mmap'ed
  * tests/kernel/read-dir.sh, tests/kernel/read-dir/test.c:
    - test that read() on directory files returns the right error
  * tests/kernel/setattr-flush-dirty.sh:
    - test that the modified timestamp isn't clobbered in writeback
  * tests/kernel/inode-race-stat.sh, tests/kernel/inode-race-stat/test.c:
    - test for inode initialization race condition
  [ Serge Hallyn ]
  * fix infinite loop on arm: fgetc returns an int, and -1 at end of
    options. Arm makes char unsigned. (LP: #884407)
  [ Dustin Kirkland ]
  * debian/compat, debian/control, debian/ecryptfs-utils.install,
    debian/ecryptfs-utils.lintian-overrides,
    debian/libecryptfs0.install, debian/libecryptfs-dev.install,
    debian/lintian/ecryptfs-utils, debian/python-ecryptfs.install,
    debian/rules, debian/source/options, doc/ecryptfs-pam-doc.txt,
    doc/manpage/ecryptfs-setup-private.1, lintian/ecryptfs-utils, ===
    removed directory debian/lintian:
    - merge a bunch of packaging changes from Debian's Daniel Baumann
    - fixes LP: #800647
  * scripts/release.sh:
    - minor release fixes
  [ Dustin Kirkland ]
  * scripts/release.sh:
    - fix release script
    - bump ubuntu release
  * doc/manpage/ecryptfs-recover-private.1, src/utils/ecryptfs-migrate-
    home (properties changed: -x to +x), src/utils/ecryptfs-recover-
    private:
    - add a --rw option for ecryptfs-recover-private
  * src/utils/ecryptfs-migrate-home: LP: #820416
    - show progress on rsync
  * debian/ecryptfs-utils.ecryptfs-utils-restore.upstart,
    debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
    src/utils/ecryptfs-migrate-home,
    src/utils/ecryptfs-setup-private: LP: #883238
    - remove 2 upstart scripts, which attempted to "save" users who didn't
      login after migrating their home; instead, we now require the root
      user to enter user passwords at migration time
  * debian/copyright, debian/ecryptfs-utils.ecryptfs-utils-
    restore.upstart, debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
    doc/manpage/ecryptfs.7, doc/manpage/ecryptfs-add-passphrase.1,
    doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
    mount-private.1, doc/manpage/ecryptfs-recover-private.1,
    doc/manpage/ecryptfs-rewrap-passphrase.1, doc/manpage/ecryptfs-
    rewrite-file.1, doc/manpage/ecryptfs-setup-private.1,
    doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
    doc/manpage/ecryptfs-umount-private.1, doc/manpage/ecryptfs-unwrap-
    passphrase.1, doc/manpage/ecryptfs-wrap-passphrase.1,
    doc/manpage/fr/ecryptfs-add-passphrase.1, doc/manpage/fr/ecryptfs-
    generate-tpm-key.1, doc/manpage/fr/ecryptfs-insert-wrapped-
    passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-mount-private.1,
    doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
    doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
    umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
    doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
    zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
    doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
    doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1,
    src/pam_ecryptfs/pam_ecryptfs.c,
    src/utils/ecryptfs_add_passphrase.c,
    src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    src/utils/ecryptfs-migrate-home, src/utils/ecryptfs-mount-private,
    src/utils/ecryptfs-recover-private,
    src/utils/ecryptfs_rewrap_passphrase.c, src/utils/ecryptfs-rewrite-
    file, src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-
    swap, src/utils/ecryptfs-umount-private,
    src/utils/ecryptfs_unwrap_passphrase.c,
    src/utils/ecryptfs_wrap_passphrase.c:
    - update some email addresses, moving kirkland@canonical.com ->
      kirkland@ubuntu.com (which I can still read)
  * src/libecryptfs/key_management.c: LP: #715066
    - fix 2 places where we were handling
      ecryptfs_add_passphrase_key_to_keyring() inconsistently
    - if we're trying to add a key to the keyring, and it's already there,
      treat that as "success"
  * debian/control:
    - ecryptfs-setup-swap is strongly recommended, which depends on
      cryptsetup; so promote cryptsetup from suggests -> recommends
  [ Stephan Ritscher and Tyler Hicks ]
  * src/libecryptfs/cmd_ln_parser.c: LP: #683535
    - fix passphrase_passwd_fd for pipes
    - handle memory allocation failures
    - free memory in error paths
  [ Arfrever Frehtes Taifersar Arahesis ]
  * configure.ac: LP: #893327
    - no need to check for python, if --disable-pywrap is passed
  * src/utils/ecryptfs-verify, src/utils/Makefile.am:
    - add an ecryptfs-verify utility, LP: #845738
  * src/testcases/write-read.sh:
    - added a write/read test utility
  * doc/manpage/ecryptfs-mount-private.1, doc/manpage/ecryptfs-setup-
    private.1, doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/umount.ecryptfs_private.1: LP: #882267
    - remove inaccurate documentation about being a member of the ecryptfs
      group
  * src/utils/ecryptfs-setup-private: LP: #882314
    - fix preseeded encrypted home Ubuntu installations (thanks Timo!)
  * src/libecryptfs/key_management.c: LP: #725862
    - fix nasty bug affecting users who do *not* encrypt filenames;
      the first login works, but on logout, only one key gets
      cleaned out; subsequent logins do not insert the necessary key
      due to an early "goto out"; this fix needs to be SRU'd
  * debian/rules: LP: #586281
    - fix perms on desktop mount file
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #838471
    - rework syslogging to be less noisy and note pam_ecryptfs
  [ Diego E. "Flameeyes" Pettenò ]
  * configure.ac:
    - fix reliance on nss-config, which hinders cross-compilation
  [ Marc Deslauriers ]
  * src/utils/mount.ecryptfs_private.c:
  * SECURITY UPDATE: wrong mtab ownership and permissions (LP: #830850)
    - debian/patches/CVE-2011-3145.patch: also set gid and umask before
      updating mtab in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-3145
  [ Marc Deslauriers ]
  * SECURITY UPDATE: privilege escalation via mountpoint race conditions
    (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
      before checking permissions in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1831
    - CVE-2011-1832
  * SECURITY UPDATE: race condition when checking source during mount
    (LP: #732628)
    - debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
      kernel option when mounting directory in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1833
  * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
      file first and make sure it succeeds before replacing the real mtab
      in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1834
  * SECURITY UPDATE: key poisoning via insecure temp directory handling
    (LP: #732628)
    - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
      user controlled directory in src/utils/ecryptfs-setup-private.
    - CVE-2011-1835
  * SECURITY UPDATE: information disclosure via recovery mount in /tmp
    (LP: #732628)
    - debian/patches/CVE-2011-1836.patch: mount inside protected
      subdirectory in src/utils/ecryptfs-recover-private.
    - CVE-2011-1836
  * SECURITY UPDATE: arbitrary file overwrite via lock counter race
    condition (LP: #732628)
    - debian/patches/CVE-2011-1837.patch: verify permissions with a file
      descriptor, and don't follow symlinks in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1837
  [ Dustin Kirkland ]
  * debian/control:
    - add missing build dependency needed for release
  * doc/manpage/ecryptfs-wrap-passphrase.1: fix minor error in manpage
  * src/desktop/ecryptfs-find, src/desktop/Makefile.am: LP: #799157
    - add a tool, /usr/share/ecryptfs-utils/ecryptfs-find that can
      help find cleartext/encrypted filenames by inode number
  * src/desktop/ecryptfs-find:
    - test file exists first; ditch the match;
      search all ecryptfs mounts that user can read/traverse
  * debian/ecryptfs-utils.links:
    - add a symlink for Ubuntu
  * scripts/release.sh:
    - improve release script
  [ Serge Hallyn ]
  * Fix from Christophe Dumez: mount.ecryptfs_private: Do not attempt to
    update mtab if it is a symbolic link. (LP: #789888)
  * src/utils/mount.ecryptfs_private.c:
    - reduce the window size for the TOCTOU race;
      does not entirely solve LP: #732628, which is going to need to be
      fixed in the kernel with some heavy locking
  * debian/control: update urls
  * src/utils/ecryptfs-mount-private: LP: #725862
    - fix ecryptfs-mount-private to insert only the fek, if filename
      encryption is disabled
  [ Paolo Bonzini <pbonzini@redhat.com> ]
  * src/utils/ecryptfs-setup-private: update the Private.* selinux
    contexts
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-private:
    - add -p to mkdir, address noise for a non-error
    - must insert keys during testing phase, since we remove keys on
      unmount now, LP: #725862
  * src/utils/ecryptfs_rewrap_passphrase.c: confirm passphrases in
    interactive mode, LP: #667331
  [ Jakob Unterwurzacher ]
  * src/pam_ecryptfs/pam_ecryptfs.c:
    - check if this file exists and ask the user for the wrapping passphrase
      if it does
    - eliminate both ecryptfs_pam_wrapping_independent_set() and
      ecryptfs_pam_automount_set() and replace with a reusable
      file_exists_dotecryptfs() function
  [ Serge Hallyn and Dustin Kirkland ]
  * src/utils/mount.ecryptfs_private.c:
    - support multiple, user configurable private directories by way of
      a command line "alias" argument
    - this "alias" references a configuration file by the name of:
      $HOME/.ecryptfs/alias.conf, which is in an fstab(5) format,
      as well as $HOME/.ecryptfs/alias.sig, in the same format as
      Private.sig
    - if no argument specified, the utility operates in legacy mode,
      defaulting to "Private"
    - rename variables, s/dev/src/ and s/mnt/dest/
    - add a read_config() function
    - add an alias char* to replace the #defined ECRYPTFS_PRIVATE_DIR
    - this is half of the fix to LP: #615657
  * doc/manpage/mount.ecryptfs_private.1: document these changes
  * src/libecryptfs/main.c, src/utils/mount.ecryptfs_private.c:
    - allow umount.ecryptfs_private to succeed when the key is no
      longer in user keyring.
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-recover-private: clean sigs of invalid characters
  * src/utils/mount.ecryptfs_private.c:
    - fix bug LP: #313812, clear used keys on unmount
    - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from
      umount.ecryptfs behave similarly
    - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek
  [ presgas@gmail.com ]
  * src/utils/ecryptfs-migrate-home:
    - support user databases outside of /etc/passwd, LP: #627506
  * src/desktop/ecryptfs-record-passphrase: fix typo, LP: #524139
  * debian/rules, debian/control:
    - disable the gpg key module, as it's not yet functional
    - clean up unneeded build-deps
    - also, not using opencryptoki either
  * doc/manpage/ecryptfs.7: fix minor documentation bug, reported by
    email by Jon 'maddog' Hall
  * doc/manpage/ecryptfs-recover-private.1, doc/manpage/Makefile.am,
    po/POTFILES.in, src/utils/ecryptfs-recover-private,
    src/utils/Makefile.am: add a utility to simplify data recovery
    of an encrypted private directory from a Live ISO, LP: #689969
  [ David Planella ]
  * Makefile.am, configure.ac, debian/control, debian/po/POTFILES.sh,
    debian/po/ecryptfs-utils.pot, debian/po/fr.po, debian/rules,
    po/POTFILES.in, src/desktop/Makefile.am,
    src/desktop/ecryptfs-mount-private.desktop,
    src/desktop/ecryptfs-mount-private.desktop.in,
    src/desktop/ecryptfs-record-passphrase,
    src/desktop/ecryptfs-setup-private.desktop,
    src/desktop/ecryptfs-setup-private.desktop.in:
    - internationalization work for LP: #358283
  * po/LINGUAS, po/ca.po: Catalan translation
  [ Yan Li <yan.i.li@intel.com> ]
  * src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/ecryptfs-migrate-home: add a script and pam hooks to
    support automatic migration to encrypted home directory
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-migrate-home: clean up for merge
    - use $() rather than ``
    - drop set -u
    - use = and !=, and quote vars, rather than testing with -ne, -eq,
      for better shell portability
    - improve usage statement and error text
    - check if already encrypted
    - handle migration of multiple users on boot
    - fix all whitespace, use tabs for indents
    - use quotes around variables, rather than ${} (stylistic preference)
    - major simplification for immediate release
      + remove boot and user modes; only support administrator mode for
        security reasons and to avoid race conditions
      + other modes can be re-added, if necessary, and if security
        concerns can be addressed
    - ensure running as root
    - drop VERBOSE option, always print useful info messages
    - call the user $USER_NAME rather than $USER_ID since id implies
      number, and here we're deailing with names
    - no decimals on awk calculation
    - mktemp on the target user, not root
    - check that there is enough disk space available to do the migration
    - ensure the user's homedir group is correct
    - add critical instructions, user *must* login after the migration and
      before the reboot, as their wrapped passphrase will be cleared on
      reboot (possible we should use an init script to move these to
      /var/tmp on reboot)
    - ensure permissions are set correctly
    - improve text at the end of the migration, organize into notes
  * ecryptfs-utils.ecryptfs-utils-restore.upstart,
    ecryptfs-utils.ecryptfs-utils-save.upstart, rules:
    - try to protect migrating users who don't login before the next reboot
  * debian/ecryptfs-utils.install: install the locale messages
  * src/desktop/ecryptfs-record-passphrase: improve dialog text
  * src/desktop/ecryptfs-record-passphrase: revert the _ bit, as it's not quite
    working yet, will need to talk to David to fix
  * src/utils/ecryptfs-setup-private: fix bug where setup-private
    incorrectly assumed that the home/private dir ownerships should
    be owned by USER:USER; instead, default to USER:GROUP, where
    GROUP is the USER's primary group by default, LP: #445301
  * src/utils/ecryptfs-setup-private, debian/control: LP: #456565
    - fix typo, s/getext/gettext
    - depend on gettext-base
  * src/utils/ecryptfs-setup-private: fix printing of error strings,
    which was broken by the gettext integration, LP: #471725;
    in doing so, use $() in place of ``, use '' for gettext arguments,
    and wrap gettext in "", like this: foo="$(gettext 'blah blah')"
  * debian/control: one package per line, helps tremendously when looking
    at diffs
  * debian/copyright: Add new fields
  * debian/ecryptfs-utils.postinst: minor set -e change
  [ Michael Terry ]
  * src/utils/ecryptfs-setup=swap: clean up some error message reporting,
    LP: #430891, #430890
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs.7: note the 64-char passphrase limit, LP: #386504
  * src/utils/ecryptfs-setup-private: minor documentation change
  [ Evan Dandrea ]
  * src/utils/ecryptfs-setup-swap: allow for setting up encrpyted swap,
    without activating it immediately, necessary for livecd installations
  [ Dustin Kirkland ]
  * debian/control: updated bzr and browser urls, bumped standards version
  * src/pam_ecryptfs/pam_ecryptfs.c: silence useless, oft-shown info
    message
  * src/utils/ecryptfs-mount-private, src/utils/ecryptfs-rewrite-file,
    src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-swap,
    src/utils/ecryptfs-umount-private: use gettext for all string printing,
    such that we can internationalize ecryptfs
  * po/POTFILES.sh, po/ecryptfs-utils.pot, po/fr.po, rules: add po to the
    build system; for now, in the debian/ directory; this should be put in
    the upstream source tree eventually (but I need some help with the
    automake/autoconf integration)
  * ecryptfs-setup-swap: exit(0) if there's no swaps to encrypt, ensures
    that this script succeeds if there is no swap space that needs to be
    secured, or if the existing swap space is already secured
  * doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
    doc/manpage/umount.ecryptfs.8, doc/manpage/Makefile.am: added manpagess
  * doc/manpage/ecryptfs.7: fix lintian warning
  * debian/lintian/ecryptfs-utils: added a lintian overrides file
  * debian/lintian/ecryptfs-utils, debian/ecryptfs-utils.install: add and
    install some proper lintian overrides
  * src/libecryptfs/module_mgr.c: fix typo, LP: #408437
  [ Evan Dandrea ]
  * ecryptfs-setup-swap: support more than one encrypted swap device
  [ Dorin Scutarașu ]
  * src/libecryptfs/key_management.c: fix null pointer deref, LP: #409565
  [ James Westby ]
  * src/libecryptfs/main.c flockfile the filehandle after checking that
    we were able to successfully open it (LP: #403011)
  * debian/libecryptfs0.shlibs: bump shlibs dep to 77 since we added new
    symbols there
  [ Dustin Kirkland ]
  * src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c:
    revert the zombie code removal from pam_ecryptfs as it seems this
    bit is still needed; fix the source of the problem introduced in
    commit r407; check for non-zero return codes; this problem would
    manifest itself as a) unable to unlock screensaver, b) unable to
    switch users, c) unable to mount home folder on initial login;
    LP: #402222, #402029
  * src/utils/ecryptfs-umount-private: use for loop to loop over key
    ids on removal
  * src/utils/mount.ecryptfs_private.c: return non-zero on unmount failure
    due to open sessions; handle this in ecryptfs-umount-private too; make
    the flock() blocking; use /dev/shm for counter; add an iterator to the
    counter file to prevent users from DoS'ing one another from accessing
    their encrypted directories, LP: #402745
  * debian/ecryptfs-utils.postinst: move /tmp counters to /dev/shm
  * configure.ac: link against pam, silence shlib warning
  * src/include/ecryptfs.h, src/libecryptfs/main.c,
    src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/mount.ecryptfs_private.c: move two functions from
    mount.ecryptfs_private to libecryptfs, namely is_mounted() and
    fetch_private_mnt(); use these in both pam_ecryptfs and
    mount.ecryptfs_private; also move PRIVATE to ECRYPTFS_PRIVATE in
    the ecryptfs.h headers; this will allow us to short-circuit some of the
    costly key-loading code on pam_auth if the private dir is already
    mounted, speeding up some subsequent authentications significantly,
    LP: #402748
  * doc/ecryptfs-mount-private.txt: removed the "$" to make copy-n-paste
    more user friendly
  * src/utils/ecryptfs-setup-private: when encrypting home, put the
    .ecryptfs and .Private data in /home/.ecryptfs rather than /var/lib,
    as users are forgetting to backup /var/lib, and are often putting
    /home on a separate partition; furthermore, this gives users a place
    to access their encrypted data for backup, rather than hiding the
    data below $HOME, LP: #371719
  [ Tyler Hicks ]
  * src/libecryptfs/cipher_list.c, src/libecryptfs/module_mgr.c:
    add blowfish/56-bytes to the list of ciphers we officially support,
    LP: #402790
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-swap: switch from vol_id to blkid,
    LP: #376486
  * debian/ecryptfs-utils.postinst, src/utils/ecryptfs-setup-private:
    don't echo mount passphrase if running in bootstrap mode; prune
    potential leakages from install log, LP: #383650
  * SECURITY UPDATE: mount passphrase recorded in install log (LP: #383650).
    - debian/ecryptfs-utils.postinst: prune private information from
      installer log
    - src/utils/ecryptfs-setup-private: don't echo passphrase if running in
      bootstrap mode
    - CVE-2009-1296
  * src/utils/ecryptfs-setup-private: make some of the lanuage more readable,
    (thanks, anrxc)
  * README, configure.ac, debian/control, debian/rules,
    doc/sourceforge_webpage/README, src/libecryptfs-swig/libecryptfs.py,
    src/libecryptfs-swig/libecryptfs_wrap.c,
    src/libecryptfs/key_management.c, src/libecryptfs/libecryptfs.pc.in,
    src/libecryptfs/main.c, src/pam_ecryptfs/Makefile.am,
    src/utils/manager.c, src/utils/mount.ecryptfs.c: move build from gcrypt
    to nss (this change has been pending for some time)
  * src/utils/ecryptfs-dot-private: dropped, was too hacky
  * ecryptfs-mount-private.1, ecryptfs-setup-private.1: align the
    documentation and implementation of the wrapping-independent feature,
    LP: #383746
  * src/utils/ecryptfs-umount-private: use keyctl list @u, since keyctl show
    stopped working, LP: #400484, #395082
  * src/utils/mount.ecryptfs_private.c: fix counter file locking; solves
    a longstanding bug about "random" umount caused by cronjobs, LP: #358573
  [ Michal Hlavinka (edits by Dustin Kirkland) ]
  * doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs.7,
    doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/umount.ecryptfs_private.1: documentation updated to note
    possible ecryptfs group membership requirements; Fix ecrypfs.7 man
    page and key_mod_openssl's error message; fix typo
  * src/libecryptfs/decision_graph.c: put a finite limit (5 tries) on
    interactive input; fix memory leaks when asking questions
  * src/libecryptfs/module_mgr.c: Don't error out with EINVAL when
    verbosity=0 and some options are missing.
  * src/utils/umount.ecryptfs.c: no error for missing key when removing it
  * src/libecryptfs-swig/libecryptfs.i: fix compile werror, cast char*
  * src/utils/ecryptfs_add_passphrase.c: fix/test/use return codes;
    return nonzero for --fnek when not supported but used
  * src/include/ecryptfs.h, src/key_mod/ecryptfs_key_mod_openssl.c,
    src/libecryptfs/module_mgr.c: refuse mounting with too small rsa
    key (key_mod_openssl)
  * src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c: fix return
    codes
  * src/utils/ecryptfs-rewrite-file: polish output
  * src/libecryptfs/key_management.c: inform about full keyring; insert fnek
    sig into keyring if fnek support check fails; don't fail if key already
    exists in keyring
  * src/utils/ecryptfs-setup-private: if the ecryptfs group exists, restrict
    ecryptfs-setup-private to members of this group
  * src/pam_ecryptfs/pam_ecryptfs.c: dynamically load ecryptfs module by
    checking ecryptfs version
  * src/libecryptfs/decision_graph.c, src/utils/io.c,
    src/utils/mount.ecryptfs.c: fix EOF handling, LP: #371587
  * src/desktop/Makefile.am: make desktop files trusted, LP: #371426
  [ Dustin Kirkland and Daniel Baumann ]
  * debian/control, debian/copyright, debian/ecryptfs-utils.dirs,
    debian/ecryptfs-utils.install, debian/ecryptfs-utils.postinst,
    debian/rules, ecryptfs-utils.pam-auth-update: sync Ubuntu's
    packaging with Debian; drop dpatch, drop libssl build dep, clean
    up extraneous debhelper bits, match cflags; remaining diff is only
    ecryptfs-utils.prerm
  [ Arfrever Frehtes Taifersar Arahesis ]
  * key_mod/ecryptfs_key_mod_gpg.c,
    key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    libecryptfs/key_management.c, utils/ecryptfs_unwrap_passphrase.c:
    Fix warnings, initialize a few variables, drop unused ones
  [ David Hicks ]
  * src/lib/key_management.c: fix stray semicolon that prevents .ecryptfsrc
    files from working properly, LP: #372709
  [ Michael Rooney ]
  * src/python/ecryptfsapi.py: added python api
  [ Dustin Kirkland ]
  * debian/rules: drop hackery that moves stuff /usr/share/ecryptfs-utils
  * src/utils/mount.ecryptfs_private.c: update inline documentation
  * debian/changelog, src/libecryptfs/cmd_ln_parser.c,
    src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c,
    src/utils/ecryptfs_add_passphrase.c,
    src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    src/utils/ecryptfs_rewrap_passphrase.c,
    src/utils/ecryptfs_unwrap_passphrase.c,
    src/utils/ecryptfs_wrap_passphrase.c: silence some useless logging,
    LP: #313330
  * include/ecryptfs.h, libecryptfs/key_management.c,
    utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    utils/ecryptfs_unwrap_passphrase.c: if the file to unwrap is
    unspecified, try to use the default ~/.ecryptfs/wrapped-passphrase
    before bailing out, LP: #359997
  * src/utils/ecryptfs-setup-private: unix_chkpwd is not always present
    (eg, gentoo), LP: #332341
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7: ecryptfs_encrypted_view option desription
    was wrong LP: #328761
  [ Michal Hlavinka ]
  * decision_graph.c: fix uninitialized return code
  * mount.ecryptfs.c: don't pass verbosity option to kernel
  [ anrxc & Dustin Kirkland ]
  * doc/Makefile.am, src/desktop/Makefile.am: fix automake installation from
    /usr/share to /usr/share/ecryptfs-utils
  [ Daniel Baumann & Dustin Kirkland ]
  * debian/rules, debian/control: sync differences between Debian & Ubuntu's
    packaging
  [ Arfrever Frehtes Taifersar Arahesis ]
  * src/key_mod/ecryptfs_key_mod_gpg.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c: fix implicit declations
  [ Frédéric Guihéry ]
  * key_mod/ecryptfs_key_mod_tspi.c, utils/ecryptfs_generate_tpm_key.c:
    the SRK password should be set to 20 bytes of NULL (wellknown
    password), in order for different tools to request key protection
    with the Storage Root Key
  [ Michal Hlavinka ]
  * Changes for RH/Fedora release
    - change error codes to be more descriptive
    - decision_graph.h, *: change definition of node return codes to positive
      values
    - mount.ecryptfs.c: insist for yes/no answer for unkown sigs
    - don't print error for removing key from keyring if it succeeded
    - module_mgr.c: insist on yes/no answer
    - use ECRYPTFS_NONEMPTY_VALUE_REQUIRED where reasonable
    - pam_ecryptfs.c: don't try to unwrap key for users not using pam mounting
    - add verbosity to man page
    - decision_graph.* : add ECRYPTFS_NONEMPTY_VALUE_REQUIRED flag for nodes
    - decision_graph.* : add WRONG_VALUE return code to nodes for asking
      question again
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-private: fix bug in grep when running with LANG
    in other locales, LP: #347969
  * doc/manpage/ecryptfs.7: add notes about verbose option
  * src/desktop: add the desktop files to the dist tarball
  * src/utils/ecryptfs-dot-private: sourceable file for accessing your
    encrypted data; useful for conducting backups
  [ Martin Pitt and Dustin Kirkland ]
  Reworked the fixes for LP: #352307, remind user to record their passphrase
  * src/desktop/ecryptfs-record-passphrase: run if
    ~/.ecryptfs/.wrapped-passphrase.recorded does NOT exist; touch that
    file upon successful run of unwrap passphrase
  * debian/patches/00list,
    debian/patches/update-notifier-remind-passphrase.dpatch: dropped, since
    this was moved into PAM

ubuntu/wily-proposed 2015-08-06 18:03:21 UTC 2015-08-06
Import patches-unapplied version 108-0ubuntu1 to ubuntu/wily-proposed

Author: Dustin Kirkland 
Author Date: 2015-08-06 17:46:37 UTC

Import patches-unapplied version 108-0ubuntu1 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: dd52703b628dbc7ba718e7d068506782c275f428

New changelog entries:
  [ Martin Pitt ]
  * src/utils/ecryptfs-setup-swap:
    - Add setup-swap-check-links.patch: When commenting out existing swap, also
      consider device symlinks like /dev/mapper/ubuntu--vg-swap_1 or
      /dev/disks/by-uuid/ into account. Fixes broken cryptswap under LVM and
      manual setups. (LP: #1453738)
  * src/utils/ecryptfs-setup-swap, debian/ecryptfs-utils.postinst:
    - On upgrade, uncomment underlying
      unencrypted swap partitions that are referred to by a device link when
      crypttab and fstab have a "cryptswap*" device referring to them.
  * debian/control, debian/libecryptfs0.install,
    debian/libecryptfs0.links, debian/libecryptfs0.shlibs:
    - Rename libecryptfs0 to libecryptfs1 and adjust the packaging. It has
      actually shipped libecryptfs.so.1 since at least trusty. Add
      C/R/P: libecryptfs0 for smoother upgrades, this needs to be kept until
      after 16.04 LTS.
  [ Tyler Hicks ]
  * src/utils/mount.ecryptfs_private.c: Implement proper option parsing to
    restore the -f option when unmounting and display a helpful usage message
    (LP: #1454388)
  * src/utils/mount.ecryptfs_private.c: Add an option, -d, to
    umount.ecryptfs_private to treat the situation where the encrypted private
    session counter is nonzero, after decrementing it, as a non-error
    situation. No error message is printed to stderr and the exit status is 0.
  * src/pam_ecryptfs/pam_ecryptfs.c: Use the new umount.ecryptfs_private '-d'
    option to silence the error message that was printed to stderr when the
    encrypted private session counter is nonzero after being decremented.
    (LP: #1454319)
  * src/utils/ecryptfs-umount-private: Return 1 if umount.ecryptfs_private
    encounters an error. The ecryptfs-umount-private script was previously
    returning 0 even when umount.ecryptfs_private exited upon error.
  * debian/control: Fix 'Please add dh-python package to Build-Depends'
    build warning
  [ Dustin Kirkland ]
  * debian/libecryptfs1.install, debian/libecryptfs1.links,
    debian/libecryptfs1.shlibs:
    - fix ftbfs, add missing files
  * wily
  [ Dustin Kirkland ]
  * scripts/release.sh:
    - a few more release script improvements, build the source
      package for the Ubuntu development distro
  * debian/control:
    - build depend on distro-info, which we use in our release script
  [ Tyler Hicks ]
  * src/libecryptfs/key_management.c:
    - Fix a regression when reading version 1 wrapped passphrase files. A
      return code indicating success was always returned even when an error
      was encountered. The impact is low since the error situation is still
      caught when validating either the wrapping password's signature or the
      wrapped passphrase's signature. Thanks to László Böszörményi for
      catching this mistake.
    - Reject empty passphrases passed into ecryptfs_wrap_passphrase()
  * src/libecryptfs/main.c:
    - Reject empty wrapping passphrases passed into generate_passphrase_sig()
  [ Dustin Kirkland and Martin Pitt ]
  * debian/ecryptfs-utils.postinst: LP: #953875
    - detect and clean up after nonexisting cryptswap devices
  [ Tyler Hicks ]
  * tests/userspace/Makefile.am: Fix the 'make check' failure present in the
    ecryptfs-utils-105 release tarball. The failure was due to the automake
    file not specifying that some data files should be distributed as part
    of the v1-to-v2-wrapped-passphrase test, causing the test to fail due to
    the missing files.
  [ Dustin Kirkland ]
  * scripts/release.sh:
    - ensure that we try a binary build as part of the release process
    - make sure we're in the original working directory when we release
    - remove the -x option, too noisy
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs.7: LP: #1267640
    - fix inconsistency in man page for passphrase_passwd_file format
  * doc/manpage/ecryptfs-setup-private.1, src/utils/ecryptfs-setup-
    private, src/utils/ecryptfs-setup-swap: LP: #1420424
    - use /dev/random rather than /dev/urandom for long lived keys
  * src/utils/ecryptfs-setup-private:
    - use /dev/urandom for our testing, as we read a lot of info
  * src/utils/ecryptfs-setup-swap: LP: #953875, #1086140
    - fix a whitespace bug in a grep, that might cause us to not
      comment out the old swap space in /etc/fstab
    - offset the start of the encrypted swap space by 1KB, which
      ensures that we don't overwrite the UUID label on the header
      of the partition
    - use the aes-xts block cipher, and plain64 initialization vector,
      which are current best practice here
    - fixed a grammar nitpick
  [ Colin King ]
  * src/libecryptfs/key_management.c, src/utils/mount.ecryptfs.c:
    - A couple of minor fixes: Fix a memory leak and handle out of memory
      error, as found by using cppcheck.
  * src/utils/mount.ecryptfs.c
    - fix potential double free on yesno if get_string_stdin exits early
      without allocating a new buffer and we free yesno on the exit clean
      up path.
  * src/libecryptfs/cmd_ln_parser.c
    - remove redundant if / goto statement that does nothing.
  [ Anders Kaseorg ]
  * src/pam_ecryptfs/pam_ecryptfs.c: exit (not return) from forked child on
    error (LP: #1323421)
  [ Tyler Hicks ]
  * Introduce the version 2 wrapped-passphrase file format. It adds the
    ability to combine a randomly generated salt with the wrapping password
    (typically, a user's login password) prior to performing key
    strengthening. The version 2 file format is considered to be a
    intermediate step in strengthening the wrapped-passphrase files of
    existing encrypted home/private users. Support for reading/writing version
    2 wrapped-passphrase files and transparent migration, through
    pam_ecryptfs, from version 1 to version 2 files is considered safe enough
    to backport to stable distro releases. The libecryptfs ABI around
    wrapped-passphrase file handling is not broken.
    - CVE-2014-9687
  * Run wrap-unwrap.sh test as part of the make check target.
  * Add a new test, called v1-to-v2-wrapped-passphrase.sh, which is suitable
    for the make check target and verifies v1 to v2 wrapped-passphrase file
    migration.
  * Create a temporary file when creating a new wrapped-passphrase file and
    copy it to its final destination after the file has been fully synced to
    disk (LP: #1020902)
  [ Colin King ]
  * src/libecryptfs/ecryptfs-stat.c, tests/kernel/extend-file-
    random/test.c, tests/kernel/inode-race-stat/test.c,
    tests/kernel/trunc-file/test.c:
    - Fixed some 32 bit build warnings
  * src/libecryptfs/decision_graph.c, src/libecryptfs/key_management.c,
    src/libecryptfs/main.c, src/libecryptfs/module_mgr.c, src/utils/io.c,
    src/utils/mount.ecryptfs_private.c, tests/kernel/inotify/test.c,
    tests/kernel/trunc-file/test.c, tests/userspace/wrap-unwrap/test.c:
    - Fixed a pile of minor bugs (memory leaks, unclosed file descriptors,
      etc.) mostly in error paths
  * src/key_mod/ecryptfs_key_mod_passphrase.c, src/libecryptfs/main.c,
    src/pam_ecryptfs/pam_ecryptfs.c:
    - more Coverity fixes, memory leak, error checking, etc.
  [ Nobuto MURATA ]
  * fix an empty update-notifier window (LP: #1107650)
    - changes made in Rev.758 was incomplete
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7:
    - adjust man page text to avoid confusion about whether the interactive
      mount helper takes a capital 'N' for the answer to y/n questions
      (LP: #1130460)
  * src/utils/ecryptfs_rewrap_passphrase.c:
    - Handle errors when interactively reading the new wrapping passphrase
      and the confirmation from stdin. Fixes a segfault (invalid memory read)
      in ecryptfs-rewrap-passphrase if there was an error while reading either
      of these passphrases.
  * configure.ac:
    - Set AM_CPPFLAGS to always include config.h as the first include file.
      Some .c files correctly included config.h before anything else. The
      majority of .c files got this wrong by including it after other header
      files, including it multiple times, or not including it at all.
      Including it in the AM_CPPFLAGS should solve these problems and keep
      future mistakes from happening in new source files.
    - Enable large file support (LFS) through the use of the AC_SYS_LARGEFILE
      autoconf macro. ecryptfs-utils has been well tested with LFS enabled
      because ecryptfs-utils is being built with
      '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' in Debian-based distros.
      This is mainly needed for some of the in-tree regression tests but
      ecryptfs-utils, in general, should be built with LFS enabled.
  * debian/rules:
    - Don't append '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' to the CFLAGS
      now that the upstream build enables LFS
  * tests/userspace/lfs.sh, tests/userspace/lfs/test.c:
    - Add a test to verify that LFS is enabled. This test is run under the
      make check target.
  * tests/kernel/enospc/test.c:
    - Fix test failures on 32 bit architectures due to large file sizes
      overflowing data types
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-swap: LP: #1172014
    - write crypttab entry using UUID
  * src/utils/ecryptfs-recover-private: LP: #1028532
    - error out, if we fail to mount the private data correctly
  [ Colin King and Dustin Kirkland ]
  * configure.ac, src/daemon/main.c, src/libecryptfs/cmd_ln_parser.c,
    src/libecryptfs/decision_graph.c, src/utils/mount.ecryptfs.c,
    tests/kernel/trunc-file/test.c:
    - remove some dead code, fix some minor issues raised by Coverity
  [ Tyler Hicks ]
  * debian/rules:
    - Use dpkg-buildflags to inject distro compiler hardening flags into the
      build. This also fixes the hardening-no-fortify-functions lintian
      warnings.
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
    doc/manpage/ecryptfs-find.1, doc/manpage/ecryptfs-generate-tpm-
    key.1, doc/manpage/ecryptfs-insert-wrapped-passphrase-into-
    keyring.1, doc/manpage/ecryptfs-manager.8, doc/manpage/ecryptfs-
    migrate-home.8, doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
    passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
    swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
    private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
    doc/manpage/ecryptfs-verify.1, doc/manpage/ecryptfs-wrap-
    passphrase.1, doc/manpage/Makefile.am, doc/manpage/mount.ecryptfs.8,
    doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
    doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1, src/desktop/ecryptfs-find =>
    src/utils/ecryptfs-find, src/desktop/Makefile.am,
    src/utils/Makefile.am:
    - add 3 new manpages, for ecryptfs-find, ecryptfs-verify, and
      ecryptfs-migrate-home
    - Add SEE ALSO section to manpages which were missing it
    - Mention "Debian and Ubuntu" in license location
    - move the ecryptfs-find utility to the proper location in src/utils
  * src/utils/Makefile.am:
    - fix broken build
  * debian/ecryptfs-utils.links:
    - link no longer needed for ecryptfs-find
  [ Colin King ]
  * === added directory tests/kernel/mmap-bmap, === added directory
    tests/kernel/xattr, tests/kernel/link.sh, tests/kernel/Makefile.am,
    tests/kernel/mknod.sh, tests/kernel/mmap-bmap.sh, tests/kernel/mmap-
    bmap/test.c, tests/kernel/tests.rc, tests/kernel/xattr.sh,
    tests/kernel/xattr/test.c:
    - ran the current eCryptfs tests on 3.8-rc4 with kernel gcov enabled
      and spotted a few trivial areas where it would be useful to up the
      test coverage on the code
    - so here are a few very simple additional tests to exercise eCryptfs
      a little further
  [ Dustin Kirkland ]
  * debian/control:
    - bump standards, no change
  [ Tyler Hicks ]
  * autogen.sh, scripts/release.sh, Makefile.am:
    - Break out the autoreconf and intltoolize commands from release.sh into
      an executable autogen.sh
    - Use the --copy option when invoking intltoolize
    - Include the new autogen.sh script in the release tarball
  * debian/rules, debian/control:
    - Use dh-autoreconf so that upstream sources can easily be used to build
      packages for all the stable Ubuntu releases in the ecryptfs-utils daily
      build PPA
    - Override the dh_autoreconf target by running the autogen.sh script
    - Drop Build-Depends on autotools-dev since dh-autoreconf is a superset of
      autotools-dev
    - Drop Build-Depends on autoconf, automake, and libtool since
      dh-autoreconf depends on all of these packages
  * m4/ac_python_devel.m4:
    - Fix FTBFS in Raring Ringtail due to multiarch Python. Be sure to include
      platform specific Python include directions in SWIG_PYTHON_CPPFLAGS.
  * src/utils/mount.ecryptfs_private.c:
    - Fix conditionals when checking whether to remove authentication tokens
      from the kernel keyring upon umount. This conditional was incorrectly
      modified in ecryptfs-utils-101, yet the authentication tokens still seem
      to be removed from the kernel keyring so it isn't clear if there was
      actually a user-facing regression.
    - Pass the FEKEK sig, rather than the FNEK sig, to
      ecryptfs_private_is_mounted()
    - Restore behavior of not printing error messages to syslog when
      unmounting and keys cannot be found in the kernel keyring.
    - Restore behavior of printing a useful error message about
      ecryptfs-mount-private when mounting and keys cannot be found in the
      kernel keyring
    - Fix memory leak and clean up free()'s in an error path
    - Use pointer assignment tests, rather than strlen(), to determine which
      key signatures were fetched
  * src/daemon/main.c, src/include/ecryptfs.h,
    src/libecryptfs/{Makefile.am,messaging.c,miscdev.c,netlink.c,sysfs.c},
    doc/manpage/ecryptfsd.8, doc/design_doc/ecryptfs_design_doc_v0_2.tex:
    - Remove netlink messaging interface support
    - Netlink messaging support was superceded by the miscdev interface
      (/dev/ecryptfs) in upstream kernel version 2.6.26 in July, 2008
    - Netlink messaging support was completely removed from the upstream
      kernel starting with version 2.6.32 in December, 2009
  * src/jprobes/*, scripts/delete-cruft.sh:
    - Remove all jprobes code, as I don't use jprobes to debug eCryptfs kernel
      issues and I don't like the idea of maintaining these jprobes outside of
      the kernel tree
  * src/escrow/*:
    - Remove all escrow code, as it isn't used or maintained
  * tests/kernel/llseek.sh, tests/kernel/llseek/test.c,
    tests/userspace/wrap-unwrap.sh, tests/userspace/wrap-unwrap/test.c:
    - Migrate some old testcases over to the modern test framework
  * tests/lib/etl_funcs.sh:
    - Update etl_create_test_dir() to allow a parent directory to be specified
      when creating the directory
  * src/testcases:
    - Delete old testcases that were either too basic, covered by more
      extensive tests in the modern test framework, or just didn't work
  [ Nobuto MURATA ]
  * src/desktop/ecryptfs-record-passphrase:
  [ Eric Lammerts ]
  * src/libecryptfs/sysfs.c: LP: #1007880
    - Handle NULL mnt pointer when sysfs is not mounted
  [ Tyler Hicks ]
  * src/utils/ecryptfs-migrate-home: LP: #1026180
    - Correct minor misspelling
  * src/utils/ecryptfs-recover-private: LP: #1004082
    - Fix option parsing when --rw is specified
  * src/utils/ecryptfs-recover-private: LP: #1028923
    - Simplify success message to prevent incorrectly reporting that a
      read-only mount was performed when the --rw option is specified
  * tests/lib/etl_func.sh:
    - Add test library function to return a lower path from an upper path,
      based on inode numbers
  * tests/kernel/mmap-close.sh, tests/kernel/mmap-close/test.c:
    - Add regression test for open->mmap()->close()->dirty memory->munmap()
      pattern
  * tests/kernel/lp-561129.sh:
    - Add test for checking that a pre-existing target inode is properly
      evicted after a rename
  * tests/README:
    - Add documentation on the steps to take when adding new test cases
  [ Colin King ]
  * tests/kernel/lp-911507.sh:
    - Add test case for initializing empty lower files during open()
  * tests/kernel/lp-872905.sh:
    - Add test case to check for proper unlinking of lower files when
      lower file initialization fails
  * src/key_mod/ecryptfs_key_mod_openssl.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    src/libecryptfs/key_management.c,
    src/utils/mount.ecryptfs_private.c, src/utils/umount.ecryptfs.c:
    - address some issues raised by smatch static analysis
    - fix some memory leaks with frees
    - fix some pointer refs and derefs
    - fix some comment typos
  [ Dustin Kirkland ]
  * src/libecryptfs/key_management.c:
    - silence pam error message when errno == EACCES
      + "Error attempting to parse .ecryptfsrc file; rc = [-13]"
  * src/utils/mount.ecryptfs_private.c: LP: #1052038
    - fix race condition, which typically manifests itself with a user
      saying that their home directory is not accessible, or that their
      filenames are not decrypted
    - the root of the problem is that we were reading the signature file,
      ~/.ecryptfs/Private.sig, twice; in some cases, the first one succeeds,
      so the file encryption signature is read and key is loaded, but then
      some other process (usually from PAM, perhaps a cron job or a
      subsequent login) mounts the home directory before the filename
      encryption key is loaded; thus, $HOME is mounted but filenames are
      not decrypted, so the second read of ~/.ecryptfs/Private.sig fails
      as that file is not found
    - the solution is to rework the internal fetch_sig() function and read
      one or both signatures within a single open/read/close operation of
      the file
    - free memory used by char **sig on failure
  * debian/copyright:
    - fix lintian warning
  [ Tyler Hicks ]
  * src/pam_ecryptfs/pam_ecryptfs.c, src/libecryptfs/key_management.c:
      LP: #1024476
    - fix regression introduced in ecryptfs-utils-99 when Encrypted
      Home/Private is in use and the eCryptfs kernel code is compiled as a
      module
    - drop check for kernel filename encryption support in pam_ecryptfs, as
      appropriate privileges to load the eCryptfs kernel module may not be
      available and filename encryption has been supported since 2.6.29
    - always add filename encryption key to the kernel keyring from pam_mount
  [ Colin King ]
  * tests/kernel/inode-race-stat/test.c:
    - limit number of forks based on fd limits
  * tests/kernel/enospc.sh, tests/kernel/enospc/test.c,
    tests/kernel/Makefile.am, tests/kernel/tests.rc:
    - add test case for ENOSPC
  [ Tim Harder ]
  * m4/ac_python_devel.m4: LP: #1029217
    - proplery save and restore CPPFLAGS and LIBS when python support is
      enabled
  [ Dustin Kirkland ]
  * debian/ecryptfs-utils.postinst: LP: #936093
    - ensure desktop file is executable
  [ Wesley Wiedenmeier ]
  * src/utils/mount.ecryptfs.c: LP: #329264
    - remove old hack, that worked around a temporary kernel regression;
      ensure that all mount memory is mlocked
  [ Sebastian Krahmer ]
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #732614
    - drop group privileges in the same places that user privileges are
      dropped
    - check return status of setresuid() calls and return if they fail
    - drop privileges before checking for the existence of
      ~/.ecryptfs/auto-mount to prevent possible file existence leakage
      by a symlink to a path that typically would not be searchable by
      the user
    - drop privileges before reading salt from the rc file to prevent the
      leakage of root's salt and, more importantly, using the incorrect salt
    - discovered, independently, by Vasiliy Kulikov and Sebastian Krahmer
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #1020904
    - after dropping privileges, clear the environment before executing the
      private eCryptfs mount helper
    - discovered by Sebastian Krahmer
  * src/utils/mount.ecryptfs_private.c: LP: #1020904
    - do not allow private eCryptfs mount aliases to contain ".." characters
      as a preventative measure against a crafted file path being used as an
      alias
    - force the MS_NOSUID mount flag to protect against user controlled lower
      filesystems, such as an auto mounted USB drive, that may contain a
      setuid-root binary
      + CVE-2012-3409
    - force the MS_NODEV mount flag
    - after dropping privileges, clear the environment before executing umount
    - discovered by Sebastian Krahmer
  [ Tyler Hicks ]
  * src/libecryptfs/key_management.c: LP: #732614
    - zero statically declared buffers to prevent the leakage of stack
      contents in the case of a short file read
    - discovered by Vasiliy Kulikov
  * src/libecryptfs/module_mgr.c, src/pam_ecryptfs/pam_ecryptfs.c:
    - fix compiler warnings
  [ Dustin Kirkland ]
  * debian/ecryptfs-utils.prerm:
    - drop the pre-removal ERRORs down to WARNINGs
    - these have caused a ton of trouble; whatever is causing ecryptfs-utils
      to be marked for removal should be fixed; but ecryptfs exiting 1 seems
      to be causing more trouble than it's worth
    - LP: #871021, #812270, #988960, #990630, #995381, #1010961
  * doc/ecryptfs-faq.html:
    - update the frequently asked questions, which haven't seen much
      attention in a while now
    - drop a few references to sourceforge
  * doc/ecryptfs-pam-doc.txt, doc/manpage/fr/ecryptfs-add-passphrase.1,
    doc/manpage/fr/ecryptfs-generate-tpm-key.1, doc/manpage/fr/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-
    mount-private.1, doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
    doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
    umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
    doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
    zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
    doc/sourceforge_webpage/ecryptfs-article.pdf,
    doc/sourceforge_webpage/ecryptfs_design_doc_v0_1.pdf,
    doc/sourceforge_webpage/ecryptfs-faq.html,
    doc/sourceforge_webpage/ecryptfs-key-diagram-356.png,
    doc/sourceforge_webpage/ecryptfs-key-diagram-640.png,
    doc/sourceforge_webpage/ecryptfs-pageuptodate-call-graph.png,
    doc/sourceforge_webpage/ecryptfs-pam-doc.txt,
    doc/sourceforge_webpage/ecryptfs.pdf,
    doc/sourceforge_webpage/index.html, doc/sourceforge_webpage/README,
    === removed directory doc/manpage/fr, === removed directory
    doc/sourceforge_webpage, rpm/ecryptfs-utils.spec:
    - remove some deprecated documentation
    - fish it out of bzr, if we ever need it again, but let's
      quit publishing it in our release tarballs
  [ Kees Cook ]
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #938326
    - exit, rather than return to prevent duplicate processes
  [ Andreas Raster ]
  * src/desktop/ecryptfs-find:
    - $mounts was quoted once too often
  [ George Wilson ]
  * src/key_mod/ecryptfs_key_mod_openssl.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    src/key_mod/ecryptfs_key_mod_tspi.c: LP: #937331
    - IBM would like to grant a license exception for key modules that
      require linking to OpenSSL. The change should make the modules
      shippable by Linux distributions
  [ Dustin Kirkland ]
  * debian/copyright:
    - note the GPLv2 SSL exception granted by IBM for the key modules
  * debian/control, debian/copyright, doc/manpage/ecryptfs.7,
    doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
    doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
    manager.8, doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
    passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
    swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
    private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
    doc/manpage/ecryptfs-wrap-passphrase.1,
    doc/manpage/mount.ecryptfs.8, doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/pam_ecryptfs.8, doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1, README,
    src/utils/mount.ecryptfs.c:
    - use the new ecryptfs.org website where appropriate
  * debian/control:
    - update to suggest zescrow-client
  [ Sergio Peña ]
  * src/libecryptfs/cipher_list.c: LP: #922821
    - add the new name of the blowfish cipher (linux >= 3.2)
  * src/include/ecryptfs.h, src/libecryptfs/main.c,
    src/utils/mount.ecryptfs.c: LP: #917509
    - use execl() to mount ecryptfs
    - this allows us to support any arbitrary mount options in
      /etc/fstab
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7:
    - Remove the note saying that the passphrase and openssl key modules are
      available by default. That's true upstream but not always true in distro
      builds.
  * tests/run_tests.sh:
    - Make upper and lower mount point arguments optional by automatically
      creating directories in /tmp by default.
    - Make it possible to run only userspace tests without having to specify
      unused mount information
    - Accept a comma-separated list of lower filesystems to test on and loop
      through all kernel tests for each lower filesystem
    - Accept a comma-separated list of tests to run
  * tests/lib/etl_funcs.sh:
    - Unset $ETL_DISK just before etl_remove_disk() successfully returns
  * tests/userspace/Makefile.am:
    - Also build 'make check' tests when building with --enable-tests
  * include/ecryptfs.h, libecryptfs/Makefile.am,
    libecryptfs/cipher_list.c, libecryptfs/module_mgr.c,
    utils/io.h: LP: #994813
    - remove overly complicated implementation to detect what ciphers
      are supported by the currently running kernel's crypto api
    - prompt for the entire supported cipher list, if the user selects a
      cipher that their kernel doesn't support, the mount will fail
      and the kernel will write an error message to the syslog
  * src/libecryptfs/module_mgr.c:
    - Use correct blowfish block size when displaying supported ciphers to
      the user
  * tests/kernel/lp-1009207.sh, tests/kernel/Makefile.am,
    tests/kernel/tests.rc:
    - Add simple test case for incorrect handling of umask and default POSIX
      ACL masks
  * tests/kernel/lp-994247.sh, tests/kernel/lp-994247/test.c,
    tests/kernel/Makefile.am, tests/kernel/tests.rc:
    - Add test case for incorrect handling of open /dev/ecryptfs file
      descriptors that are passed or inherited by other processes
  [ Colin King ]
  * tests/lib/etl_funcs.sh:
    - etl_lumount() should use DST rather than SRC dir so it can run on Lucid
    - use file system appropriate mkfs force flag
    - cater for correct ext2 default mount flags
  * tests/kernel/lp-509180.sh, tests/kernel/lp-509180/test.c:
    - test for trailing garbage at end of files
  * tests/kernel/lp-524919.sh, tests/kernel/lp-524919/test.c:
    - test case for checking lstat/readlink size
  * tests/kernel/lp-870326.sh, tests/kernel/lp-870326/test.c:
    - test case for open(), mmap(), close(), modify mmap'd region
  * tests/kernel/lp-469664.sh:
    - test case for lsattr
  * tests/kernel/lp-613873.sh:
    - test case for stat modify time
  * tests/kernel/lp-745836.sh:
    - test case for clearing ECRYPTFS_NEW_FILE flag during truncate
  * tests/lib/etl_funcs.sh, tests/kernel/extend-file-random.sh,
    tests/kernel/trunc-file.sh (LP: #1007159):
    - Add test library function for estimating available space in lower fs
    - Use new library function in tests that need to create large files
  [ Colin Watson ]
  * src/utils/ecryptfs-setup-swap: Skip /dev/zram* swap devices
    LP: #979350
  [ Serge Hallyn ]
  * src/utils/mount.ecryptfs_private.c:
    - EoL fixes
  [ Dustin Kirkland ]
  * CONTRIBUTING:
    - added a new file to describe how to contribute to ecryptfs
  * === added directory img/old, img/old/ecryptfs_14.png,
    img/old/ecryptfs_192.png, img/old/ecryptfs_64.png:
    - saving the old logos/branding for posterity
  * debian/copyright, img/COPYING:
    - added CC-by-SA 3.0 license
    - use the text version
  * img/ecryptfs_14.png, img/ecryptfs_192.png, img/ecryptfs_64.png:
    - added scaled copies of images used for Launchpad.net branding
  * src/utils/ecryptfs-recover-private: LP: #847505
    - add an option to allow user to enter the mount passphrase,
      in case they've recorded that, but forgotten their login
      passphrase
  * src/libecryptfs/sysfs.c: LP: #802197
    - default sysfs to /sys, if not found in /etc/mtab
    - it seems that reading /etc/mtab for this is outdated
    - ensure that ecryptfs works even if there is no sysfs entry
      in /etc/mtab
  * src/key_mod/ecryptfs_key_mod_tspi.c: LP: #462225
    - fix TPM and string_to_uuid 64bits issue
    - thanks to Janos for the patch
  [ Tyler Hicks ]
  * CONTRIBUTING:
    - clarified how to contribute to the ecryptfs kernel module
  * tests/lib/etl_funcs.sh:
    - created eCryptfs test library of bash functions for use in test
      cases and test harnesses
  * test/etl_add_passphrase_key_to_keyring.c:
    - created a C helper program to allow bash scripts to interface to
      the libecryptfs function that adds passphrase-based keys to the
      kernel keyring
  * tests/kernel/tests.rc, tests/userspace/tests.rc:
    - created a test case category files for test harnesses to source
      when running testcases of a certain category (destructive, safe,
      etc.)
  * tests/run_tests.sh:
    - created a test harness to run eCryptfs test cases
  * tests/kernel/miscdev-bad-count.sh,
    tests/kernel/miscdev-bad-count/test.c:
    - created test case for miscdev issue reported to mailing list
  * tests/kernel/lp-885744.sh:
    - created test case for pathconf bug
  * tests/kernel/lp-926292.sh:
    - created test case for checking stale inode attrs after setxattr
  * tests/new.sh:
    - created new test case template to copy from
  * tests/userspace/verify-passphrase-sig.sh,
    tests/userspace/verify-passphrase-sig/test.c:
    - created test case, for make check, to test the creation of
      passphrase-based fekeks and signatures
  * configure.ac, Makefile.am, tests/Makefile.am, tests/lib/Makefile.am,
    tests/kernel/Makefile.am, tests/userspace/Makefile.am:
    - updated and created autoconf/automake files to build the new tests
      directory
    - added make check target
  [ Eddie Garcia ]
  * img/*: LP: #907131
    - contributing a new set of logos and branding under the CC-by-SA3.0
      license
  [ Colin King ]
  * tests/kernel/extend-file-random.sh,
    tests/kernel/extend-file-random/test.c:
    - Test to randomly extend file size, read/write + unlink
  * tests/kernel/trunc-file.sh, tests/kernel/trunc-file/test.c:
    - Test to exercise file truncation
  * tests/kernel/directory-concurrent.sh,
    tests/kernel/directory-concurrent/test.c:
    - test for directory creation/deletion races with multiple processes
  * tests/kernel/file-concurrent.sh,
    tests/kernel/file-concurrent/test.c:
    - test for file creation/truncation/unlink races with multiple
      processes
  * tests/kernel/inotify.sh, tests/kernel/inotify/test.c:
    - test for proper inotify support
  * tests/kernel/mmap-dir.sh, tests/kernel/mmap-dir/test.c:
    - test that directory files cannot be mmap'ed
  * tests/kernel/read-dir.sh, tests/kernel/read-dir/test.c:
    - test that read() on directory files returns the right error
  * tests/kernel/setattr-flush-dirty.sh:
    - test that the modified timestamp isn't clobbered in writeback
  * tests/kernel/inode-race-stat.sh, tests/kernel/inode-race-stat/test.c:
    - test for inode initialization race condition
  [ Serge Hallyn ]
  * fix infinite loop on arm: fgetc returns an int, and -1 at end of
    options. Arm makes char unsigned. (LP: #884407)
  [ Dustin Kirkland ]
  * debian/compat, debian/control, debian/ecryptfs-utils.install,
    debian/ecryptfs-utils.lintian-overrides,
    debian/libecryptfs0.install, debian/libecryptfs-dev.install,
    debian/lintian/ecryptfs-utils, debian/python-ecryptfs.install,
    debian/rules, debian/source/options, doc/ecryptfs-pam-doc.txt,
    doc/manpage/ecryptfs-setup-private.1, lintian/ecryptfs-utils, ===
    removed directory debian/lintian:
    - merge a bunch of packaging changes from Debian's Daniel Baumann
    - fixes LP: #800647
  * scripts/release.sh:
    - minor release fixes
  [ Dustin Kirkland ]
  * scripts/release.sh:
    - fix release script
    - bump ubuntu release
  * doc/manpage/ecryptfs-recover-private.1, src/utils/ecryptfs-migrate-
    home (properties changed: -x to +x), src/utils/ecryptfs-recover-
    private:
    - add a --rw option for ecryptfs-recover-private
  * src/utils/ecryptfs-migrate-home: LP: #820416
    - show progress on rsync
  * debian/ecryptfs-utils.ecryptfs-utils-restore.upstart,
    debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
    src/utils/ecryptfs-migrate-home,
    src/utils/ecryptfs-setup-private: LP: #883238
    - remove 2 upstart scripts, which attempted to "save" users who didn't
      login after migrating their home; instead, we now require the root
      user to enter user passwords at migration time
  * debian/copyright, debian/ecryptfs-utils.ecryptfs-utils-
    restore.upstart, debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
    doc/manpage/ecryptfs.7, doc/manpage/ecryptfs-add-passphrase.1,
    doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
    mount-private.1, doc/manpage/ecryptfs-recover-private.1,
    doc/manpage/ecryptfs-rewrap-passphrase.1, doc/manpage/ecryptfs-
    rewrite-file.1, doc/manpage/ecryptfs-setup-private.1,
    doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
    doc/manpage/ecryptfs-umount-private.1, doc/manpage/ecryptfs-unwrap-
    passphrase.1, doc/manpage/ecryptfs-wrap-passphrase.1,
    doc/manpage/fr/ecryptfs-add-passphrase.1, doc/manpage/fr/ecryptfs-
    generate-tpm-key.1, doc/manpage/fr/ecryptfs-insert-wrapped-
    passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-mount-private.1,
    doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
    doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
    umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
    doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
    zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
    doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
    doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1,
    src/pam_ecryptfs/pam_ecryptfs.c,
    src/utils/ecryptfs_add_passphrase.c,
    src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    src/utils/ecryptfs-migrate-home, src/utils/ecryptfs-mount-private,
    src/utils/ecryptfs-recover-private,
    src/utils/ecryptfs_rewrap_passphrase.c, src/utils/ecryptfs-rewrite-
    file, src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-
    swap, src/utils/ecryptfs-umount-private,
    src/utils/ecryptfs_unwrap_passphrase.c,
    src/utils/ecryptfs_wrap_passphrase.c:
    - update some email addresses, moving kirkland@canonical.com ->
      kirkland@ubuntu.com (which I can still read)
  * src/libecryptfs/key_management.c: LP: #715066
    - fix 2 places where we were handling
      ecryptfs_add_passphrase_key_to_keyring() inconsistently
    - if we're trying to add a key to the keyring, and it's already there,
      treat that as "success"
  * debian/control:
    - ecryptfs-setup-swap is strongly recommended, which depends on
      cryptsetup; so promote cryptsetup from suggests -> recommends
  [ Stephan Ritscher and Tyler Hicks ]
  * src/libecryptfs/cmd_ln_parser.c: LP: #683535
    - fix passphrase_passwd_fd for pipes
    - handle memory allocation failures
    - free memory in error paths
  [ Arfrever Frehtes Taifersar Arahesis ]
  * configure.ac: LP: #893327
    - no need to check for python, if --disable-pywrap is passed
  * src/utils/ecryptfs-verify, src/utils/Makefile.am:
    - add an ecryptfs-verify utility, LP: #845738
  * src/testcases/write-read.sh:
    - added a write/read test utility
  * doc/manpage/ecryptfs-mount-private.1, doc/manpage/ecryptfs-setup-
    private.1, doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/umount.ecryptfs_private.1: LP: #882267
    - remove inaccurate documentation about being a member of the ecryptfs
      group
  * src/utils/ecryptfs-setup-private: LP: #882314
    - fix preseeded encrypted home Ubuntu installations (thanks Timo!)
  * src/libecryptfs/key_management.c: LP: #725862
    - fix nasty bug affecting users who do *not* encrypt filenames;
      the first login works, but on logout, only one key gets
      cleaned out; subsequent logins do not insert the necessary key
      due to an early "goto out"; this fix needs to be SRU'd
  * debian/rules: LP: #586281
    - fix perms on desktop mount file
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #838471
    - rework syslogging to be less noisy and note pam_ecryptfs
  [ Diego E. "Flameeyes" Pettenò ]
  * configure.ac:
    - fix reliance on nss-config, which hinders cross-compilation
  [ Marc Deslauriers ]
  * src/utils/mount.ecryptfs_private.c:
  * SECURITY UPDATE: wrong mtab ownership and permissions (LP: #830850)
    - debian/patches/CVE-2011-3145.patch: also set gid and umask before
      updating mtab in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-3145
  [ Marc Deslauriers ]
  * SECURITY UPDATE: privilege escalation via mountpoint race conditions
    (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
      before checking permissions in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1831
    - CVE-2011-1832
  * SECURITY UPDATE: race condition when checking source during mount
    (LP: #732628)
    - debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
      kernel option when mounting directory in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1833
  * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
      file first and make sure it succeeds before replacing the real mtab
      in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1834
  * SECURITY UPDATE: key poisoning via insecure temp directory handling
    (LP: #732628)
    - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
      user controlled directory in src/utils/ecryptfs-setup-private.
    - CVE-2011-1835
  * SECURITY UPDATE: information disclosure via recovery mount in /tmp
    (LP: #732628)
    - debian/patches/CVE-2011-1836.patch: mount inside protected
      subdirectory in src/utils/ecryptfs-recover-private.
    - CVE-2011-1836
  * SECURITY UPDATE: arbitrary file overwrite via lock counter race
    condition (LP: #732628)
    - debian/patches/CVE-2011-1837.patch: verify permissions with a file
      descriptor, and don't follow symlinks in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1837
  [ Dustin Kirkland ]
  * debian/control:
    - add missing build dependency needed for release
  * doc/manpage/ecryptfs-wrap-passphrase.1: fix minor error in manpage
  * src/desktop/ecryptfs-find, src/desktop/Makefile.am: LP: #799157
    - add a tool, /usr/share/ecryptfs-utils/ecryptfs-find that can
      help find cleartext/encrypted filenames by inode number
  * src/desktop/ecryptfs-find:
    - test file exists first; ditch the match;
      search all ecryptfs mounts that user can read/traverse
  * debian/ecryptfs-utils.links:
    - add a symlink for Ubuntu
  * scripts/release.sh:
    - improve release script
  [ Serge Hallyn ]
  * Fix from Christophe Dumez: mount.ecryptfs_private: Do not attempt to
    update mtab if it is a symbolic link. (LP: #789888)
  * src/utils/mount.ecryptfs_private.c:
    - reduce the window size for the TOCTOU race;
      does not entirely solve LP: #732628, which is going to need to be
      fixed in the kernel with some heavy locking
  * debian/control: update urls
  * src/utils/ecryptfs-mount-private: LP: #725862
    - fix ecryptfs-mount-private to insert only the fek, if filename
      encryption is disabled
  [ Paolo Bonzini <pbonzini@redhat.com> ]
  * src/utils/ecryptfs-setup-private: update the Private.* selinux
    contexts
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-private:
    - add -p to mkdir, address noise for a non-error
    - must insert keys during testing phase, since we remove keys on
      unmount now, LP: #725862
  * src/utils/ecryptfs_rewrap_passphrase.c: confirm passphrases in
    interactive mode, LP: #667331
  [ Jakob Unterwurzacher ]
  * src/pam_ecryptfs/pam_ecryptfs.c:
    - check if this file exists and ask the user for the wrapping passphrase
      if it does
    - eliminate both ecryptfs_pam_wrapping_independent_set() and
      ecryptfs_pam_automount_set() and replace with a reusable
      file_exists_dotecryptfs() function
  [ Serge Hallyn and Dustin Kirkland ]
  * src/utils/mount.ecryptfs_private.c:
    - support multiple, user configurable private directories by way of
      a command line "alias" argument
    - this "alias" references a configuration file by the name of:
      $HOME/.ecryptfs/alias.conf, which is in an fstab(5) format,
      as well as $HOME/.ecryptfs/alias.sig, in the same format as
      Private.sig
    - if no argument specified, the utility operates in legacy mode,
      defaulting to "Private"
    - rename variables, s/dev/src/ and s/mnt/dest/
    - add a read_config() function
    - add an alias char* to replace the #defined ECRYPTFS_PRIVATE_DIR
    - this is half of the fix to LP: #615657
  * doc/manpage/mount.ecryptfs_private.1: document these changes
  * src/libecryptfs/main.c, src/utils/mount.ecryptfs_private.c:
    - allow umount.ecryptfs_private to succeed when the key is no
      longer in user keyring.
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-recover-private: clean sigs of invalid characters
  * src/utils/mount.ecryptfs_private.c:
    - fix bug LP: #313812, clear used keys on unmount
    - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from
      umount.ecryptfs behave similarly
    - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek
  [ presgas@gmail.com ]
  * src/utils/ecryptfs-migrate-home:
    - support user databases outside of /etc/passwd, LP: #627506
  * src/desktop/ecryptfs-record-passphrase: fix typo, LP: #524139
  * debian/rules, debian/control:
    - disable the gpg key module, as it's not yet functional
    - clean up unneeded build-deps
    - also, not using opencryptoki either
  * doc/manpage/ecryptfs.7: fix minor documentation bug, reported by
    email by Jon 'maddog' Hall
  * doc/manpage/ecryptfs-recover-private.1, doc/manpage/Makefile.am,
    po/POTFILES.in, src/utils/ecryptfs-recover-private,
    src/utils/Makefile.am: add a utility to simplify data recovery
    of an encrypted private directory from a Live ISO, LP: #689969
  [ David Planella ]
  * Makefile.am, configure.ac, debian/control, debian/po/POTFILES.sh,
    debian/po/ecryptfs-utils.pot, debian/po/fr.po, debian/rules,
    po/POTFILES.in, src/desktop/Makefile.am,
    src/desktop/ecryptfs-mount-private.desktop,
    src/desktop/ecryptfs-mount-private.desktop.in,
    src/desktop/ecryptfs-record-passphrase,
    src/desktop/ecryptfs-setup-private.desktop,
    src/desktop/ecryptfs-setup-private.desktop.in:
    - internationalization work for LP: #358283
  * po/LINGUAS, po/ca.po: Catalan translation
  [ Yan Li <yan.i.li@intel.com> ]
  * src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/ecryptfs-migrate-home: add a script and pam hooks to
    support automatic migration to encrypted home directory
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-migrate-home: clean up for merge
    - use $() rather than ``
    - drop set -u
    - use = and !=, and quote vars, rather than testing with -ne, -eq,
      for better shell portability
    - improve usage statement and error text
    - check if already encrypted
    - handle migration of multiple users on boot
    - fix all whitespace, use tabs for indents
    - use quotes around variables, rather than ${} (stylistic preference)
    - major simplification for immediate release
      + remove boot and user modes; only support administrator mode for
        security reasons and to avoid race conditions
      + other modes can be re-added, if necessary, and if security
        concerns can be addressed
    - ensure running as root
    - drop VERBOSE option, always print useful info messages
    - call the user $USER_NAME rather than $USER_ID since id implies
      number, and here we're deailing with names
    - no decimals on awk calculation
    - mktemp on the target user, not root
    - check that there is enough disk space available to do the migration
    - ensure the user's homedir group is correct
    - add critical instructions, user *must* login after the migration and
      before the reboot, as their wrapped passphrase will be cleared on
      reboot (possible we should use an init script to move these to
      /var/tmp on reboot)
    - ensure permissions are set correctly
    - improve text at the end of the migration, organize into notes
  * ecryptfs-utils.ecryptfs-utils-restore.upstart,
    ecryptfs-utils.ecryptfs-utils-save.upstart, rules:
    - try to protect migrating users who don't login before the next reboot
  * debian/ecryptfs-utils.install: install the locale messages
  * src/desktop/ecryptfs-record-passphrase: improve dialog text
  * src/desktop/ecryptfs-record-passphrase: revert the _ bit, as it's not quite
    working yet, will need to talk to David to fix
  * src/utils/ecryptfs-setup-private: fix bug where setup-private
    incorrectly assumed that the home/private dir ownerships should
    be owned by USER:USER; instead, default to USER:GROUP, where
    GROUP is the USER's primary group by default, LP: #445301
  * src/utils/ecryptfs-setup-private, debian/control: LP: #456565
    - fix typo, s/getext/gettext
    - depend on gettext-base
  * src/utils/ecryptfs-setup-private: fix printing of error strings,
    which was broken by the gettext integration, LP: #471725;
    in doing so, use $() in place of ``, use '' for gettext arguments,
    and wrap gettext in "", like this: foo="$(gettext 'blah blah')"
  * debian/control: one package per line, helps tremendously when looking
    at diffs
  * debian/copyright: Add new fields
  * debian/ecryptfs-utils.postinst: minor set -e change
  [ Michael Terry ]
  * src/utils/ecryptfs-setup=swap: clean up some error message reporting,
    LP: #430891, #430890
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs.7: note the 64-char passphrase limit, LP: #386504
  * src/utils/ecryptfs-setup-private: minor documentation change
  [ Evan Dandrea ]
  * src/utils/ecryptfs-setup-swap: allow for setting up encrpyted swap,
    without activating it immediately, necessary for livecd installations
  [ Dustin Kirkland ]
  * debian/control: updated bzr and browser urls, bumped standards version
  * src/pam_ecryptfs/pam_ecryptfs.c: silence useless, oft-shown info
    message
  * src/utils/ecryptfs-mount-private, src/utils/ecryptfs-rewrite-file,
    src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-swap,
    src/utils/ecryptfs-umount-private: use gettext for all string printing,
    such that we can internationalize ecryptfs
  * po/POTFILES.sh, po/ecryptfs-utils.pot, po/fr.po, rules: add po to the
    build system; for now, in the debian/ directory; this should be put in
    the upstream source tree eventually (but I need some help with the
    automake/autoconf integration)
  * ecryptfs-setup-swap: exit(0) if there's no swaps to encrypt, ensures
    that this script succeeds if there is no swap space that needs to be
    secured, or if the existing swap space is already secured
  * doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
    doc/manpage/umount.ecryptfs.8, doc/manpage/Makefile.am: added manpagess
  * doc/manpage/ecryptfs.7: fix lintian warning
  * debian/lintian/ecryptfs-utils: added a lintian overrides file
  * debian/lintian/ecryptfs-utils, debian/ecryptfs-utils.install: add and
    install some proper lintian overrides
  * src/libecryptfs/module_mgr.c: fix typo, LP: #408437
  [ Evan Dandrea ]
  * ecryptfs-setup-swap: support more than one encrypted swap device
  [ Dorin Scutarașu ]
  * src/libecryptfs/key_management.c: fix null pointer deref, LP: #409565
  [ James Westby ]
  * src/libecryptfs/main.c flockfile the filehandle after checking that
    we were able to successfully open it (LP: #403011)
  * debian/libecryptfs0.shlibs: bump shlibs dep to 77 since we added new
    symbols there
  [ Dustin Kirkland ]
  * src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c:
    revert the zombie code removal from pam_ecryptfs as it seems this
    bit is still needed; fix the source of the problem introduced in
    commit r407; check for non-zero return codes; this problem would
    manifest itself as a) unable to unlock screensaver, b) unable to
    switch users, c) unable to mount home folder on initial login;
    LP: #402222, #402029
  * src/utils/ecryptfs-umount-private: use for loop to loop over key
    ids on removal
  * src/utils/mount.ecryptfs_private.c: return non-zero on unmount failure
    due to open sessions; handle this in ecryptfs-umount-private too; make
    the flock() blocking; use /dev/shm for counter; add an iterator to the
    counter file to prevent users from DoS'ing one another from accessing
    their encrypted directories, LP: #402745
  * debian/ecryptfs-utils.postinst: move /tmp counters to /dev/shm
  * configure.ac: link against pam, silence shlib warning
  * src/include/ecryptfs.h, src/libecryptfs/main.c,
    src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/mount.ecryptfs_private.c: move two functions from
    mount.ecryptfs_private to libecryptfs, namely is_mounted() and
    fetch_private_mnt(); use these in both pam_ecryptfs and
    mount.ecryptfs_private; also move PRIVATE to ECRYPTFS_PRIVATE in
    the ecryptfs.h headers; this will allow us to short-circuit some of the
    costly key-loading code on pam_auth if the private dir is already
    mounted, speeding up some subsequent authentications significantly,
    LP: #402748
  * doc/ecryptfs-mount-private.txt: removed the "$" to make copy-n-paste
    more user friendly
  * src/utils/ecryptfs-setup-private: when encrypting home, put the
    .ecryptfs and .Private data in /home/.ecryptfs rather than /var/lib,
    as users are forgetting to backup /var/lib, and are often putting
    /home on a separate partition; furthermore, this gives users a place
    to access their encrypted data for backup, rather than hiding the
    data below $HOME, LP: #371719
  [ Tyler Hicks ]
  * src/libecryptfs/cipher_list.c, src/libecryptfs/module_mgr.c:
    add blowfish/56-bytes to the list of ciphers we officially support,
    LP: #402790
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-swap: switch from vol_id to blkid,
    LP: #376486
  * debian/ecryptfs-utils.postinst, src/utils/ecryptfs-setup-private:
    don't echo mount passphrase if running in bootstrap mode; prune
    potential leakages from install log, LP: #383650
  * SECURITY UPDATE: mount passphrase recorded in install log (LP: #383650).
    - debian/ecryptfs-utils.postinst: prune private information from
      installer log
    - src/utils/ecryptfs-setup-private: don't echo passphrase if running in
      bootstrap mode
    - CVE-2009-1296
  * src/utils/ecryptfs-setup-private: make some of the lanuage more readable,
    (thanks, anrxc)
  * README, configure.ac, debian/control, debian/rules,
    doc/sourceforge_webpage/README, src/libecryptfs-swig/libecryptfs.py,
    src/libecryptfs-swig/libecryptfs_wrap.c,
    src/libecryptfs/key_management.c, src/libecryptfs/libecryptfs.pc.in,
    src/libecryptfs/main.c, src/pam_ecryptfs/Makefile.am,
    src/utils/manager.c, src/utils/mount.ecryptfs.c: move build from gcrypt
    to nss (this change has been pending for some time)
  * src/utils/ecryptfs-dot-private: dropped, was too hacky
  * ecryptfs-mount-private.1, ecryptfs-setup-private.1: align the
    documentation and implementation of the wrapping-independent feature,
    LP: #383746
  * src/utils/ecryptfs-umount-private: use keyctl list @u, since keyctl show
    stopped working, LP: #400484, #395082
  * src/utils/mount.ecryptfs_private.c: fix counter file locking; solves
    a longstanding bug about "random" umount caused by cronjobs, LP: #358573
  [ Michal Hlavinka (edits by Dustin Kirkland) ]
  * doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs.7,
    doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/umount.ecryptfs_private.1: documentation updated to note
    possible ecryptfs group membership requirements; Fix ecrypfs.7 man
    page and key_mod_openssl's error message; fix typo
  * src/libecryptfs/decision_graph.c: put a finite limit (5 tries) on
    interactive input; fix memory leaks when asking questions
  * src/libecryptfs/module_mgr.c: Don't error out with EINVAL when
    verbosity=0 and some options are missing.
  * src/utils/umount.ecryptfs.c: no error for missing key when removing it
  * src/libecryptfs-swig/libecryptfs.i: fix compile werror, cast char*
  * src/utils/ecryptfs_add_passphrase.c: fix/test/use return codes;
    return nonzero for --fnek when not supported but used
  * src/include/ecryptfs.h, src/key_mod/ecryptfs_key_mod_openssl.c,
    src/libecryptfs/module_mgr.c: refuse mounting with too small rsa
    key (key_mod_openssl)
  * src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c: fix return
    codes
  * src/utils/ecryptfs-rewrite-file: polish output
  * src/libecryptfs/key_management.c: inform about full keyring; insert fnek
    sig into keyring if fnek support check fails; don't fail if key already
    exists in keyring
  * src/utils/ecryptfs-setup-private: if the ecryptfs group exists, restrict
    ecryptfs-setup-private to members of this group
  * src/pam_ecryptfs/pam_ecryptfs.c: dynamically load ecryptfs module by
    checking ecryptfs version
  * src/libecryptfs/decision_graph.c, src/utils/io.c,
    src/utils/mount.ecryptfs.c: fix EOF handling, LP: #371587
  * src/desktop/Makefile.am: make desktop files trusted, LP: #371426
  [ Dustin Kirkland and Daniel Baumann ]
  * debian/control, debian/copyright, debian/ecryptfs-utils.dirs,
    debian/ecryptfs-utils.install, debian/ecryptfs-utils.postinst,
    debian/rules, ecryptfs-utils.pam-auth-update: sync Ubuntu's
    packaging with Debian; drop dpatch, drop libssl build dep, clean
    up extraneous debhelper bits, match cflags; remaining diff is only
    ecryptfs-utils.prerm
  [ Arfrever Frehtes Taifersar Arahesis ]
  * key_mod/ecryptfs_key_mod_gpg.c,
    key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    libecryptfs/key_management.c, utils/ecryptfs_unwrap_passphrase.c:
    Fix warnings, initialize a few variables, drop unused ones
  [ David Hicks ]
  * src/lib/key_management.c: fix stray semicolon that prevents .ecryptfsrc
    files from working properly, LP: #372709
  [ Michael Rooney ]
  * src/python/ecryptfsapi.py: added python api
  [ Dustin Kirkland ]
  * debian/rules: drop hackery that moves stuff /usr/share/ecryptfs-utils
  * src/utils/mount.ecryptfs_private.c: update inline documentation
  * debian/changelog, src/libecryptfs/cmd_ln_parser.c,
    src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c,
    src/utils/ecryptfs_add_passphrase.c,
    src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    src/utils/ecryptfs_rewrap_passphrase.c,
    src/utils/ecryptfs_unwrap_passphrase.c,
    src/utils/ecryptfs_wrap_passphrase.c: silence some useless logging,
    LP: #313330
  * include/ecryptfs.h, libecryptfs/key_management.c,
    utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    utils/ecryptfs_unwrap_passphrase.c: if the file to unwrap is
    unspecified, try to use the default ~/.ecryptfs/wrapped-passphrase
    before bailing out, LP: #359997
  * src/utils/ecryptfs-setup-private: unix_chkpwd is not always present
    (eg, gentoo), LP: #332341
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7: ecryptfs_encrypted_view option desription
    was wrong LP: #328761
  [ Michal Hlavinka ]
  * decision_graph.c: fix uninitialized return code
  * mount.ecryptfs.c: don't pass verbosity option to kernel
  [ anrxc & Dustin Kirkland ]
  * doc/Makefile.am, src/desktop/Makefile.am: fix automake installation from
    /usr/share to /usr/share/ecryptfs-utils
  [ Daniel Baumann & Dustin Kirkland ]
  * debian/rules, debian/control: sync differences between Debian & Ubuntu's
    packaging
  [ Arfrever Frehtes Taifersar Arahesis ]
  * src/key_mod/ecryptfs_key_mod_gpg.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c: fix implicit declations
  [ Frédéric Guihéry ]
  * key_mod/ecryptfs_key_mod_tspi.c, utils/ecryptfs_generate_tpm_key.c:
    the SRK password should be set to 20 bytes of NULL (wellknown
    password), in order for different tools to request key protection
    with the Storage Root Key
  [ Michal Hlavinka ]
  * Changes for RH/Fedora release
    - change error codes to be more descriptive
    - decision_graph.h, *: change definition of node return codes to positive
      values
    - mount.ecryptfs.c: insist for yes/no answer for unkown sigs
    - don't print error for removing key from keyring if it succeeded
    - module_mgr.c: insist on yes/no answer
    - use ECRYPTFS_NONEMPTY_VALUE_REQUIRED where reasonable
    - pam_ecryptfs.c: don't try to unwrap key for users not using pam mounting
    - add verbosity to man page
    - decision_graph.* : add ECRYPTFS_NONEMPTY_VALUE_REQUIRED flag for nodes
    - decision_graph.* : add WRONG_VALUE return code to nodes for asking
      question again
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-private: fix bug in grep when running with LANG
    in other locales, LP: #347969
  * doc/manpage/ecryptfs.7: add notes about verbose option
  * src/desktop: add the desktop files to the dist tarball
  * src/utils/ecryptfs-dot-private: sourceable file for accessing your
    encrypted data; useful for conducting backups
  [ Martin Pitt and Dustin Kirkland ]
  Reworked the fixes for LP: #352307, remind user to record their passphrase
  * src/desktop/ecryptfs-record-passphrase: run if
    ~/.ecryptfs/.wrapped-passphrase.recorded does NOT exist; touch that
    file upon successful run of unwrap passphrase
  * debian/patches/00list,
    debian/patches/update-notifier-remind-passphrase.dpatch: dropped, since
    this was moved into PAM

ubuntu/vivid-proposed 2015-07-15 19:38:43 UTC 2015-07-15
Import patches-unapplied version 107-0ubuntu1.2 to ubuntu/vivid-proposed

Author: Martin Pitt
Author Date: 2015-07-09 07:04:27 UTC

Import patches-unapplied version 107-0ubuntu1.2 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 1086198f93eb38939c9884bd41b14a46d05456b7

New changelog entries:
  * Add setup-swap-check-links.patch: When commenting out existing swap, also
    consider device symlinks like /dev/mapper/ubuntu--vg-swap_1 or
    /dev/disks/by-uuid/ into account. Fixes broken cryptswap under LVM and
    manual setups. (LP: #1453738)
  * debian/ecryptfs-utils.postinst: On upgrade, uncomment underlying
    unencrypted swap partitions that are referred to by a device link when
    crypttab and fstab have a "cryptswap*" device referring to them.

ubuntu/vivid 2015-03-28 00:43:32 UTC 2015-03-28
Import patches-unapplied version 107-0ubuntu1 to ubuntu/vivid-proposed

Author: Dustin Kirkland 
Author Date: 2015-03-26 23:02:29 UTC

Import patches-unapplied version 107-0ubuntu1 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: dd52703b628dbc7ba718e7d068506782c275f428

New changelog entries:
  [ Dustin Kirkland ]
  * scripts/release.sh:
    - a few more release script improvements, build the source
      package for the Ubuntu development distro
  * debian/control:
    - build depend on distro-info, which we use in our release script
  * vivid
  [ Tyler Hicks ]
  * src/libecryptfs/key_management.c:
    - Fix a regression when reading version 1 wrapped passphrase files. A
      return code indicating success was always returned even when an error
      was encountered. The impact is low since the error situation is still
      caught when validating either the wrapping password's signature or the
      wrapped passphrase's signature. Thanks to László Böszörményi for
      catching this mistake.
    - Reject empty passphrases passed into ecryptfs_wrap_passphrase()
  * src/libecryptfs/main.c:
    - Reject empty wrapping passphrases passed into generate_passphrase_sig()
  [ Dustin Kirkland and Martin Pitt ]
  * debian/ecryptfs-utils.postinst: LP: #953875
    - detect and clean up after nonexisting cryptswap devices
  [ Tyler Hicks ]
  * tests/userspace/Makefile.am: Fix the 'make check' failure present in the
    ecryptfs-utils-105 release tarball. The failure was due to the automake
    file not specifying that some data files should be distributed as part
    of the v1-to-v2-wrapped-passphrase test, causing the test to fail due to
    the missing files.
  [ Dustin Kirkland ]
  * scripts/release.sh:
    - ensure that we try a binary build as part of the release process
    - make sure we're in the original working directory when we release
    - remove the -x option, too noisy
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs.7: LP: #1267640
    - fix inconsistency in man page for passphrase_passwd_file format
  * doc/manpage/ecryptfs-setup-private.1, src/utils/ecryptfs-setup-
    private, src/utils/ecryptfs-setup-swap: LP: #1420424
    - use /dev/random rather than /dev/urandom for long lived keys
  * src/utils/ecryptfs-setup-private:
    - use /dev/urandom for our testing, as we read a lot of info
  * src/utils/ecryptfs-setup-swap: LP: #953875, #1086140
    - fix a whitespace bug in a grep, that might cause us to not
      comment out the old swap space in /etc/fstab
    - offset the start of the encrypted swap space by 1KB, which
      ensures that we don't overwrite the UUID label on the header
      of the partition
    - use the aes-xts block cipher, and plain64 initialization vector,
      which are current best practice here
    - fixed a grammar nitpick
  [ Colin King ]
  * src/libecryptfs/key_management.c, src/utils/mount.ecryptfs.c:
    - A couple of minor fixes: Fix a memory leak and handle out of memory
      error, as found by using cppcheck.
  * src/utils/mount.ecryptfs.c
    - fix potential double free on yesno if get_string_stdin exits early
      without allocating a new buffer and we free yesno on the exit clean
      up path.
  * src/libecryptfs/cmd_ln_parser.c
    - remove redundant if / goto statement that does nothing.
  [ Anders Kaseorg ]
  * src/pam_ecryptfs/pam_ecryptfs.c: exit (not return) from forked child on
    error (LP: #1323421)
  [ Tyler Hicks ]
  * Introduce the version 2 wrapped-passphrase file format. It adds the
    ability to combine a randomly generated salt with the wrapping password
    (typically, a user's login password) prior to performing key
    strengthening. The version 2 file format is considered to be a
    intermediate step in strengthening the wrapped-passphrase files of
    existing encrypted home/private users. Support for reading/writing version
    2 wrapped-passphrase files and transparent migration, through
    pam_ecryptfs, from version 1 to version 2 files is considered safe enough
    to backport to stable distro releases. The libecryptfs ABI around
    wrapped-passphrase file handling is not broken.
    - CVE-2014-9687
  * Run wrap-unwrap.sh test as part of the make check target.
  * Add a new test, called v1-to-v2-wrapped-passphrase.sh, which is suitable
    for the make check target and verifies v1 to v2 wrapped-passphrase file
    migration.
  * Create a temporary file when creating a new wrapped-passphrase file and
    copy it to its final destination after the file has been fully synced to
    disk (LP: #1020902)
  [ Colin King ]
  * src/libecryptfs/ecryptfs-stat.c, tests/kernel/extend-file-
    random/test.c, tests/kernel/inode-race-stat/test.c,
    tests/kernel/trunc-file/test.c:
    - Fixed some 32 bit build warnings
  * src/libecryptfs/decision_graph.c, src/libecryptfs/key_management.c,
    src/libecryptfs/main.c, src/libecryptfs/module_mgr.c, src/utils/io.c,
    src/utils/mount.ecryptfs_private.c, tests/kernel/inotify/test.c,
    tests/kernel/trunc-file/test.c, tests/userspace/wrap-unwrap/test.c:
    - Fixed a pile of minor bugs (memory leaks, unclosed file descriptors,
      etc.) mostly in error paths
  * src/key_mod/ecryptfs_key_mod_passphrase.c, src/libecryptfs/main.c,
    src/pam_ecryptfs/pam_ecryptfs.c:
    - more Coverity fixes, memory leak, error checking, etc.
  [ Nobuto MURATA ]
  * fix an empty update-notifier window (LP: #1107650)
    - changes made in Rev.758 was incomplete
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7:
    - adjust man page text to avoid confusion about whether the interactive
      mount helper takes a capital 'N' for the answer to y/n questions
      (LP: #1130460)
  * src/utils/ecryptfs_rewrap_passphrase.c:
    - Handle errors when interactively reading the new wrapping passphrase
      and the confirmation from stdin. Fixes a segfault (invalid memory read)
      in ecryptfs-rewrap-passphrase if there was an error while reading either
      of these passphrases.
  * configure.ac:
    - Set AM_CPPFLAGS to always include config.h as the first include file.
      Some .c files correctly included config.h before anything else. The
      majority of .c files got this wrong by including it after other header
      files, including it multiple times, or not including it at all.
      Including it in the AM_CPPFLAGS should solve these problems and keep
      future mistakes from happening in new source files.
    - Enable large file support (LFS) through the use of the AC_SYS_LARGEFILE
      autoconf macro. ecryptfs-utils has been well tested with LFS enabled
      because ecryptfs-utils is being built with
      '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' in Debian-based distros.
      This is mainly needed for some of the in-tree regression tests but
      ecryptfs-utils, in general, should be built with LFS enabled.
  * debian/rules:
    - Don't append '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' to the CFLAGS
      now that the upstream build enables LFS
  * tests/userspace/lfs.sh, tests/userspace/lfs/test.c:
    - Add a test to verify that LFS is enabled. This test is run under the
      make check target.
  * tests/kernel/enospc/test.c:
    - Fix test failures on 32 bit architectures due to large file sizes
      overflowing data types
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-swap: LP: #1172014
    - write crypttab entry using UUID
  * src/utils/ecryptfs-recover-private: LP: #1028532
    - error out, if we fail to mount the private data correctly
  [ Colin King and Dustin Kirkland ]
  * configure.ac, src/daemon/main.c, src/libecryptfs/cmd_ln_parser.c,
    src/libecryptfs/decision_graph.c, src/utils/mount.ecryptfs.c,
    tests/kernel/trunc-file/test.c:
    - remove some dead code, fix some minor issues raised by Coverity
  [ Tyler Hicks ]
  * debian/rules:
    - Use dpkg-buildflags to inject distro compiler hardening flags into the
      build. This also fixes the hardening-no-fortify-functions lintian
      warnings.
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
    doc/manpage/ecryptfs-find.1, doc/manpage/ecryptfs-generate-tpm-
    key.1, doc/manpage/ecryptfs-insert-wrapped-passphrase-into-
    keyring.1, doc/manpage/ecryptfs-manager.8, doc/manpage/ecryptfs-
    migrate-home.8, doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
    passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
    swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
    private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
    doc/manpage/ecryptfs-verify.1, doc/manpage/ecryptfs-wrap-
    passphrase.1, doc/manpage/Makefile.am, doc/manpage/mount.ecryptfs.8,
    doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
    doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1, src/desktop/ecryptfs-find =>
    src/utils/ecryptfs-find, src/desktop/Makefile.am,
    src/utils/Makefile.am:
    - add 3 new manpages, for ecryptfs-find, ecryptfs-verify, and
      ecryptfs-migrate-home
    - Add SEE ALSO section to manpages which were missing it
    - Mention "Debian and Ubuntu" in license location
    - move the ecryptfs-find utility to the proper location in src/utils
  * src/utils/Makefile.am:
    - fix broken build
  * debian/ecryptfs-utils.links:
    - link no longer needed for ecryptfs-find
  [ Colin King ]
  * === added directory tests/kernel/mmap-bmap, === added directory
    tests/kernel/xattr, tests/kernel/link.sh, tests/kernel/Makefile.am,
    tests/kernel/mknod.sh, tests/kernel/mmap-bmap.sh, tests/kernel/mmap-
    bmap/test.c, tests/kernel/tests.rc, tests/kernel/xattr.sh,
    tests/kernel/xattr/test.c:
    - ran the current eCryptfs tests on 3.8-rc4 with kernel gcov enabled
      and spotted a few trivial areas where it would be useful to up the
      test coverage on the code
    - so here are a few very simple additional tests to exercise eCryptfs
      a little further
  [ Dustin Kirkland ]
  * debian/control:
    - bump standards, no change
  [ Tyler Hicks ]
  * autogen.sh, scripts/release.sh, Makefile.am:
    - Break out the autoreconf and intltoolize commands from release.sh into
      an executable autogen.sh
    - Use the --copy option when invoking intltoolize
    - Include the new autogen.sh script in the release tarball
  * debian/rules, debian/control:
    - Use dh-autoreconf so that upstream sources can easily be used to build
      packages for all the stable Ubuntu releases in the ecryptfs-utils daily
      build PPA
    - Override the dh_autoreconf target by running the autogen.sh script
    - Drop Build-Depends on autotools-dev since dh-autoreconf is a superset of
      autotools-dev
    - Drop Build-Depends on autoconf, automake, and libtool since
      dh-autoreconf depends on all of these packages
  * m4/ac_python_devel.m4:
    - Fix FTBFS in Raring Ringtail due to multiarch Python. Be sure to include
      platform specific Python include directions in SWIG_PYTHON_CPPFLAGS.
  * src/utils/mount.ecryptfs_private.c:
    - Fix conditionals when checking whether to remove authentication tokens
      from the kernel keyring upon umount. This conditional was incorrectly
      modified in ecryptfs-utils-101, yet the authentication tokens still seem
      to be removed from the kernel keyring so it isn't clear if there was
      actually a user-facing regression.
    - Pass the FEKEK sig, rather than the FNEK sig, to
      ecryptfs_private_is_mounted()
    - Restore behavior of not printing error messages to syslog when
      unmounting and keys cannot be found in the kernel keyring.
    - Restore behavior of printing a useful error message about
      ecryptfs-mount-private when mounting and keys cannot be found in the
      kernel keyring
    - Fix memory leak and clean up free()'s in an error path
    - Use pointer assignment tests, rather than strlen(), to determine which
      key signatures were fetched
  * src/daemon/main.c, src/include/ecryptfs.h,
    src/libecryptfs/{Makefile.am,messaging.c,miscdev.c,netlink.c,sysfs.c},
    doc/manpage/ecryptfsd.8, doc/design_doc/ecryptfs_design_doc_v0_2.tex:
    - Remove netlink messaging interface support
    - Netlink messaging support was superceded by the miscdev interface
      (/dev/ecryptfs) in upstream kernel version 2.6.26 in July, 2008
    - Netlink messaging support was completely removed from the upstream
      kernel starting with version 2.6.32 in December, 2009
  * src/jprobes/*, scripts/delete-cruft.sh:
    - Remove all jprobes code, as I don't use jprobes to debug eCryptfs kernel
      issues and I don't like the idea of maintaining these jprobes outside of
      the kernel tree
  * src/escrow/*:
    - Remove all escrow code, as it isn't used or maintained
  * tests/kernel/llseek.sh, tests/kernel/llseek/test.c,
    tests/userspace/wrap-unwrap.sh, tests/userspace/wrap-unwrap/test.c:
    - Migrate some old testcases over to the modern test framework
  * tests/lib/etl_funcs.sh:
    - Update etl_create_test_dir() to allow a parent directory to be specified
      when creating the directory
  * src/testcases:
    - Delete old testcases that were either too basic, covered by more
      extensive tests in the modern test framework, or just didn't work
  [ Nobuto MURATA ]
  * src/desktop/ecryptfs-record-passphrase:
  [ Eric Lammerts ]
  * src/libecryptfs/sysfs.c: LP: #1007880
    - Handle NULL mnt pointer when sysfs is not mounted
  [ Tyler Hicks ]
  * src/utils/ecryptfs-migrate-home: LP: #1026180
    - Correct minor misspelling
  * src/utils/ecryptfs-recover-private: LP: #1004082
    - Fix option parsing when --rw is specified
  * src/utils/ecryptfs-recover-private: LP: #1028923
    - Simplify success message to prevent incorrectly reporting that a
      read-only mount was performed when the --rw option is specified
  * tests/lib/etl_func.sh:
    - Add test library function to return a lower path from an upper path,
      based on inode numbers
  * tests/kernel/mmap-close.sh, tests/kernel/mmap-close/test.c:
    - Add regression test for open->mmap()->close()->dirty memory->munmap()
      pattern
  * tests/kernel/lp-561129.sh:
    - Add test for checking that a pre-existing target inode is properly
      evicted after a rename
  * tests/README:
    - Add documentation on the steps to take when adding new test cases
  [ Colin King ]
  * tests/kernel/lp-911507.sh:
    - Add test case for initializing empty lower files during open()
  * tests/kernel/lp-872905.sh:
    - Add test case to check for proper unlinking of lower files when
      lower file initialization fails
  * src/key_mod/ecryptfs_key_mod_openssl.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    src/libecryptfs/key_management.c,
    src/utils/mount.ecryptfs_private.c, src/utils/umount.ecryptfs.c:
    - address some issues raised by smatch static analysis
    - fix some memory leaks with frees
    - fix some pointer refs and derefs
    - fix some comment typos
  [ Dustin Kirkland ]
  * src/libecryptfs/key_management.c:
    - silence pam error message when errno == EACCES
      + "Error attempting to parse .ecryptfsrc file; rc = [-13]"
  * src/utils/mount.ecryptfs_private.c: LP: #1052038
    - fix race condition, which typically manifests itself with a user
      saying that their home directory is not accessible, or that their
      filenames are not decrypted
    - the root of the problem is that we were reading the signature file,
      ~/.ecryptfs/Private.sig, twice; in some cases, the first one succeeds,
      so the file encryption signature is read and key is loaded, but then
      some other process (usually from PAM, perhaps a cron job or a
      subsequent login) mounts the home directory before the filename
      encryption key is loaded; thus, $HOME is mounted but filenames are
      not decrypted, so the second read of ~/.ecryptfs/Private.sig fails
      as that file is not found
    - the solution is to rework the internal fetch_sig() function and read
      one or both signatures within a single open/read/close operation of
      the file
    - free memory used by char **sig on failure
  * debian/copyright:
    - fix lintian warning
  [ Tyler Hicks ]
  * src/pam_ecryptfs/pam_ecryptfs.c, src/libecryptfs/key_management.c:
      LP: #1024476
    - fix regression introduced in ecryptfs-utils-99 when Encrypted
      Home/Private is in use and the eCryptfs kernel code is compiled as a
      module
    - drop check for kernel filename encryption support in pam_ecryptfs, as
      appropriate privileges to load the eCryptfs kernel module may not be
      available and filename encryption has been supported since 2.6.29
    - always add filename encryption key to the kernel keyring from pam_mount
  [ Colin King ]
  * tests/kernel/inode-race-stat/test.c:
    - limit number of forks based on fd limits
  * tests/kernel/enospc.sh, tests/kernel/enospc/test.c,
    tests/kernel/Makefile.am, tests/kernel/tests.rc:
    - add test case for ENOSPC
  [ Tim Harder ]
  * m4/ac_python_devel.m4: LP: #1029217
    - proplery save and restore CPPFLAGS and LIBS when python support is
      enabled
  [ Dustin Kirkland ]
  * debian/ecryptfs-utils.postinst: LP: #936093
    - ensure desktop file is executable
  [ Wesley Wiedenmeier ]
  * src/utils/mount.ecryptfs.c: LP: #329264
    - remove old hack, that worked around a temporary kernel regression;
      ensure that all mount memory is mlocked
  [ Sebastian Krahmer ]
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #732614
    - drop group privileges in the same places that user privileges are
      dropped
    - check return status of setresuid() calls and return if they fail
    - drop privileges before checking for the existence of
      ~/.ecryptfs/auto-mount to prevent possible file existence leakage
      by a symlink to a path that typically would not be searchable by
      the user
    - drop privileges before reading salt from the rc file to prevent the
      leakage of root's salt and, more importantly, using the incorrect salt
    - discovered, independently, by Vasiliy Kulikov and Sebastian Krahmer
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #1020904
    - after dropping privileges, clear the environment before executing the
      private eCryptfs mount helper
    - discovered by Sebastian Krahmer
  * src/utils/mount.ecryptfs_private.c: LP: #1020904
    - do not allow private eCryptfs mount aliases to contain ".." characters
      as a preventative measure against a crafted file path being used as an
      alias
    - force the MS_NOSUID mount flag to protect against user controlled lower
      filesystems, such as an auto mounted USB drive, that may contain a
      setuid-root binary
      + CVE-2012-3409
    - force the MS_NODEV mount flag
    - after dropping privileges, clear the environment before executing umount
    - discovered by Sebastian Krahmer
  [ Tyler Hicks ]
  * src/libecryptfs/key_management.c: LP: #732614
    - zero statically declared buffers to prevent the leakage of stack
      contents in the case of a short file read
    - discovered by Vasiliy Kulikov
  * src/libecryptfs/module_mgr.c, src/pam_ecryptfs/pam_ecryptfs.c:
    - fix compiler warnings
  [ Dustin Kirkland ]
  * debian/ecryptfs-utils.prerm:
    - drop the pre-removal ERRORs down to WARNINGs
    - these have caused a ton of trouble; whatever is causing ecryptfs-utils
      to be marked for removal should be fixed; but ecryptfs exiting 1 seems
      to be causing more trouble than it's worth
    - LP: #871021, #812270, #988960, #990630, #995381, #1010961
  * doc/ecryptfs-faq.html:
    - update the frequently asked questions, which haven't seen much
      attention in a while now
    - drop a few references to sourceforge
  * doc/ecryptfs-pam-doc.txt, doc/manpage/fr/ecryptfs-add-passphrase.1,
    doc/manpage/fr/ecryptfs-generate-tpm-key.1, doc/manpage/fr/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-
    mount-private.1, doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
    doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
    umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
    doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
    zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
    doc/sourceforge_webpage/ecryptfs-article.pdf,
    doc/sourceforge_webpage/ecryptfs_design_doc_v0_1.pdf,
    doc/sourceforge_webpage/ecryptfs-faq.html,
    doc/sourceforge_webpage/ecryptfs-key-diagram-356.png,
    doc/sourceforge_webpage/ecryptfs-key-diagram-640.png,
    doc/sourceforge_webpage/ecryptfs-pageuptodate-call-graph.png,
    doc/sourceforge_webpage/ecryptfs-pam-doc.txt,
    doc/sourceforge_webpage/ecryptfs.pdf,
    doc/sourceforge_webpage/index.html, doc/sourceforge_webpage/README,
    === removed directory doc/manpage/fr, === removed directory
    doc/sourceforge_webpage, rpm/ecryptfs-utils.spec:
    - remove some deprecated documentation
    - fish it out of bzr, if we ever need it again, but let's
      quit publishing it in our release tarballs
  [ Kees Cook ]
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #938326
    - exit, rather than return to prevent duplicate processes
  [ Andreas Raster ]
  * src/desktop/ecryptfs-find:
    - $mounts was quoted once too often
  [ George Wilson ]
  * src/key_mod/ecryptfs_key_mod_openssl.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    src/key_mod/ecryptfs_key_mod_tspi.c: LP: #937331
    - IBM would like to grant a license exception for key modules that
      require linking to OpenSSL. The change should make the modules
      shippable by Linux distributions
  [ Dustin Kirkland ]
  * debian/copyright:
    - note the GPLv2 SSL exception granted by IBM for the key modules
  * debian/control, debian/copyright, doc/manpage/ecryptfs.7,
    doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
    doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
    manager.8, doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
    passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
    swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
    private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
    doc/manpage/ecryptfs-wrap-passphrase.1,
    doc/manpage/mount.ecryptfs.8, doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/pam_ecryptfs.8, doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1, README,
    src/utils/mount.ecryptfs.c:
    - use the new ecryptfs.org website where appropriate
  * debian/control:
    - update to suggest zescrow-client
  [ Sergio Peña ]
  * src/libecryptfs/cipher_list.c: LP: #922821
    - add the new name of the blowfish cipher (linux >= 3.2)
  * src/include/ecryptfs.h, src/libecryptfs/main.c,
    src/utils/mount.ecryptfs.c: LP: #917509
    - use execl() to mount ecryptfs
    - this allows us to support any arbitrary mount options in
      /etc/fstab
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7:
    - Remove the note saying that the passphrase and openssl key modules are
      available by default. That's true upstream but not always true in distro
      builds.
  * tests/run_tests.sh:
    - Make upper and lower mount point arguments optional by automatically
      creating directories in /tmp by default.
    - Make it possible to run only userspace tests without having to specify
      unused mount information
    - Accept a comma-separated list of lower filesystems to test on and loop
      through all kernel tests for each lower filesystem
    - Accept a comma-separated list of tests to run
  * tests/lib/etl_funcs.sh:
    - Unset $ETL_DISK just before etl_remove_disk() successfully returns
  * tests/userspace/Makefile.am:
    - Also build 'make check' tests when building with --enable-tests
  * include/ecryptfs.h, libecryptfs/Makefile.am,
    libecryptfs/cipher_list.c, libecryptfs/module_mgr.c,
    utils/io.h: LP: #994813
    - remove overly complicated implementation to detect what ciphers
      are supported by the currently running kernel's crypto api
    - prompt for the entire supported cipher list, if the user selects a
      cipher that their kernel doesn't support, the mount will fail
      and the kernel will write an error message to the syslog
  * src/libecryptfs/module_mgr.c:
    - Use correct blowfish block size when displaying supported ciphers to
      the user
  * tests/kernel/lp-1009207.sh, tests/kernel/Makefile.am,
    tests/kernel/tests.rc:
    - Add simple test case for incorrect handling of umask and default POSIX
      ACL masks
  * tests/kernel/lp-994247.sh, tests/kernel/lp-994247/test.c,
    tests/kernel/Makefile.am, tests/kernel/tests.rc:
    - Add test case for incorrect handling of open /dev/ecryptfs file
      descriptors that are passed or inherited by other processes
  [ Colin King ]
  * tests/lib/etl_funcs.sh:
    - etl_lumount() should use DST rather than SRC dir so it can run on Lucid
    - use file system appropriate mkfs force flag
    - cater for correct ext2 default mount flags
  * tests/kernel/lp-509180.sh, tests/kernel/lp-509180/test.c:
    - test for trailing garbage at end of files
  * tests/kernel/lp-524919.sh, tests/kernel/lp-524919/test.c:
    - test case for checking lstat/readlink size
  * tests/kernel/lp-870326.sh, tests/kernel/lp-870326/test.c:
    - test case for open(), mmap(), close(), modify mmap'd region
  * tests/kernel/lp-469664.sh:
    - test case for lsattr
  * tests/kernel/lp-613873.sh:
    - test case for stat modify time
  * tests/kernel/lp-745836.sh:
    - test case for clearing ECRYPTFS_NEW_FILE flag during truncate
  * tests/lib/etl_funcs.sh, tests/kernel/extend-file-random.sh,
    tests/kernel/trunc-file.sh (LP: #1007159):
    - Add test library function for estimating available space in lower fs
    - Use new library function in tests that need to create large files
  [ Colin Watson ]
  * src/utils/ecryptfs-setup-swap: Skip /dev/zram* swap devices
    LP: #979350
  [ Serge Hallyn ]
  * src/utils/mount.ecryptfs_private.c:
    - EoL fixes
  [ Dustin Kirkland ]
  * CONTRIBUTING:
    - added a new file to describe how to contribute to ecryptfs
  * === added directory img/old, img/old/ecryptfs_14.png,
    img/old/ecryptfs_192.png, img/old/ecryptfs_64.png:
    - saving the old logos/branding for posterity
  * debian/copyright, img/COPYING:
    - added CC-by-SA 3.0 license
    - use the text version
  * img/ecryptfs_14.png, img/ecryptfs_192.png, img/ecryptfs_64.png:
    - added scaled copies of images used for Launchpad.net branding
  * src/utils/ecryptfs-recover-private: LP: #847505
    - add an option to allow user to enter the mount passphrase,
      in case they've recorded that, but forgotten their login
      passphrase
  * src/libecryptfs/sysfs.c: LP: #802197
    - default sysfs to /sys, if not found in /etc/mtab
    - it seems that reading /etc/mtab for this is outdated
    - ensure that ecryptfs works even if there is no sysfs entry
      in /etc/mtab
  * src/key_mod/ecryptfs_key_mod_tspi.c: LP: #462225
    - fix TPM and string_to_uuid 64bits issue
    - thanks to Janos for the patch
  [ Tyler Hicks ]
  * CONTRIBUTING:
    - clarified how to contribute to the ecryptfs kernel module
  * tests/lib/etl_funcs.sh:
    - created eCryptfs test library of bash functions for use in test
      cases and test harnesses
  * test/etl_add_passphrase_key_to_keyring.c:
    - created a C helper program to allow bash scripts to interface to
      the libecryptfs function that adds passphrase-based keys to the
      kernel keyring
  * tests/kernel/tests.rc, tests/userspace/tests.rc:
    - created a test case category files for test harnesses to source
      when running testcases of a certain category (destructive, safe,
      etc.)
  * tests/run_tests.sh:
    - created a test harness to run eCryptfs test cases
  * tests/kernel/miscdev-bad-count.sh,
    tests/kernel/miscdev-bad-count/test.c:
    - created test case for miscdev issue reported to mailing list
  * tests/kernel/lp-885744.sh:
    - created test case for pathconf bug
  * tests/kernel/lp-926292.sh:
    - created test case for checking stale inode attrs after setxattr
  * tests/new.sh:
    - created new test case template to copy from
  * tests/userspace/verify-passphrase-sig.sh,
    tests/userspace/verify-passphrase-sig/test.c:
    - created test case, for make check, to test the creation of
      passphrase-based fekeks and signatures
  * configure.ac, Makefile.am, tests/Makefile.am, tests/lib/Makefile.am,
    tests/kernel/Makefile.am, tests/userspace/Makefile.am:
    - updated and created autoconf/automake files to build the new tests
      directory
    - added make check target
  [ Eddie Garcia ]
  * img/*: LP: #907131
    - contributing a new set of logos and branding under the CC-by-SA3.0
      license
  [ Colin King ]
  * tests/kernel/extend-file-random.sh,
    tests/kernel/extend-file-random/test.c:
    - Test to randomly extend file size, read/write + unlink
  * tests/kernel/trunc-file.sh, tests/kernel/trunc-file/test.c:
    - Test to exercise file truncation
  * tests/kernel/directory-concurrent.sh,
    tests/kernel/directory-concurrent/test.c:
    - test for directory creation/deletion races with multiple processes
  * tests/kernel/file-concurrent.sh,
    tests/kernel/file-concurrent/test.c:
    - test for file creation/truncation/unlink races with multiple
      processes
  * tests/kernel/inotify.sh, tests/kernel/inotify/test.c:
    - test for proper inotify support
  * tests/kernel/mmap-dir.sh, tests/kernel/mmap-dir/test.c:
    - test that directory files cannot be mmap'ed
  * tests/kernel/read-dir.sh, tests/kernel/read-dir/test.c:
    - test that read() on directory files returns the right error
  * tests/kernel/setattr-flush-dirty.sh:
    - test that the modified timestamp isn't clobbered in writeback
  * tests/kernel/inode-race-stat.sh, tests/kernel/inode-race-stat/test.c:
    - test for inode initialization race condition
  [ Serge Hallyn ]
  * fix infinite loop on arm: fgetc returns an int, and -1 at end of
    options. Arm makes char unsigned. (LP: #884407)
  [ Dustin Kirkland ]
  * debian/compat, debian/control, debian/ecryptfs-utils.install,
    debian/ecryptfs-utils.lintian-overrides,
    debian/libecryptfs0.install, debian/libecryptfs-dev.install,
    debian/lintian/ecryptfs-utils, debian/python-ecryptfs.install,
    debian/rules, debian/source/options, doc/ecryptfs-pam-doc.txt,
    doc/manpage/ecryptfs-setup-private.1, lintian/ecryptfs-utils, ===
    removed directory debian/lintian:
    - merge a bunch of packaging changes from Debian's Daniel Baumann
    - fixes LP: #800647
  * scripts/release.sh:
    - minor release fixes
  [ Dustin Kirkland ]
  * scripts/release.sh:
    - fix release script
    - bump ubuntu release
  * doc/manpage/ecryptfs-recover-private.1, src/utils/ecryptfs-migrate-
    home (properties changed: -x to +x), src/utils/ecryptfs-recover-
    private:
    - add a --rw option for ecryptfs-recover-private
  * src/utils/ecryptfs-migrate-home: LP: #820416
    - show progress on rsync
  * debian/ecryptfs-utils.ecryptfs-utils-restore.upstart,
    debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
    src/utils/ecryptfs-migrate-home,
    src/utils/ecryptfs-setup-private: LP: #883238
    - remove 2 upstart scripts, which attempted to "save" users who didn't
      login after migrating their home; instead, we now require the root
      user to enter user passwords at migration time
  * debian/copyright, debian/ecryptfs-utils.ecryptfs-utils-
    restore.upstart, debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
    doc/manpage/ecryptfs.7, doc/manpage/ecryptfs-add-passphrase.1,
    doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
    mount-private.1, doc/manpage/ecryptfs-recover-private.1,
    doc/manpage/ecryptfs-rewrap-passphrase.1, doc/manpage/ecryptfs-
    rewrite-file.1, doc/manpage/ecryptfs-setup-private.1,
    doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
    doc/manpage/ecryptfs-umount-private.1, doc/manpage/ecryptfs-unwrap-
    passphrase.1, doc/manpage/ecryptfs-wrap-passphrase.1,
    doc/manpage/fr/ecryptfs-add-passphrase.1, doc/manpage/fr/ecryptfs-
    generate-tpm-key.1, doc/manpage/fr/ecryptfs-insert-wrapped-
    passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-mount-private.1,
    doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
    doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
    umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
    doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
    zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
    doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
    doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1,
    src/pam_ecryptfs/pam_ecryptfs.c,
    src/utils/ecryptfs_add_passphrase.c,
    src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    src/utils/ecryptfs-migrate-home, src/utils/ecryptfs-mount-private,
    src/utils/ecryptfs-recover-private,
    src/utils/ecryptfs_rewrap_passphrase.c, src/utils/ecryptfs-rewrite-
    file, src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-
    swap, src/utils/ecryptfs-umount-private,
    src/utils/ecryptfs_unwrap_passphrase.c,
    src/utils/ecryptfs_wrap_passphrase.c:
    - update some email addresses, moving kirkland@canonical.com ->
      kirkland@ubuntu.com (which I can still read)
  * src/libecryptfs/key_management.c: LP: #715066
    - fix 2 places where we were handling
      ecryptfs_add_passphrase_key_to_keyring() inconsistently
    - if we're trying to add a key to the keyring, and it's already there,
      treat that as "success"
  * debian/control:
    - ecryptfs-setup-swap is strongly recommended, which depends on
      cryptsetup; so promote cryptsetup from suggests -> recommends
  [ Stephan Ritscher and Tyler Hicks ]
  * src/libecryptfs/cmd_ln_parser.c: LP: #683535
    - fix passphrase_passwd_fd for pipes
    - handle memory allocation failures
    - free memory in error paths
  [ Arfrever Frehtes Taifersar Arahesis ]
  * configure.ac: LP: #893327
    - no need to check for python, if --disable-pywrap is passed
  * src/utils/ecryptfs-verify, src/utils/Makefile.am:
    - add an ecryptfs-verify utility, LP: #845738
  * src/testcases/write-read.sh:
    - added a write/read test utility
  * doc/manpage/ecryptfs-mount-private.1, doc/manpage/ecryptfs-setup-
    private.1, doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/umount.ecryptfs_private.1: LP: #882267
    - remove inaccurate documentation about being a member of the ecryptfs
      group
  * src/utils/ecryptfs-setup-private: LP: #882314
    - fix preseeded encrypted home Ubuntu installations (thanks Timo!)
  * src/libecryptfs/key_management.c: LP: #725862
    - fix nasty bug affecting users who do *not* encrypt filenames;
      the first login works, but on logout, only one key gets
      cleaned out; subsequent logins do not insert the necessary key
      due to an early "goto out"; this fix needs to be SRU'd
  * debian/rules: LP: #586281
    - fix perms on desktop mount file
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #838471
    - rework syslogging to be less noisy and note pam_ecryptfs
  [ Diego E. "Flameeyes" Pettenò ]
  * configure.ac:
    - fix reliance on nss-config, which hinders cross-compilation
  [ Marc Deslauriers ]
  * src/utils/mount.ecryptfs_private.c:
  * SECURITY UPDATE: wrong mtab ownership and permissions (LP: #830850)
    - debian/patches/CVE-2011-3145.patch: also set gid and umask before
      updating mtab in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-3145
  [ Marc Deslauriers ]
  * SECURITY UPDATE: privilege escalation via mountpoint race conditions
    (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
      before checking permissions in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1831
    - CVE-2011-1832
  * SECURITY UPDATE: race condition when checking source during mount
    (LP: #732628)
    - debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
      kernel option when mounting directory in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1833
  * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
      file first and make sure it succeeds before replacing the real mtab
      in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1834
  * SECURITY UPDATE: key poisoning via insecure temp directory handling
    (LP: #732628)
    - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
      user controlled directory in src/utils/ecryptfs-setup-private.
    - CVE-2011-1835
  * SECURITY UPDATE: information disclosure via recovery mount in /tmp
    (LP: #732628)
    - debian/patches/CVE-2011-1836.patch: mount inside protected
      subdirectory in src/utils/ecryptfs-recover-private.
    - CVE-2011-1836
  * SECURITY UPDATE: arbitrary file overwrite via lock counter race
    condition (LP: #732628)
    - debian/patches/CVE-2011-1837.patch: verify permissions with a file
      descriptor, and don't follow symlinks in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1837
  [ Dustin Kirkland ]
  * debian/control:
    - add missing build dependency needed for release
  * doc/manpage/ecryptfs-wrap-passphrase.1: fix minor error in manpage
  * src/desktop/ecryptfs-find, src/desktop/Makefile.am: LP: #799157
    - add a tool, /usr/share/ecryptfs-utils/ecryptfs-find that can
      help find cleartext/encrypted filenames by inode number
  * src/desktop/ecryptfs-find:
    - test file exists first; ditch the match;
      search all ecryptfs mounts that user can read/traverse
  * debian/ecryptfs-utils.links:
    - add a symlink for Ubuntu
  * scripts/release.sh:
    - improve release script
  [ Serge Hallyn ]
  * Fix from Christophe Dumez: mount.ecryptfs_private: Do not attempt to
    update mtab if it is a symbolic link. (LP: #789888)
  * src/utils/mount.ecryptfs_private.c:
    - reduce the window size for the TOCTOU race;
      does not entirely solve LP: #732628, which is going to need to be
      fixed in the kernel with some heavy locking
  * debian/control: update urls
  * src/utils/ecryptfs-mount-private: LP: #725862
    - fix ecryptfs-mount-private to insert only the fek, if filename
      encryption is disabled
  [ Paolo Bonzini <pbonzini@redhat.com> ]
  * src/utils/ecryptfs-setup-private: update the Private.* selinux
    contexts
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-private:
    - add -p to mkdir, address noise for a non-error
    - must insert keys during testing phase, since we remove keys on
      unmount now, LP: #725862
  * src/utils/ecryptfs_rewrap_passphrase.c: confirm passphrases in
    interactive mode, LP: #667331
  [ Jakob Unterwurzacher ]
  * src/pam_ecryptfs/pam_ecryptfs.c:
    - check if this file exists and ask the user for the wrapping passphrase
      if it does
    - eliminate both ecryptfs_pam_wrapping_independent_set() and
      ecryptfs_pam_automount_set() and replace with a reusable
      file_exists_dotecryptfs() function
  [ Serge Hallyn and Dustin Kirkland ]
  * src/utils/mount.ecryptfs_private.c:
    - support multiple, user configurable private directories by way of
      a command line "alias" argument
    - this "alias" references a configuration file by the name of:
      $HOME/.ecryptfs/alias.conf, which is in an fstab(5) format,
      as well as $HOME/.ecryptfs/alias.sig, in the same format as
      Private.sig
    - if no argument specified, the utility operates in legacy mode,
      defaulting to "Private"
    - rename variables, s/dev/src/ and s/mnt/dest/
    - add a read_config() function
    - add an alias char* to replace the #defined ECRYPTFS_PRIVATE_DIR
    - this is half of the fix to LP: #615657
  * doc/manpage/mount.ecryptfs_private.1: document these changes
  * src/libecryptfs/main.c, src/utils/mount.ecryptfs_private.c:
    - allow umount.ecryptfs_private to succeed when the key is no
      longer in user keyring.
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-recover-private: clean sigs of invalid characters
  * src/utils/mount.ecryptfs_private.c:
    - fix bug LP: #313812, clear used keys on unmount
    - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from
      umount.ecryptfs behave similarly
    - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek
  [ presgas@gmail.com ]
  * src/utils/ecryptfs-migrate-home:
    - support user databases outside of /etc/passwd, LP: #627506
  * src/desktop/ecryptfs-record-passphrase: fix typo, LP: #524139
  * debian/rules, debian/control:
    - disable the gpg key module, as it's not yet functional
    - clean up unneeded build-deps
    - also, not using opencryptoki either
  * doc/manpage/ecryptfs.7: fix minor documentation bug, reported by
    email by Jon 'maddog' Hall
  * doc/manpage/ecryptfs-recover-private.1, doc/manpage/Makefile.am,
    po/POTFILES.in, src/utils/ecryptfs-recover-private,
    src/utils/Makefile.am: add a utility to simplify data recovery
    of an encrypted private directory from a Live ISO, LP: #689969
  [ David Planella ]
  * Makefile.am, configure.ac, debian/control, debian/po/POTFILES.sh,
    debian/po/ecryptfs-utils.pot, debian/po/fr.po, debian/rules,
    po/POTFILES.in, src/desktop/Makefile.am,
    src/desktop/ecryptfs-mount-private.desktop,
    src/desktop/ecryptfs-mount-private.desktop.in,
    src/desktop/ecryptfs-record-passphrase,
    src/desktop/ecryptfs-setup-private.desktop,
    src/desktop/ecryptfs-setup-private.desktop.in:
    - internationalization work for LP: #358283
  * po/LINGUAS, po/ca.po: Catalan translation
  [ Yan Li <yan.i.li@intel.com> ]
  * src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/ecryptfs-migrate-home: add a script and pam hooks to
    support automatic migration to encrypted home directory
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-migrate-home: clean up for merge
    - use $() rather than ``
    - drop set -u
    - use = and !=, and quote vars, rather than testing with -ne, -eq,
      for better shell portability
    - improve usage statement and error text
    - check if already encrypted
    - handle migration of multiple users on boot
    - fix all whitespace, use tabs for indents
    - use quotes around variables, rather than ${} (stylistic preference)
    - major simplification for immediate release
      + remove boot and user modes; only support administrator mode for
        security reasons and to avoid race conditions
      + other modes can be re-added, if necessary, and if security
        concerns can be addressed
    - ensure running as root
    - drop VERBOSE option, always print useful info messages
    - call the user $USER_NAME rather than $USER_ID since id implies
      number, and here we're deailing with names
    - no decimals on awk calculation
    - mktemp on the target user, not root
    - check that there is enough disk space available to do the migration
    - ensure the user's homedir group is correct
    - add critical instructions, user *must* login after the migration and
      before the reboot, as their wrapped passphrase will be cleared on
      reboot (possible we should use an init script to move these to
      /var/tmp on reboot)
    - ensure permissions are set correctly
    - improve text at the end of the migration, organize into notes
  * ecryptfs-utils.ecryptfs-utils-restore.upstart,
    ecryptfs-utils.ecryptfs-utils-save.upstart, rules:
    - try to protect migrating users who don't login before the next reboot
  * debian/ecryptfs-utils.install: install the locale messages
  * src/desktop/ecryptfs-record-passphrase: improve dialog text
  * src/desktop/ecryptfs-record-passphrase: revert the _ bit, as it's not quite
    working yet, will need to talk to David to fix
  * src/utils/ecryptfs-setup-private: fix bug where setup-private
    incorrectly assumed that the home/private dir ownerships should
    be owned by USER:USER; instead, default to USER:GROUP, where
    GROUP is the USER's primary group by default, LP: #445301
  * src/utils/ecryptfs-setup-private, debian/control: LP: #456565
    - fix typo, s/getext/gettext
    - depend on gettext-base
  * src/utils/ecryptfs-setup-private: fix printing of error strings,
    which was broken by the gettext integration, LP: #471725;
    in doing so, use $() in place of ``, use '' for gettext arguments,
    and wrap gettext in "", like this: foo="$(gettext 'blah blah')"
  * debian/control: one package per line, helps tremendously when looking
    at diffs
  * debian/copyright: Add new fields
  * debian/ecryptfs-utils.postinst: minor set -e change
  [ Michael Terry ]
  * src/utils/ecryptfs-setup=swap: clean up some error message reporting,
    LP: #430891, #430890
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs.7: note the 64-char passphrase limit, LP: #386504
  * src/utils/ecryptfs-setup-private: minor documentation change
  [ Evan Dandrea ]
  * src/utils/ecryptfs-setup-swap: allow for setting up encrpyted swap,
    without activating it immediately, necessary for livecd installations
  [ Dustin Kirkland ]
  * debian/control: updated bzr and browser urls, bumped standards version
  * src/pam_ecryptfs/pam_ecryptfs.c: silence useless, oft-shown info
    message
  * src/utils/ecryptfs-mount-private, src/utils/ecryptfs-rewrite-file,
    src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-swap,
    src/utils/ecryptfs-umount-private: use gettext for all string printing,
    such that we can internationalize ecryptfs
  * po/POTFILES.sh, po/ecryptfs-utils.pot, po/fr.po, rules: add po to the
    build system; for now, in the debian/ directory; this should be put in
    the upstream source tree eventually (but I need some help with the
    automake/autoconf integration)
  * ecryptfs-setup-swap: exit(0) if there's no swaps to encrypt, ensures
    that this script succeeds if there is no swap space that needs to be
    secured, or if the existing swap space is already secured
  * doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
    doc/manpage/umount.ecryptfs.8, doc/manpage/Makefile.am: added manpagess
  * doc/manpage/ecryptfs.7: fix lintian warning
  * debian/lintian/ecryptfs-utils: added a lintian overrides file
  * debian/lintian/ecryptfs-utils, debian/ecryptfs-utils.install: add and
    install some proper lintian overrides
  * src/libecryptfs/module_mgr.c: fix typo, LP: #408437
  [ Evan Dandrea ]
  * ecryptfs-setup-swap: support more than one encrypted swap device
  [ Dorin Scutarașu ]
  * src/libecryptfs/key_management.c: fix null pointer deref, LP: #409565
  [ James Westby ]
  * src/libecryptfs/main.c flockfile the filehandle after checking that
    we were able to successfully open it (LP: #403011)
  * debian/libecryptfs0.shlibs: bump shlibs dep to 77 since we added new
    symbols there
  [ Dustin Kirkland ]
  * src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c:
    revert the zombie code removal from pam_ecryptfs as it seems this
    bit is still needed; fix the source of the problem introduced in
    commit r407; check for non-zero return codes; this problem would
    manifest itself as a) unable to unlock screensaver, b) unable to
    switch users, c) unable to mount home folder on initial login;
    LP: #402222, #402029
  * src/utils/ecryptfs-umount-private: use for loop to loop over key
    ids on removal
  * src/utils/mount.ecryptfs_private.c: return non-zero on unmount failure
    due to open sessions; handle this in ecryptfs-umount-private too; make
    the flock() blocking; use /dev/shm for counter; add an iterator to the
    counter file to prevent users from DoS'ing one another from accessing
    their encrypted directories, LP: #402745
  * debian/ecryptfs-utils.postinst: move /tmp counters to /dev/shm
  * configure.ac: link against pam, silence shlib warning
  * src/include/ecryptfs.h, src/libecryptfs/main.c,
    src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/mount.ecryptfs_private.c: move two functions from
    mount.ecryptfs_private to libecryptfs, namely is_mounted() and
    fetch_private_mnt(); use these in both pam_ecryptfs and
    mount.ecryptfs_private; also move PRIVATE to ECRYPTFS_PRIVATE in
    the ecryptfs.h headers; this will allow us to short-circuit some of the
    costly key-loading code on pam_auth if the private dir is already
    mounted, speeding up some subsequent authentications significantly,
    LP: #402748
  * doc/ecryptfs-mount-private.txt: removed the "$" to make copy-n-paste
    more user friendly
  * src/utils/ecryptfs-setup-private: when encrypting home, put the
    .ecryptfs and .Private data in /home/.ecryptfs rather than /var/lib,
    as users are forgetting to backup /var/lib, and are often putting
    /home on a separate partition; furthermore, this gives users a place
    to access their encrypted data for backup, rather than hiding the
    data below $HOME, LP: #371719
  [ Tyler Hicks ]
  * src/libecryptfs/cipher_list.c, src/libecryptfs/module_mgr.c:
    add blowfish/56-bytes to the list of ciphers we officially support,
    LP: #402790
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-swap: switch from vol_id to blkid,
    LP: #376486
  * debian/ecryptfs-utils.postinst, src/utils/ecryptfs-setup-private:
    don't echo mount passphrase if running in bootstrap mode; prune
    potential leakages from install log, LP: #383650
  * SECURITY UPDATE: mount passphrase recorded in install log (LP: #383650).
    - debian/ecryptfs-utils.postinst: prune private information from
      installer log
    - src/utils/ecryptfs-setup-private: don't echo passphrase if running in
      bootstrap mode
    - CVE-2009-1296
  * src/utils/ecryptfs-setup-private: make some of the lanuage more readable,
    (thanks, anrxc)
  * README, configure.ac, debian/control, debian/rules,
    doc/sourceforge_webpage/README, src/libecryptfs-swig/libecryptfs.py,
    src/libecryptfs-swig/libecryptfs_wrap.c,
    src/libecryptfs/key_management.c, src/libecryptfs/libecryptfs.pc.in,
    src/libecryptfs/main.c, src/pam_ecryptfs/Makefile.am,
    src/utils/manager.c, src/utils/mount.ecryptfs.c: move build from gcrypt
    to nss (this change has been pending for some time)
  * src/utils/ecryptfs-dot-private: dropped, was too hacky
  * ecryptfs-mount-private.1, ecryptfs-setup-private.1: align the
    documentation and implementation of the wrapping-independent feature,
    LP: #383746
  * src/utils/ecryptfs-umount-private: use keyctl list @u, since keyctl show
    stopped working, LP: #400484, #395082
  * src/utils/mount.ecryptfs_private.c: fix counter file locking; solves
    a longstanding bug about "random" umount caused by cronjobs, LP: #358573
  [ Michal Hlavinka (edits by Dustin Kirkland) ]
  * doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs.7,
    doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/umount.ecryptfs_private.1: documentation updated to note
    possible ecryptfs group membership requirements; Fix ecrypfs.7 man
    page and key_mod_openssl's error message; fix typo
  * src/libecryptfs/decision_graph.c: put a finite limit (5 tries) on
    interactive input; fix memory leaks when asking questions
  * src/libecryptfs/module_mgr.c: Don't error out with EINVAL when
    verbosity=0 and some options are missing.
  * src/utils/umount.ecryptfs.c: no error for missing key when removing it
  * src/libecryptfs-swig/libecryptfs.i: fix compile werror, cast char*
  * src/utils/ecryptfs_add_passphrase.c: fix/test/use return codes;
    return nonzero for --fnek when not supported but used
  * src/include/ecryptfs.h, src/key_mod/ecryptfs_key_mod_openssl.c,
    src/libecryptfs/module_mgr.c: refuse mounting with too small rsa
    key (key_mod_openssl)
  * src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c: fix return
    codes
  * src/utils/ecryptfs-rewrite-file: polish output
  * src/libecryptfs/key_management.c: inform about full keyring; insert fnek
    sig into keyring if fnek support check fails; don't fail if key already
    exists in keyring
  * src/utils/ecryptfs-setup-private: if the ecryptfs group exists, restrict
    ecryptfs-setup-private to members of this group
  * src/pam_ecryptfs/pam_ecryptfs.c: dynamically load ecryptfs module by
    checking ecryptfs version
  * src/libecryptfs/decision_graph.c, src/utils/io.c,
    src/utils/mount.ecryptfs.c: fix EOF handling, LP: #371587
  * src/desktop/Makefile.am: make desktop files trusted, LP: #371426
  [ Dustin Kirkland and Daniel Baumann ]
  * debian/control, debian/copyright, debian/ecryptfs-utils.dirs,
    debian/ecryptfs-utils.install, debian/ecryptfs-utils.postinst,
    debian/rules, ecryptfs-utils.pam-auth-update: sync Ubuntu's
    packaging with Debian; drop dpatch, drop libssl build dep, clean
    up extraneous debhelper bits, match cflags; remaining diff is only
    ecryptfs-utils.prerm
  [ Arfrever Frehtes Taifersar Arahesis ]
  * key_mod/ecryptfs_key_mod_gpg.c,
    key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    libecryptfs/key_management.c, utils/ecryptfs_unwrap_passphrase.c:
    Fix warnings, initialize a few variables, drop unused ones
  [ David Hicks ]
  * src/lib/key_management.c: fix stray semicolon that prevents .ecryptfsrc
    files from working properly, LP: #372709
  [ Michael Rooney ]
  * src/python/ecryptfsapi.py: added python api
  [ Dustin Kirkland ]
  * debian/rules: drop hackery that moves stuff /usr/share/ecryptfs-utils
  * src/utils/mount.ecryptfs_private.c: update inline documentation
  * debian/changelog, src/libecryptfs/cmd_ln_parser.c,
    src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c,
    src/utils/ecryptfs_add_passphrase.c,
    src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    src/utils/ecryptfs_rewrap_passphrase.c,
    src/utils/ecryptfs_unwrap_passphrase.c,
    src/utils/ecryptfs_wrap_passphrase.c: silence some useless logging,
    LP: #313330
  * include/ecryptfs.h, libecryptfs/key_management.c,
    utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    utils/ecryptfs_unwrap_passphrase.c: if the file to unwrap is
    unspecified, try to use the default ~/.ecryptfs/wrapped-passphrase
    before bailing out, LP: #359997
  * src/utils/ecryptfs-setup-private: unix_chkpwd is not always present
    (eg, gentoo), LP: #332341
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7: ecryptfs_encrypted_view option desription
    was wrong LP: #328761
  [ Michal Hlavinka ]
  * decision_graph.c: fix uninitialized return code
  * mount.ecryptfs.c: don't pass verbosity option to kernel
  [ anrxc & Dustin Kirkland ]
  * doc/Makefile.am, src/desktop/Makefile.am: fix automake installation from
    /usr/share to /usr/share/ecryptfs-utils
  [ Daniel Baumann & Dustin Kirkland ]
  * debian/rules, debian/control: sync differences between Debian & Ubuntu's
    packaging
  [ Arfrever Frehtes Taifersar Arahesis ]
  * src/key_mod/ecryptfs_key_mod_gpg.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c: fix implicit declations
  [ Frédéric Guihéry ]
  * key_mod/ecryptfs_key_mod_tspi.c, utils/ecryptfs_generate_tpm_key.c:
    the SRK password should be set to 20 bytes of NULL (wellknown
    password), in order for different tools to request key protection
    with the Storage Root Key
  [ Michal Hlavinka ]
  * Changes for RH/Fedora release
    - change error codes to be more descriptive
    - decision_graph.h, *: change definition of node return codes to positive
      values
    - mount.ecryptfs.c: insist for yes/no answer for unkown sigs
    - don't print error for removing key from keyring if it succeeded
    - module_mgr.c: insist on yes/no answer
    - use ECRYPTFS_NONEMPTY_VALUE_REQUIRED where reasonable
    - pam_ecryptfs.c: don't try to unwrap key for users not using pam mounting
    - add verbosity to man page
    - decision_graph.* : add ECRYPTFS_NONEMPTY_VALUE_REQUIRED flag for nodes
    - decision_graph.* : add WRONG_VALUE return code to nodes for asking
      question again
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-private: fix bug in grep when running with LANG
    in other locales, LP: #347969
  * doc/manpage/ecryptfs.7: add notes about verbose option
  * src/desktop: add the desktop files to the dist tarball
  * src/utils/ecryptfs-dot-private: sourceable file for accessing your
    encrypted data; useful for conducting backups
  [ Martin Pitt and Dustin Kirkland ]
  Reworked the fixes for LP: #352307, remind user to record their passphrase
  * src/desktop/ecryptfs-record-passphrase: run if
    ~/.ecryptfs/.wrapped-passphrase.recorded does NOT exist; touch that
    file upon successful run of unwrap passphrase
  * debian/patches/00list,
    debian/patches/update-notifier-remind-passphrase.dpatch: dropped, since
    this was moved into PAM

ubuntu/utopic-security 2015-03-11 00:23:43 UTC 2015-03-11
Import patches-unapplied version 104-0ubuntu1.14.10.3 to ubuntu/utopic-security

Author: Tyler Hicks
Author Date: 2015-03-04 22:40:18 UTC

Import patches-unapplied version 104-0ubuntu1.14.10.3 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: e6a5ac7c68c9e57cb3867a979749b99ac06e44f8

New changelog entries:
  * SECURITY UPDATE: Mount passphrase wrapped with a default salt value
    - debian/patches/CVE-2014-9687.patch: Generate a random salt when wrapping
      the mount passphrase. If a user has a mount passphrase that was wrapped
      using the default salt, their mount passphrase will be rewrapped using a
      random salt when they log in with their password.
    - debian/patches/CVE-2014-9687.patch: Create a temporary file when
      creating a new wrapped-passphrase file and copy it to its final
      destination after the file has been fully synced to disk (LP: #1020902)
    - debian/rules: Set the executable bit on the
      v1-to-v2-wrapped-passphrase.sh test script that was created by
      wrapping-passphrase-salt.patch
    - CVE-2014-9687

ubuntu/utopic-updates 2015-03-11 00:23:43 UTC 2015-03-11
Import patches-unapplied version 104-0ubuntu1.14.10.3 to ubuntu/utopic-security

Author: Tyler Hicks
Author Date: 2015-03-04 22:40:18 UTC

Import patches-unapplied version 104-0ubuntu1.14.10.3 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: e6a5ac7c68c9e57cb3867a979749b99ac06e44f8

New changelog entries:
  * SECURITY UPDATE: Mount passphrase wrapped with a default salt value
    - debian/patches/CVE-2014-9687.patch: Generate a random salt when wrapping
      the mount passphrase. If a user has a mount passphrase that was wrapped
      using the default salt, their mount passphrase will be rewrapped using a
      random salt when they log in with their password.
    - debian/patches/CVE-2014-9687.patch: Create a temporary file when
      creating a new wrapped-passphrase file and copy it to its final
      destination after the file has been fully synced to disk (LP: #1020902)
    - debian/rules: Set the executable bit on the
      v1-to-v2-wrapped-passphrase.sh test script that was created by
      wrapping-passphrase-salt.patch
    - CVE-2014-9687

ubuntu/utopic-devel 2015-03-11 00:23:43 UTC 2015-03-11
Import patches-unapplied version 104-0ubuntu1.14.10.3 to ubuntu/utopic-security

Author: Tyler Hicks
Author Date: 2015-03-04 22:40:18 UTC

Import patches-unapplied version 104-0ubuntu1.14.10.3 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: e6a5ac7c68c9e57cb3867a979749b99ac06e44f8

New changelog entries:
  * SECURITY UPDATE: Mount passphrase wrapped with a default salt value
    - debian/patches/CVE-2014-9687.patch: Generate a random salt when wrapping
      the mount passphrase. If a user has a mount passphrase that was wrapped
      using the default salt, their mount passphrase will be rewrapped using a
      random salt when they log in with their password.
    - debian/patches/CVE-2014-9687.patch: Create a temporary file when
      creating a new wrapped-passphrase file and copy it to its final
      destination after the file has been fully synced to disk (LP: #1020902)
    - debian/rules: Set the executable bit on the
      v1-to-v2-wrapped-passphrase.sh test script that was created by
      wrapping-passphrase-salt.patch
    - CVE-2014-9687

ubuntu/lucid-devel 2015-03-11 00:23:43 UTC 2015-03-11
Import patches-unapplied version 83-0ubuntu3.2.10.04.6 to ubuntu/lucid-security

Author: Tyler Hicks
Author Date: 2015-03-04 22:26:45 UTC

Import patches-unapplied version 83-0ubuntu3.2.10.04.6 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 36e8590ddd291f6eb30fa6f02bbfb886851b71fe

New changelog entries:
  * SECURITY UPDATE: Mount passphrase wrapped with a default salt value
    - src/libecryptfs/key_management.c, src/include/ecryptfs.h: Generate a
      random salt when wrapping the mount passphrase.
    - src/pam_ecryptfs/pam_ecryptfs.c: If a user has a mount passphrase that was
      wrapped using the default salt, their mount passphrase will be rewrapped
      using a random salt when they log in with their password.
    - src/libecryptfs/key_management.c: Create a temporary file when creating
      a new wrapped-passphrase file and copy it to its final destination after
      the file has been fully synced to disk (LP: #1020902)
    - CVE-2014-9687

ubuntu/lucid-security 2015-03-11 00:23:43 UTC 2015-03-11
Import patches-unapplied version 83-0ubuntu3.2.10.04.6 to ubuntu/lucid-security

Author: Tyler Hicks
Author Date: 2015-03-04 22:26:45 UTC

Import patches-unapplied version 83-0ubuntu3.2.10.04.6 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 36e8590ddd291f6eb30fa6f02bbfb886851b71fe

New changelog entries:
  * SECURITY UPDATE: Mount passphrase wrapped with a default salt value
    - src/libecryptfs/key_management.c, src/include/ecryptfs.h: Generate a
      random salt when wrapping the mount passphrase.
    - src/pam_ecryptfs/pam_ecryptfs.c: If a user has a mount passphrase that was
      wrapped using the default salt, their mount passphrase will be rewrapped
      using a random salt when they log in with their password.
    - src/libecryptfs/key_management.c: Create a temporary file when creating
      a new wrapped-passphrase file and copy it to its final destination after
      the file has been fully synced to disk (LP: #1020902)
    - CVE-2014-9687

ubuntu/lucid-updates 2015-03-11 00:23:43 UTC 2015-03-11
Import patches-unapplied version 83-0ubuntu3.2.10.04.6 to ubuntu/lucid-security

Author: Tyler Hicks
Author Date: 2015-03-04 22:26:45 UTC

Import patches-unapplied version 83-0ubuntu3.2.10.04.6 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 36e8590ddd291f6eb30fa6f02bbfb886851b71fe

New changelog entries:
  * SECURITY UPDATE: Mount passphrase wrapped with a default salt value
    - src/libecryptfs/key_management.c, src/include/ecryptfs.h: Generate a
      random salt when wrapping the mount passphrase.
    - src/pam_ecryptfs/pam_ecryptfs.c: If a user has a mount passphrase that was
      wrapped using the default salt, their mount passphrase will be rewrapped
      using a random salt when they log in with their password.
    - src/libecryptfs/key_management.c: Create a temporary file when creating
      a new wrapped-passphrase file and copy it to its final destination after
      the file has been fully synced to disk (LP: #1020902)
    - CVE-2014-9687

ubuntu/trusty-proposed 2014-01-23 22:58:23 UTC 2014-01-23
Import patches-unapplied version 104-0ubuntu1 to ubuntu/trusty-proposed

Author: Nobuto Murata
Author Date: 2013-02-20 16:56:33 UTC

Import patches-unapplied version 104-0ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: dd52703b628dbc7ba718e7d068506782c275f428

New changelog entries:
  [ Colin King ]
  * src/libecryptfs/ecryptfs-stat.c, tests/kernel/extend-file-
    random/test.c, tests/kernel/inode-race-stat/test.c,
    tests/kernel/trunc-file/test.c:
    - Fixed some 32 bit build warnings
  * src/libecryptfs/decision_graph.c, src/libecryptfs/key_management.c,
    src/libecryptfs/main.c, src/libecryptfs/module_mgr.c, src/utils/io.c,
    src/utils/mount.ecryptfs_private.c, tests/kernel/inotify/test.c,
    tests/kernel/trunc-file/test.c, tests/userspace/wrap-unwrap/test.c:
    - Fixed a pile of minor bugs (memory leaks, unclosed file descriptors,
      etc.) mostly in error paths
  * src/key_mod/ecryptfs_key_mod_passphrase.c, src/libecryptfs/main.c,
    src/pam_ecryptfs/pam_ecryptfs.c:
    - more Coverity fixes, memory leak, error checking, etc.
  [ Nobuto MURATA ]
  * fix an empty update-notifier window (LP: #1107650)
    - changes made in Rev.758 was incomplete
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7:
    - adjust man page text to avoid confusion about whether the interactive
      mount helper takes a capital 'N' for the answer to y/n questions
      (LP: #1130460)
  * src/utils/ecryptfs_rewrap_passphrase.c:
    - Handle errors when interactively reading the new wrapping passphrase
      and the confirmation from stdin. Fixes a segfault (invalid memory read)
      in ecryptfs-rewrap-passphrase if there was an error while reading either
      of these passphrases.
  * configure.ac:
    - Set AM_CPPFLAGS to always include config.h as the first include file.
      Some .c files correctly included config.h before anything else. The
      majority of .c files got this wrong by including it after other header
      files, including it multiple times, or not including it at all.
      Including it in the AM_CPPFLAGS should solve these problems and keep
      future mistakes from happening in new source files.
    - Enable large file support (LFS) through the use of the AC_SYS_LARGEFILE
      autoconf macro. ecryptfs-utils has been well tested with LFS enabled
      because ecryptfs-utils is being built with
      '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' in Debian-based distros.
      This is mainly needed for some of the in-tree regression tests but
      ecryptfs-utils, in general, should be built with LFS enabled.
  * debian/rules:
    - Don't append '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' to the CFLAGS
      now that the upstream build enables LFS
  * tests/userspace/lfs.sh, tests/userspace/lfs/test.c:
    - Add a test to verify that LFS is enabled. This test is run under the
      make check target.
  * tests/kernel/enospc/test.c:
    - Fix test failures on 32 bit architectures due to large file sizes
      overflowing data types
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-swap: LP: #1172014
    - write crypttab entry using UUID
  * src/utils/ecryptfs-recover-private: LP: #1028532
    - error out, if we fail to mount the private data correctly
  [ Colin King and Dustin Kirkland ]
  * configure.ac, src/daemon/main.c, src/libecryptfs/cmd_ln_parser.c,
    src/libecryptfs/decision_graph.c, src/utils/mount.ecryptfs.c,
    tests/kernel/trunc-file/test.c:
    - remove some dead code, fix some minor issues raised by Coverity
  [ Tyler Hicks ]
  * debian/rules:
    - Use dpkg-buildflags to inject distro compiler hardening flags into the
      build. This also fixes the hardening-no-fortify-functions lintian
      warnings.
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
    doc/manpage/ecryptfs-find.1, doc/manpage/ecryptfs-generate-tpm-
    key.1, doc/manpage/ecryptfs-insert-wrapped-passphrase-into-
    keyring.1, doc/manpage/ecryptfs-manager.8, doc/manpage/ecryptfs-
    migrate-home.8, doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
    passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
    swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
    private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
    doc/manpage/ecryptfs-verify.1, doc/manpage/ecryptfs-wrap-
    passphrase.1, doc/manpage/Makefile.am, doc/manpage/mount.ecryptfs.8,
    doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
    doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1, src/desktop/ecryptfs-find =>
    src/utils/ecryptfs-find, src/desktop/Makefile.am,
    src/utils/Makefile.am:
    - add 3 new manpages, for ecryptfs-find, ecryptfs-verify, and
      ecryptfs-migrate-home
    - Add SEE ALSO section to manpages which were missing it
    - Mention "Debian and Ubuntu" in license location
    - move the ecryptfs-find utility to the proper location in src/utils
  * src/utils/Makefile.am:
    - fix broken build
  * debian/ecryptfs-utils.links:
    - link no longer needed for ecryptfs-find
  [ Colin King ]
  * === added directory tests/kernel/mmap-bmap, === added directory
    tests/kernel/xattr, tests/kernel/link.sh, tests/kernel/Makefile.am,
    tests/kernel/mknod.sh, tests/kernel/mmap-bmap.sh, tests/kernel/mmap-
    bmap/test.c, tests/kernel/tests.rc, tests/kernel/xattr.sh,
    tests/kernel/xattr/test.c:
    - ran the current eCryptfs tests on 3.8-rc4 with kernel gcov enabled
      and spotted a few trivial areas where it would be useful to up the
      test coverage on the code
    - so here are a few very simple additional tests to exercise eCryptfs
      a little further
  [ Dustin Kirkland ]
  * debian/control:
    - bump standards, no change
  [ Tyler Hicks ]
  * autogen.sh, scripts/release.sh, Makefile.am:
    - Break out the autoreconf and intltoolize commands from release.sh into
      an executable autogen.sh
    - Use the --copy option when invoking intltoolize
    - Include the new autogen.sh script in the release tarball
  * debian/rules, debian/control:
    - Use dh-autoreconf so that upstream sources can easily be used to build
      packages for all the stable Ubuntu releases in the ecryptfs-utils daily
      build PPA
    - Override the dh_autoreconf target by running the autogen.sh script
    - Drop Build-Depends on autotools-dev since dh-autoreconf is a superset of
      autotools-dev
    - Drop Build-Depends on autoconf, automake, and libtool since
      dh-autoreconf depends on all of these packages
  * m4/ac_python_devel.m4:
    - Fix FTBFS in Raring Ringtail due to multiarch Python. Be sure to include
      platform specific Python include directions in SWIG_PYTHON_CPPFLAGS.
  * src/utils/mount.ecryptfs_private.c:
    - Fix conditionals when checking whether to remove authentication tokens
      from the kernel keyring upon umount. This conditional was incorrectly
      modified in ecryptfs-utils-101, yet the authentication tokens still seem
      to be removed from the kernel keyring so it isn't clear if there was
      actually a user-facing regression.
    - Pass the FEKEK sig, rather than the FNEK sig, to
      ecryptfs_private_is_mounted()
    - Restore behavior of not printing error messages to syslog when
      unmounting and keys cannot be found in the kernel keyring.
    - Restore behavior of printing a useful error message about
      ecryptfs-mount-private when mounting and keys cannot be found in the
      kernel keyring
    - Fix memory leak and clean up free()'s in an error path
    - Use pointer assignment tests, rather than strlen(), to determine which
      key signatures were fetched
  * src/daemon/main.c, src/include/ecryptfs.h,
    src/libecryptfs/{Makefile.am,messaging.c,miscdev.c,netlink.c,sysfs.c},
    doc/manpage/ecryptfsd.8, doc/design_doc/ecryptfs_design_doc_v0_2.tex:
    - Remove netlink messaging interface support
    - Netlink messaging support was superceded by the miscdev interface
      (/dev/ecryptfs) in upstream kernel version 2.6.26 in July, 2008
    - Netlink messaging support was completely removed from the upstream
      kernel starting with version 2.6.32 in December, 2009
  * src/jprobes/*, scripts/delete-cruft.sh:
    - Remove all jprobes code, as I don't use jprobes to debug eCryptfs kernel
      issues and I don't like the idea of maintaining these jprobes outside of
      the kernel tree
  * src/escrow/*:
    - Remove all escrow code, as it isn't used or maintained
  * tests/kernel/llseek.sh, tests/kernel/llseek/test.c,
    tests/userspace/wrap-unwrap.sh, tests/userspace/wrap-unwrap/test.c:
    - Migrate some old testcases over to the modern test framework
  * tests/lib/etl_funcs.sh:
    - Update etl_create_test_dir() to allow a parent directory to be specified
      when creating the directory
  * src/testcases:
    - Delete old testcases that were either too basic, covered by more
      extensive tests in the modern test framework, or just didn't work
  [ Nobuto MURATA ]
  * src/desktop/ecryptfs-record-passphrase:
  [ Eric Lammerts ]
  * src/libecryptfs/sysfs.c: LP: #1007880
    - Handle NULL mnt pointer when sysfs is not mounted
  [ Tyler Hicks ]
  * src/utils/ecryptfs-migrate-home: LP: #1026180
    - Correct minor misspelling
  * src/utils/ecryptfs-recover-private: LP: #1004082
    - Fix option parsing when --rw is specified
  * src/utils/ecryptfs-recover-private: LP: #1028923
    - Simplify success message to prevent incorrectly reporting that a
      read-only mount was performed when the --rw option is specified
  * tests/lib/etl_func.sh:
    - Add test library function to return a lower path from an upper path,
      based on inode numbers
  * tests/kernel/mmap-close.sh, tests/kernel/mmap-close/test.c:
    - Add regression test for open->mmap()->close()->dirty memory->munmap()
      pattern
  * tests/kernel/lp-561129.sh:
    - Add test for checking that a pre-existing target inode is properly
      evicted after a rename
  * tests/README:
    - Add documentation on the steps to take when adding new test cases
  [ Colin King ]
  * tests/kernel/lp-911507.sh:
    - Add test case for initializing empty lower files during open()
  * tests/kernel/lp-872905.sh:
    - Add test case to check for proper unlinking of lower files when
      lower file initialization fails
  * src/key_mod/ecryptfs_key_mod_openssl.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    src/libecryptfs/key_management.c,
    src/utils/mount.ecryptfs_private.c, src/utils/umount.ecryptfs.c:
    - address some issues raised by smatch static analysis
    - fix some memory leaks with frees
    - fix some pointer refs and derefs
    - fix some comment typos
  [ Dustin Kirkland ]
  * src/libecryptfs/key_management.c:
    - silence pam error message when errno == EACCES
      + "Error attempting to parse .ecryptfsrc file; rc = [-13]"
  * src/utils/mount.ecryptfs_private.c: LP: #1052038
    - fix race condition, which typically manifests itself with a user
      saying that their home directory is not accessible, or that their
      filenames are not decrypted
    - the root of the problem is that we were reading the signature file,
      ~/.ecryptfs/Private.sig, twice; in some cases, the first one succeeds,
      so the file encryption signature is read and key is loaded, but then
      some other process (usually from PAM, perhaps a cron job or a
      subsequent login) mounts the home directory before the filename
      encryption key is loaded; thus, $HOME is mounted but filenames are
      not decrypted, so the second read of ~/.ecryptfs/Private.sig fails
      as that file is not found
    - the solution is to rework the internal fetch_sig() function and read
      one or both signatures within a single open/read/close operation of
      the file
    - free memory used by char **sig on failure
  * debian/copyright:
    - fix lintian warning
  [ Tyler Hicks ]
  * src/pam_ecryptfs/pam_ecryptfs.c, src/libecryptfs/key_management.c:
      LP: #1024476
    - fix regression introduced in ecryptfs-utils-99 when Encrypted
      Home/Private is in use and the eCryptfs kernel code is compiled as a
      module
    - drop check for kernel filename encryption support in pam_ecryptfs, as
      appropriate privileges to load the eCryptfs kernel module may not be
      available and filename encryption has been supported since 2.6.29
    - always add filename encryption key to the kernel keyring from pam_mount
  [ Colin King ]
  * tests/kernel/inode-race-stat/test.c:
    - limit number of forks based on fd limits
  * tests/kernel/enospc.sh, tests/kernel/enospc/test.c,
    tests/kernel/Makefile.am, tests/kernel/tests.rc:
    - add test case for ENOSPC
  [ Tim Harder ]
  * m4/ac_python_devel.m4: LP: #1029217
    - proplery save and restore CPPFLAGS and LIBS when python support is
      enabled
  [ Dustin Kirkland ]
  * debian/ecryptfs-utils.postinst: LP: #936093
    - ensure desktop file is executable
  [ Wesley Wiedenmeier ]
  * src/utils/mount.ecryptfs.c: LP: #329264
    - remove old hack, that worked around a temporary kernel regression;
      ensure that all mount memory is mlocked
  [ Sebastian Krahmer ]
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #732614
    - drop group privileges in the same places that user privileges are
      dropped
    - check return status of setresuid() calls and return if they fail
    - drop privileges before checking for the existence of
      ~/.ecryptfs/auto-mount to prevent possible file existence leakage
      by a symlink to a path that typically would not be searchable by
      the user
    - drop privileges before reading salt from the rc file to prevent the
      leakage of root's salt and, more importantly, using the incorrect salt
    - discovered, independently, by Vasiliy Kulikov and Sebastian Krahmer
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #1020904
    - after dropping privileges, clear the environment before executing the
      private eCryptfs mount helper
    - discovered by Sebastian Krahmer
  * src/utils/mount.ecryptfs_private.c: LP: #1020904
    - do not allow private eCryptfs mount aliases to contain ".." characters
      as a preventative measure against a crafted file path being used as an
      alias
    - force the MS_NOSUID mount flag to protect against user controlled lower
      filesystems, such as an auto mounted USB drive, that may contain a
      setuid-root binary
      + CVE-2012-3409
    - force the MS_NODEV mount flag
    - after dropping privileges, clear the environment before executing umount
    - discovered by Sebastian Krahmer
  [ Tyler Hicks ]
  * src/libecryptfs/key_management.c: LP: #732614
    - zero statically declared buffers to prevent the leakage of stack
      contents in the case of a short file read
    - discovered by Vasiliy Kulikov
  * src/libecryptfs/module_mgr.c, src/pam_ecryptfs/pam_ecryptfs.c:
    - fix compiler warnings
  [ Dustin Kirkland ]
  * debian/ecryptfs-utils.prerm:
    - drop the pre-removal ERRORs down to WARNINGs
    - these have caused a ton of trouble; whatever is causing ecryptfs-utils
      to be marked for removal should be fixed; but ecryptfs exiting 1 seems
      to be causing more trouble than it's worth
    - LP: #871021, #812270, #988960, #990630, #995381, #1010961
  * doc/ecryptfs-faq.html:
    - update the frequently asked questions, which haven't seen much
      attention in a while now
    - drop a few references to sourceforge
  * doc/ecryptfs-pam-doc.txt, doc/manpage/fr/ecryptfs-add-passphrase.1,
    doc/manpage/fr/ecryptfs-generate-tpm-key.1, doc/manpage/fr/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-
    mount-private.1, doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
    doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
    umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
    doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
    zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
    doc/sourceforge_webpage/ecryptfs-article.pdf,
    doc/sourceforge_webpage/ecryptfs_design_doc_v0_1.pdf,
    doc/sourceforge_webpage/ecryptfs-faq.html,
    doc/sourceforge_webpage/ecryptfs-key-diagram-356.png,
    doc/sourceforge_webpage/ecryptfs-key-diagram-640.png,
    doc/sourceforge_webpage/ecryptfs-pageuptodate-call-graph.png,
    doc/sourceforge_webpage/ecryptfs-pam-doc.txt,
    doc/sourceforge_webpage/ecryptfs.pdf,
    doc/sourceforge_webpage/index.html, doc/sourceforge_webpage/README,
    === removed directory doc/manpage/fr, === removed directory
    doc/sourceforge_webpage, rpm/ecryptfs-utils.spec:
    - remove some deprecated documentation
    - fish it out of bzr, if we ever need it again, but let's
      quit publishing it in our release tarballs
  [ Kees Cook ]
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #938326
    - exit, rather than return to prevent duplicate processes
  [ Andreas Raster ]
  * src/desktop/ecryptfs-find:
    - $mounts was quoted once too often
  [ George Wilson ]
  * src/key_mod/ecryptfs_key_mod_openssl.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    src/key_mod/ecryptfs_key_mod_tspi.c: LP: #937331
    - IBM would like to grant a license exception for key modules that
      require linking to OpenSSL. The change should make the modules
      shippable by Linux distributions
  [ Dustin Kirkland ]
  * debian/copyright:
    - note the GPLv2 SSL exception granted by IBM for the key modules
  * debian/control, debian/copyright, doc/manpage/ecryptfs.7,
    doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
    doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
    manager.8, doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
    passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
    swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
    private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
    doc/manpage/ecryptfs-wrap-passphrase.1,
    doc/manpage/mount.ecryptfs.8, doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/pam_ecryptfs.8, doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1, README,
    src/utils/mount.ecryptfs.c:
    - use the new ecryptfs.org website where appropriate
  * debian/control:
    - update to suggest zescrow-client
  [ Sergio Peña ]
  * src/libecryptfs/cipher_list.c: LP: #922821
    - add the new name of the blowfish cipher (linux >= 3.2)
  * src/include/ecryptfs.h, src/libecryptfs/main.c,
    src/utils/mount.ecryptfs.c: LP: #917509
    - use execl() to mount ecryptfs
    - this allows us to support any arbitrary mount options in
      /etc/fstab
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7:
    - Remove the note saying that the passphrase and openssl key modules are
      available by default. That's true upstream but not always true in distro
      builds.
  * tests/run_tests.sh:
    - Make upper and lower mount point arguments optional by automatically
      creating directories in /tmp by default.
    - Make it possible to run only userspace tests without having to specify
      unused mount information
    - Accept a comma-separated list of lower filesystems to test on and loop
      through all kernel tests for each lower filesystem
    - Accept a comma-separated list of tests to run
  * tests/lib/etl_funcs.sh:
    - Unset $ETL_DISK just before etl_remove_disk() successfully returns
  * tests/userspace/Makefile.am:
    - Also build 'make check' tests when building with --enable-tests
  * include/ecryptfs.h, libecryptfs/Makefile.am,
    libecryptfs/cipher_list.c, libecryptfs/module_mgr.c,
    utils/io.h: LP: #994813
    - remove overly complicated implementation to detect what ciphers
      are supported by the currently running kernel's crypto api
    - prompt for the entire supported cipher list, if the user selects a
      cipher that their kernel doesn't support, the mount will fail
      and the kernel will write an error message to the syslog
  * src/libecryptfs/module_mgr.c:
    - Use correct blowfish block size when displaying supported ciphers to
      the user
  * tests/kernel/lp-1009207.sh, tests/kernel/Makefile.am,
    tests/kernel/tests.rc:
    - Add simple test case for incorrect handling of umask and default POSIX
      ACL masks
  * tests/kernel/lp-994247.sh, tests/kernel/lp-994247/test.c,
    tests/kernel/Makefile.am, tests/kernel/tests.rc:
    - Add test case for incorrect handling of open /dev/ecryptfs file
      descriptors that are passed or inherited by other processes
  [ Colin King ]
  * tests/lib/etl_funcs.sh:
    - etl_lumount() should use DST rather than SRC dir so it can run on Lucid
    - use file system appropriate mkfs force flag
    - cater for correct ext2 default mount flags
  * tests/kernel/lp-509180.sh, tests/kernel/lp-509180/test.c:
    - test for trailing garbage at end of files
  * tests/kernel/lp-524919.sh, tests/kernel/lp-524919/test.c:
    - test case for checking lstat/readlink size
  * tests/kernel/lp-870326.sh, tests/kernel/lp-870326/test.c:
    - test case for open(), mmap(), close(), modify mmap'd region
  * tests/kernel/lp-469664.sh:
    - test case for lsattr
  * tests/kernel/lp-613873.sh:
    - test case for stat modify time
  * tests/kernel/lp-745836.sh:
    - test case for clearing ECRYPTFS_NEW_FILE flag during truncate
  * tests/lib/etl_funcs.sh, tests/kernel/extend-file-random.sh,
    tests/kernel/trunc-file.sh (LP: #1007159):
    - Add test library function for estimating available space in lower fs
    - Use new library function in tests that need to create large files
  [ Colin Watson ]
  * src/utils/ecryptfs-setup-swap: Skip /dev/zram* swap devices
    LP: #979350
  [ Serge Hallyn ]
  * src/utils/mount.ecryptfs_private.c:
    - EoL fixes
  [ Dustin Kirkland ]
  * CONTRIBUTING:
    - added a new file to describe how to contribute to ecryptfs
  * === added directory img/old, img/old/ecryptfs_14.png,
    img/old/ecryptfs_192.png, img/old/ecryptfs_64.png:
    - saving the old logos/branding for posterity
  * debian/copyright, img/COPYING:
    - added CC-by-SA 3.0 license
    - use the text version
  * img/ecryptfs_14.png, img/ecryptfs_192.png, img/ecryptfs_64.png:
    - added scaled copies of images used for Launchpad.net branding
  * src/utils/ecryptfs-recover-private: LP: #847505
    - add an option to allow user to enter the mount passphrase,
      in case they've recorded that, but forgotten their login
      passphrase
  * src/libecryptfs/sysfs.c: LP: #802197
    - default sysfs to /sys, if not found in /etc/mtab
    - it seems that reading /etc/mtab for this is outdated
    - ensure that ecryptfs works even if there is no sysfs entry
      in /etc/mtab
  * src/key_mod/ecryptfs_key_mod_tspi.c: LP: #462225
    - fix TPM and string_to_uuid 64bits issue
    - thanks to Janos for the patch
  [ Tyler Hicks ]
  * CONTRIBUTING:
    - clarified how to contribute to the ecryptfs kernel module
  * tests/lib/etl_funcs.sh:
    - created eCryptfs test library of bash functions for use in test
      cases and test harnesses
  * test/etl_add_passphrase_key_to_keyring.c:
    - created a C helper program to allow bash scripts to interface to
      the libecryptfs function that adds passphrase-based keys to the
      kernel keyring
  * tests/kernel/tests.rc, tests/userspace/tests.rc:
    - created a test case category files for test harnesses to source
      when running testcases of a certain category (destructive, safe,
      etc.)
  * tests/run_tests.sh:
    - created a test harness to run eCryptfs test cases
  * tests/kernel/miscdev-bad-count.sh,
    tests/kernel/miscdev-bad-count/test.c:
    - created test case for miscdev issue reported to mailing list
  * tests/kernel/lp-885744.sh:
    - created test case for pathconf bug
  * tests/kernel/lp-926292.sh:
    - created test case for checking stale inode attrs after setxattr
  * tests/new.sh:
    - created new test case template to copy from
  * tests/userspace/verify-passphrase-sig.sh,
    tests/userspace/verify-passphrase-sig/test.c:
    - created test case, for make check, to test the creation of
      passphrase-based fekeks and signatures
  * configure.ac, Makefile.am, tests/Makefile.am, tests/lib/Makefile.am,
    tests/kernel/Makefile.am, tests/userspace/Makefile.am:
    - updated and created autoconf/automake files to build the new tests
      directory
    - added make check target
  [ Eddie Garcia ]
  * img/*: LP: #907131
    - contributing a new set of logos and branding under the CC-by-SA3.0
      license
  [ Colin King ]
  * tests/kernel/extend-file-random.sh,
    tests/kernel/extend-file-random/test.c:
    - Test to randomly extend file size, read/write + unlink
  * tests/kernel/trunc-file.sh, tests/kernel/trunc-file/test.c:
    - Test to exercise file truncation
  * tests/kernel/directory-concurrent.sh,
    tests/kernel/directory-concurrent/test.c:
    - test for directory creation/deletion races with multiple processes
  * tests/kernel/file-concurrent.sh,
    tests/kernel/file-concurrent/test.c:
    - test for file creation/truncation/unlink races with multiple
      processes
  * tests/kernel/inotify.sh, tests/kernel/inotify/test.c:
    - test for proper inotify support
  * tests/kernel/mmap-dir.sh, tests/kernel/mmap-dir/test.c:
    - test that directory files cannot be mmap'ed
  * tests/kernel/read-dir.sh, tests/kernel/read-dir/test.c:
    - test that read() on directory files returns the right error
  * tests/kernel/setattr-flush-dirty.sh:
    - test that the modified timestamp isn't clobbered in writeback
  * tests/kernel/inode-race-stat.sh, tests/kernel/inode-race-stat/test.c:
    - test for inode initialization race condition
  [ Serge Hallyn ]
  * fix infinite loop on arm: fgetc returns an int, and -1 at end of
    options. Arm makes char unsigned. (LP: #884407)
  [ Dustin Kirkland ]
  * debian/compat, debian/control, debian/ecryptfs-utils.install,
    debian/ecryptfs-utils.lintian-overrides,
    debian/libecryptfs0.install, debian/libecryptfs-dev.install,
    debian/lintian/ecryptfs-utils, debian/python-ecryptfs.install,
    debian/rules, debian/source/options, doc/ecryptfs-pam-doc.txt,
    doc/manpage/ecryptfs-setup-private.1, lintian/ecryptfs-utils, ===
    removed directory debian/lintian:
    - merge a bunch of packaging changes from Debian's Daniel Baumann
    - fixes LP: #800647
  * scripts/release.sh:
    - minor release fixes
  [ Dustin Kirkland ]
  * scripts/release.sh:
    - fix release script
    - bump ubuntu release
  * doc/manpage/ecryptfs-recover-private.1, src/utils/ecryptfs-migrate-
    home (properties changed: -x to +x), src/utils/ecryptfs-recover-
    private:
    - add a --rw option for ecryptfs-recover-private
  * src/utils/ecryptfs-migrate-home: LP: #820416
    - show progress on rsync
  * debian/ecryptfs-utils.ecryptfs-utils-restore.upstart,
    debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
    src/utils/ecryptfs-migrate-home,
    src/utils/ecryptfs-setup-private: LP: #883238
    - remove 2 upstart scripts, which attempted to "save" users who didn't
      login after migrating their home; instead, we now require the root
      user to enter user passwords at migration time
  * debian/copyright, debian/ecryptfs-utils.ecryptfs-utils-
    restore.upstart, debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
    doc/manpage/ecryptfs.7, doc/manpage/ecryptfs-add-passphrase.1,
    doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
    mount-private.1, doc/manpage/ecryptfs-recover-private.1,
    doc/manpage/ecryptfs-rewrap-passphrase.1, doc/manpage/ecryptfs-
    rewrite-file.1, doc/manpage/ecryptfs-setup-private.1,
    doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
    doc/manpage/ecryptfs-umount-private.1, doc/manpage/ecryptfs-unwrap-
    passphrase.1, doc/manpage/ecryptfs-wrap-passphrase.1,
    doc/manpage/fr/ecryptfs-add-passphrase.1, doc/manpage/fr/ecryptfs-
    generate-tpm-key.1, doc/manpage/fr/ecryptfs-insert-wrapped-
    passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-mount-private.1,
    doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
    doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
    umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
    doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
    zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
    doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
    doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1,
    src/pam_ecryptfs/pam_ecryptfs.c,
    src/utils/ecryptfs_add_passphrase.c,
    src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    src/utils/ecryptfs-migrate-home, src/utils/ecryptfs-mount-private,
    src/utils/ecryptfs-recover-private,
    src/utils/ecryptfs_rewrap_passphrase.c, src/utils/ecryptfs-rewrite-
    file, src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-
    swap, src/utils/ecryptfs-umount-private,
    src/utils/ecryptfs_unwrap_passphrase.c,
    src/utils/ecryptfs_wrap_passphrase.c:
    - update some email addresses, moving kirkland@canonical.com ->
      kirkland@ubuntu.com (which I can still read)
  * src/libecryptfs/key_management.c: LP: #715066
    - fix 2 places where we were handling
      ecryptfs_add_passphrase_key_to_keyring() inconsistently
    - if we're trying to add a key to the keyring, and it's already there,
      treat that as "success"
  * debian/control:
    - ecryptfs-setup-swap is strongly recommended, which depends on
      cryptsetup; so promote cryptsetup from suggests -> recommends
  [ Stephan Ritscher and Tyler Hicks ]
  * src/libecryptfs/cmd_ln_parser.c: LP: #683535
    - fix passphrase_passwd_fd for pipes
    - handle memory allocation failures
    - free memory in error paths
  [ Arfrever Frehtes Taifersar Arahesis ]
  * configure.ac: LP: #893327
    - no need to check for python, if --disable-pywrap is passed
  * src/utils/ecryptfs-verify, src/utils/Makefile.am:
    - add an ecryptfs-verify utility, LP: #845738
  * src/testcases/write-read.sh:
    - added a write/read test utility
  * doc/manpage/ecryptfs-mount-private.1, doc/manpage/ecryptfs-setup-
    private.1, doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/umount.ecryptfs_private.1: LP: #882267
    - remove inaccurate documentation about being a member of the ecryptfs
      group
  * src/utils/ecryptfs-setup-private: LP: #882314
    - fix preseeded encrypted home Ubuntu installations (thanks Timo!)
  * src/libecryptfs/key_management.c: LP: #725862
    - fix nasty bug affecting users who do *not* encrypt filenames;
      the first login works, but on logout, only one key gets
      cleaned out; subsequent logins do not insert the necessary key
      due to an early "goto out"; this fix needs to be SRU'd
  * debian/rules: LP: #586281
    - fix perms on desktop mount file
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #838471
    - rework syslogging to be less noisy and note pam_ecryptfs
  [ Diego E. "Flameeyes" Pettenò ]
  * configure.ac:
    - fix reliance on nss-config, which hinders cross-compilation
  [ Marc Deslauriers ]
  * src/utils/mount.ecryptfs_private.c:
  * SECURITY UPDATE: wrong mtab ownership and permissions (LP: #830850)
    - debian/patches/CVE-2011-3145.patch: also set gid and umask before
      updating mtab in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-3145
  [ Marc Deslauriers ]
  * SECURITY UPDATE: privilege escalation via mountpoint race conditions
    (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
      before checking permissions in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1831
    - CVE-2011-1832
  * SECURITY UPDATE: race condition when checking source during mount
    (LP: #732628)
    - debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
      kernel option when mounting directory in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1833
  * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
      file first and make sure it succeeds before replacing the real mtab
      in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1834
  * SECURITY UPDATE: key poisoning via insecure temp directory handling
    (LP: #732628)
    - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
      user controlled directory in src/utils/ecryptfs-setup-private.
    - CVE-2011-1835
  * SECURITY UPDATE: information disclosure via recovery mount in /tmp
    (LP: #732628)
    - debian/patches/CVE-2011-1836.patch: mount inside protected
      subdirectory in src/utils/ecryptfs-recover-private.
    - CVE-2011-1836
  * SECURITY UPDATE: arbitrary file overwrite via lock counter race
    condition (LP: #732628)
    - debian/patches/CVE-2011-1837.patch: verify permissions with a file
      descriptor, and don't follow symlinks in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1837
  [ Dustin Kirkland ]
  * debian/control:
    - add missing build dependency needed for release
  * doc/manpage/ecryptfs-wrap-passphrase.1: fix minor error in manpage
  * src/desktop/ecryptfs-find, src/desktop/Makefile.am: LP: #799157
    - add a tool, /usr/share/ecryptfs-utils/ecryptfs-find that can
      help find cleartext/encrypted filenames by inode number
  * src/desktop/ecryptfs-find:
    - test file exists first; ditch the match;
      search all ecryptfs mounts that user can read/traverse
  * debian/ecryptfs-utils.links:
    - add a symlink for Ubuntu
  * scripts/release.sh:
    - improve release script
  [ Serge Hallyn ]
  * Fix from Christophe Dumez: mount.ecryptfs_private: Do not attempt to
    update mtab if it is a symbolic link. (LP: #789888)
  * src/utils/mount.ecryptfs_private.c:
    - reduce the window size for the TOCTOU race;
      does not entirely solve LP: #732628, which is going to need to be
      fixed in the kernel with some heavy locking
  * debian/control: update urls
  * src/utils/ecryptfs-mount-private: LP: #725862
    - fix ecryptfs-mount-private to insert only the fek, if filename
      encryption is disabled
  [ Paolo Bonzini <pbonzini@redhat.com> ]
  * src/utils/ecryptfs-setup-private: update the Private.* selinux
    contexts
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-private:
    - add -p to mkdir, address noise for a non-error
    - must insert keys during testing phase, since we remove keys on
      unmount now, LP: #725862
  * src/utils/ecryptfs_rewrap_passphrase.c: confirm passphrases in
    interactive mode, LP: #667331
  [ Jakob Unterwurzacher ]
  * src/pam_ecryptfs/pam_ecryptfs.c:
    - check if this file exists and ask the user for the wrapping passphrase
      if it does
    - eliminate both ecryptfs_pam_wrapping_independent_set() and
      ecryptfs_pam_automount_set() and replace with a reusable
      file_exists_dotecryptfs() function
  [ Serge Hallyn and Dustin Kirkland ]
  * src/utils/mount.ecryptfs_private.c:
    - support multiple, user configurable private directories by way of
      a command line "alias" argument
    - this "alias" references a configuration file by the name of:
      $HOME/.ecryptfs/alias.conf, which is in an fstab(5) format,
      as well as $HOME/.ecryptfs/alias.sig, in the same format as
      Private.sig
    - if no argument specified, the utility operates in legacy mode,
      defaulting to "Private"
    - rename variables, s/dev/src/ and s/mnt/dest/
    - add a read_config() function
    - add an alias char* to replace the #defined ECRYPTFS_PRIVATE_DIR
    - this is half of the fix to LP: #615657
  * doc/manpage/mount.ecryptfs_private.1: document these changes
  * src/libecryptfs/main.c, src/utils/mount.ecryptfs_private.c:
    - allow umount.ecryptfs_private to succeed when the key is no
      longer in user keyring.
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-recover-private: clean sigs of invalid characters
  * src/utils/mount.ecryptfs_private.c:
    - fix bug LP: #313812, clear used keys on unmount
    - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from
      umount.ecryptfs behave similarly
    - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek
  [ presgas@gmail.com ]
  * src/utils/ecryptfs-migrate-home:
    - support user databases outside of /etc/passwd, LP: #627506
  * src/desktop/ecryptfs-record-passphrase: fix typo, LP: #524139
  * debian/rules, debian/control:
    - disable the gpg key module, as it's not yet functional
    - clean up unneeded build-deps
    - also, not using opencryptoki either
  * doc/manpage/ecryptfs.7: fix minor documentation bug, reported by
    email by Jon 'maddog' Hall
  * doc/manpage/ecryptfs-recover-private.1, doc/manpage/Makefile.am,
    po/POTFILES.in, src/utils/ecryptfs-recover-private,
    src/utils/Makefile.am: add a utility to simplify data recovery
    of an encrypted private directory from a Live ISO, LP: #689969
  [ David Planella ]
  * Makefile.am, configure.ac, debian/control, debian/po/POTFILES.sh,
    debian/po/ecryptfs-utils.pot, debian/po/fr.po, debian/rules,
    po/POTFILES.in, src/desktop/Makefile.am,
    src/desktop/ecryptfs-mount-private.desktop,
    src/desktop/ecryptfs-mount-private.desktop.in,
    src/desktop/ecryptfs-record-passphrase,
    src/desktop/ecryptfs-setup-private.desktop,
    src/desktop/ecryptfs-setup-private.desktop.in:
    - internationalization work for LP: #358283
  * po/LINGUAS, po/ca.po: Catalan translation
  [ Yan Li <yan.i.li@intel.com> ]
  * src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/ecryptfs-migrate-home: add a script and pam hooks to
    support automatic migration to encrypted home directory
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-migrate-home: clean up for merge
    - use $() rather than ``
    - drop set -u
    - use = and !=, and quote vars, rather than testing with -ne, -eq,
      for better shell portability
    - improve usage statement and error text
    - check if already encrypted
    - handle migration of multiple users on boot
    - fix all whitespace, use tabs for indents
    - use quotes around variables, rather than ${} (stylistic preference)
    - major simplification for immediate release
      + remove boot and user modes; only support administrator mode for
        security reasons and to avoid race conditions
      + other modes can be re-added, if necessary, and if security
        concerns can be addressed
    - ensure running as root
    - drop VERBOSE option, always print useful info messages
    - call the user $USER_NAME rather than $USER_ID since id implies
      number, and here we're deailing with names
    - no decimals on awk calculation
    - mktemp on the target user, not root
    - check that there is enough disk space available to do the migration
    - ensure the user's homedir group is correct
    - add critical instructions, user *must* login after the migration and
      before the reboot, as their wrapped passphrase will be cleared on
      reboot (possible we should use an init script to move these to
      /var/tmp on reboot)
    - ensure permissions are set correctly
    - improve text at the end of the migration, organize into notes
  * ecryptfs-utils.ecryptfs-utils-restore.upstart,
    ecryptfs-utils.ecryptfs-utils-save.upstart, rules:
    - try to protect migrating users who don't login before the next reboot
  * debian/ecryptfs-utils.install: install the locale messages
  * src/desktop/ecryptfs-record-passphrase: improve dialog text
  * src/desktop/ecryptfs-record-passphrase: revert the _ bit, as it's not quite
    working yet, will need to talk to David to fix
  * src/utils/ecryptfs-setup-private: fix bug where setup-private
    incorrectly assumed that the home/private dir ownerships should
    be owned by USER:USER; instead, default to USER:GROUP, where
    GROUP is the USER's primary group by default, LP: #445301
  * src/utils/ecryptfs-setup-private, debian/control: LP: #456565
    - fix typo, s/getext/gettext
    - depend on gettext-base
  * src/utils/ecryptfs-setup-private: fix printing of error strings,
    which was broken by the gettext integration, LP: #471725;
    in doing so, use $() in place of ``, use '' for gettext arguments,
    and wrap gettext in "", like this: foo="$(gettext 'blah blah')"
  * debian/control: one package per line, helps tremendously when looking
    at diffs
  * debian/copyright: Add new fields
  * debian/ecryptfs-utils.postinst: minor set -e change
  [ Michael Terry ]
  * src/utils/ecryptfs-setup=swap: clean up some error message reporting,
    LP: #430891, #430890
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs.7: note the 64-char passphrase limit, LP: #386504
  * src/utils/ecryptfs-setup-private: minor documentation change
  [ Evan Dandrea ]
  * src/utils/ecryptfs-setup-swap: allow for setting up encrpyted swap,
    without activating it immediately, necessary for livecd installations
  [ Dustin Kirkland ]
  * debian/control: updated bzr and browser urls, bumped standards version
  * src/pam_ecryptfs/pam_ecryptfs.c: silence useless, oft-shown info
    message
  * src/utils/ecryptfs-mount-private, src/utils/ecryptfs-rewrite-file,
    src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-swap,
    src/utils/ecryptfs-umount-private: use gettext for all string printing,
    such that we can internationalize ecryptfs
  * po/POTFILES.sh, po/ecryptfs-utils.pot, po/fr.po, rules: add po to the
    build system; for now, in the debian/ directory; this should be put in
    the upstream source tree eventually (but I need some help with the
    automake/autoconf integration)
  * ecryptfs-setup-swap: exit(0) if there's no swaps to encrypt, ensures
    that this script succeeds if there is no swap space that needs to be
    secured, or if the existing swap space is already secured
  * doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
    doc/manpage/umount.ecryptfs.8, doc/manpage/Makefile.am: added manpagess
  * doc/manpage/ecryptfs.7: fix lintian warning
  * debian/lintian/ecryptfs-utils: added a lintian overrides file
  * debian/lintian/ecryptfs-utils, debian/ecryptfs-utils.install: add and
    install some proper lintian overrides
  * src/libecryptfs/module_mgr.c: fix typo, LP: #408437
  [ Evan Dandrea ]
  * ecryptfs-setup-swap: support more than one encrypted swap device
  [ Dorin Scutarașu ]
  * src/libecryptfs/key_management.c: fix null pointer deref, LP: #409565
  [ James Westby ]
  * src/libecryptfs/main.c flockfile the filehandle after checking that
    we were able to successfully open it (LP: #403011)
  * debian/libecryptfs0.shlibs: bump shlibs dep to 77 since we added new
    symbols there
  [ Dustin Kirkland ]
  * src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c:
    revert the zombie code removal from pam_ecryptfs as it seems this
    bit is still needed; fix the source of the problem introduced in
    commit r407; check for non-zero return codes; this problem would
    manifest itself as a) unable to unlock screensaver, b) unable to
    switch users, c) unable to mount home folder on initial login;
    LP: #402222, #402029
  * src/utils/ecryptfs-umount-private: use for loop to loop over key
    ids on removal
  * src/utils/mount.ecryptfs_private.c: return non-zero on unmount failure
    due to open sessions; handle this in ecryptfs-umount-private too; make
    the flock() blocking; use /dev/shm for counter; add an iterator to the
    counter file to prevent users from DoS'ing one another from accessing
    their encrypted directories, LP: #402745
  * debian/ecryptfs-utils.postinst: move /tmp counters to /dev/shm
  * configure.ac: link against pam, silence shlib warning
  * src/include/ecryptfs.h, src/libecryptfs/main.c,
    src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/mount.ecryptfs_private.c: move two functions from
    mount.ecryptfs_private to libecryptfs, namely is_mounted() and
    fetch_private_mnt(); use these in both pam_ecryptfs and
    mount.ecryptfs_private; also move PRIVATE to ECRYPTFS_PRIVATE in
    the ecryptfs.h headers; this will allow us to short-circuit some of the
    costly key-loading code on pam_auth if the private dir is already
    mounted, speeding up some subsequent authentications significantly,
    LP: #402748
  * doc/ecryptfs-mount-private.txt: removed the "$" to make copy-n-paste
    more user friendly
  * src/utils/ecryptfs-setup-private: when encrypting home, put the
    .ecryptfs and .Private data in /home/.ecryptfs rather than /var/lib,
    as users are forgetting to backup /var/lib, and are often putting
    /home on a separate partition; furthermore, this gives users a place
    to access their encrypted data for backup, rather than hiding the
    data below $HOME, LP: #371719
  [ Tyler Hicks ]
  * src/libecryptfs/cipher_list.c, src/libecryptfs/module_mgr.c:
    add blowfish/56-bytes to the list of ciphers we officially support,
    LP: #402790
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-swap: switch from vol_id to blkid,
    LP: #376486
  * debian/ecryptfs-utils.postinst, src/utils/ecryptfs-setup-private:
    don't echo mount passphrase if running in bootstrap mode; prune
    potential leakages from install log, LP: #383650
  * SECURITY UPDATE: mount passphrase recorded in install log (LP: #383650).
    - debian/ecryptfs-utils.postinst: prune private information from
      installer log
    - src/utils/ecryptfs-setup-private: don't echo passphrase if running in
      bootstrap mode
    - CVE-2009-1296
  * src/utils/ecryptfs-setup-private: make some of the lanuage more readable,
    (thanks, anrxc)
  * README, configure.ac, debian/control, debian/rules,
    doc/sourceforge_webpage/README, src/libecryptfs-swig/libecryptfs.py,
    src/libecryptfs-swig/libecryptfs_wrap.c,
    src/libecryptfs/key_management.c, src/libecryptfs/libecryptfs.pc.in,
    src/libecryptfs/main.c, src/pam_ecryptfs/Makefile.am,
    src/utils/manager.c, src/utils/mount.ecryptfs.c: move build from gcrypt
    to nss (this change has been pending for some time)
  * src/utils/ecryptfs-dot-private: dropped, was too hacky
  * ecryptfs-mount-private.1, ecryptfs-setup-private.1: align the
    documentation and implementation of the wrapping-independent feature,
    LP: #383746
  * src/utils/ecryptfs-umount-private: use keyctl list @u, since keyctl show
    stopped working, LP: #400484, #395082
  * src/utils/mount.ecryptfs_private.c: fix counter file locking; solves
    a longstanding bug about "random" umount caused by cronjobs, LP: #358573
  [ Michal Hlavinka (edits by Dustin Kirkland) ]
  * doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs.7,
    doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/umount.ecryptfs_private.1: documentation updated to note
    possible ecryptfs group membership requirements; Fix ecrypfs.7 man
    page and key_mod_openssl's error message; fix typo
  * src/libecryptfs/decision_graph.c: put a finite limit (5 tries) on
    interactive input; fix memory leaks when asking questions
  * src/libecryptfs/module_mgr.c: Don't error out with EINVAL when
    verbosity=0 and some options are missing.
  * src/utils/umount.ecryptfs.c: no error for missing key when removing it
  * src/libecryptfs-swig/libecryptfs.i: fix compile werror, cast char*
  * src/utils/ecryptfs_add_passphrase.c: fix/test/use return codes;
    return nonzero for --fnek when not supported but used
  * src/include/ecryptfs.h, src/key_mod/ecryptfs_key_mod_openssl.c,
    src/libecryptfs/module_mgr.c: refuse mounting with too small rsa
    key (key_mod_openssl)
  * src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c: fix return
    codes
  * src/utils/ecryptfs-rewrite-file: polish output
  * src/libecryptfs/key_management.c: inform about full keyring; insert fnek
    sig into keyring if fnek support check fails; don't fail if key already
    exists in keyring
  * src/utils/ecryptfs-setup-private: if the ecryptfs group exists, restrict
    ecryptfs-setup-private to members of this group
  * src/pam_ecryptfs/pam_ecryptfs.c: dynamically load ecryptfs module by
    checking ecryptfs version
  * src/libecryptfs/decision_graph.c, src/utils/io.c,
    src/utils/mount.ecryptfs.c: fix EOF handling, LP: #371587
  * src/desktop/Makefile.am: make desktop files trusted, LP: #371426
  [ Dustin Kirkland and Daniel Baumann ]
  * debian/control, debian/copyright, debian/ecryptfs-utils.dirs,
    debian/ecryptfs-utils.install, debian/ecryptfs-utils.postinst,
    debian/rules, ecryptfs-utils.pam-auth-update: sync Ubuntu's
    packaging with Debian; drop dpatch, drop libssl build dep, clean
    up extraneous debhelper bits, match cflags; remaining diff is only
    ecryptfs-utils.prerm
  [ Arfrever Frehtes Taifersar Arahesis ]
  * key_mod/ecryptfs_key_mod_gpg.c,
    key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    libecryptfs/key_management.c, utils/ecryptfs_unwrap_passphrase.c:
    Fix warnings, initialize a few variables, drop unused ones
  [ David Hicks ]
  * src/lib/key_management.c: fix stray semicolon that prevents .ecryptfsrc
    files from working properly, LP: #372709
  [ Michael Rooney ]
  * src/python/ecryptfsapi.py: added python api
  [ Dustin Kirkland ]
  * debian/rules: drop hackery that moves stuff /usr/share/ecryptfs-utils
  * src/utils/mount.ecryptfs_private.c: update inline documentation
  * debian/changelog, src/libecryptfs/cmd_ln_parser.c,
    src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c,
    src/utils/ecryptfs_add_passphrase.c,
    src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    src/utils/ecryptfs_rewrap_passphrase.c,
    src/utils/ecryptfs_unwrap_passphrase.c,
    src/utils/ecryptfs_wrap_passphrase.c: silence some useless logging,
    LP: #313330
  * include/ecryptfs.h, libecryptfs/key_management.c,
    utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    utils/ecryptfs_unwrap_passphrase.c: if the file to unwrap is
    unspecified, try to use the default ~/.ecryptfs/wrapped-passphrase
    before bailing out, LP: #359997
  * src/utils/ecryptfs-setup-private: unix_chkpwd is not always present
    (eg, gentoo), LP: #332341
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7: ecryptfs_encrypted_view option desription
    was wrong LP: #328761
  [ Michal Hlavinka ]
  * decision_graph.c: fix uninitialized return code
  * mount.ecryptfs.c: don't pass verbosity option to kernel
  [ anrxc & Dustin Kirkland ]
  * doc/Makefile.am, src/desktop/Makefile.am: fix automake installation from
    /usr/share to /usr/share/ecryptfs-utils
  [ Daniel Baumann & Dustin Kirkland ]
  * debian/rules, debian/control: sync differences between Debian & Ubuntu's
    packaging
  [ Arfrever Frehtes Taifersar Arahesis ]
  * src/key_mod/ecryptfs_key_mod_gpg.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c: fix implicit declations
  [ Frédéric Guihéry ]
  * key_mod/ecryptfs_key_mod_tspi.c, utils/ecryptfs_generate_tpm_key.c:
    the SRK password should be set to 20 bytes of NULL (wellknown
    password), in order for different tools to request key protection
    with the Storage Root Key
  [ Michal Hlavinka ]
  * Changes for RH/Fedora release
    - change error codes to be more descriptive
    - decision_graph.h, *: change definition of node return codes to positive
      values
    - mount.ecryptfs.c: insist for yes/no answer for unkown sigs
    - don't print error for removing key from keyring if it succeeded
    - module_mgr.c: insist on yes/no answer
    - use ECRYPTFS_NONEMPTY_VALUE_REQUIRED where reasonable
    - pam_ecryptfs.c: don't try to unwrap key for users not using pam mounting
    - add verbosity to man page
    - decision_graph.* : add ECRYPTFS_NONEMPTY_VALUE_REQUIRED flag for nodes
    - decision_graph.* : add WRONG_VALUE return code to nodes for asking
      question again
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-private: fix bug in grep when running with LANG
    in other locales, LP: #347969
  * doc/manpage/ecryptfs.7: add notes about verbose option
  * src/desktop: add the desktop files to the dist tarball
  * src/utils/ecryptfs-dot-private: sourceable file for accessing your
    encrypted data; useful for conducting backups
  [ Martin Pitt and Dustin Kirkland ]
  Reworked the fixes for LP: #352307, remind user to record their passphrase
  * src/desktop/ecryptfs-record-passphrase: run if
    ~/.ecryptfs/.wrapped-passphrase.recorded does NOT exist; touch that
    file upon successful run of unwrap passphrase
  * debian/patches/00list,
    debian/patches/update-notifier-remind-passphrase.dpatch: dropped, since
    this was moved into PAM

ubuntu/trusty 2014-01-23 22:58:23 UTC 2014-01-23
Import patches-unapplied version 104-0ubuntu1 to ubuntu/trusty-proposed

Author: Nobuto Murata
Author Date: 2013-02-20 16:56:33 UTC

Import patches-unapplied version 104-0ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: dd52703b628dbc7ba718e7d068506782c275f428

New changelog entries:
  [ Colin King ]
  * src/libecryptfs/ecryptfs-stat.c, tests/kernel/extend-file-
    random/test.c, tests/kernel/inode-race-stat/test.c,
    tests/kernel/trunc-file/test.c:
    - Fixed some 32 bit build warnings
  * src/libecryptfs/decision_graph.c, src/libecryptfs/key_management.c,
    src/libecryptfs/main.c, src/libecryptfs/module_mgr.c, src/utils/io.c,
    src/utils/mount.ecryptfs_private.c, tests/kernel/inotify/test.c,
    tests/kernel/trunc-file/test.c, tests/userspace/wrap-unwrap/test.c:
    - Fixed a pile of minor bugs (memory leaks, unclosed file descriptors,
      etc.) mostly in error paths
  * src/key_mod/ecryptfs_key_mod_passphrase.c, src/libecryptfs/main.c,
    src/pam_ecryptfs/pam_ecryptfs.c:
    - more Coverity fixes, memory leak, error checking, etc.
  [ Nobuto MURATA ]
  * fix an empty update-notifier window (LP: #1107650)
    - changes made in Rev.758 was incomplete
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7:
    - adjust man page text to avoid confusion about whether the interactive
      mount helper takes a capital 'N' for the answer to y/n questions
      (LP: #1130460)
  * src/utils/ecryptfs_rewrap_passphrase.c:
    - Handle errors when interactively reading the new wrapping passphrase
      and the confirmation from stdin. Fixes a segfault (invalid memory read)
      in ecryptfs-rewrap-passphrase if there was an error while reading either
      of these passphrases.
  * configure.ac:
    - Set AM_CPPFLAGS to always include config.h as the first include file.
      Some .c files correctly included config.h before anything else. The
      majority of .c files got this wrong by including it after other header
      files, including it multiple times, or not including it at all.
      Including it in the AM_CPPFLAGS should solve these problems and keep
      future mistakes from happening in new source files.
    - Enable large file support (LFS) through the use of the AC_SYS_LARGEFILE
      autoconf macro. ecryptfs-utils has been well tested with LFS enabled
      because ecryptfs-utils is being built with
      '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' in Debian-based distros.
      This is mainly needed for some of the in-tree regression tests but
      ecryptfs-utils, in general, should be built with LFS enabled.
  * debian/rules:
    - Don't append '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' to the CFLAGS
      now that the upstream build enables LFS
  * tests/userspace/lfs.sh, tests/userspace/lfs/test.c:
    - Add a test to verify that LFS is enabled. This test is run under the
      make check target.
  * tests/kernel/enospc/test.c:
    - Fix test failures on 32 bit architectures due to large file sizes
      overflowing data types
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-swap: LP: #1172014
    - write crypttab entry using UUID
  * src/utils/ecryptfs-recover-private: LP: #1028532
    - error out, if we fail to mount the private data correctly
  [ Colin King and Dustin Kirkland ]
  * configure.ac, src/daemon/main.c, src/libecryptfs/cmd_ln_parser.c,
    src/libecryptfs/decision_graph.c, src/utils/mount.ecryptfs.c,
    tests/kernel/trunc-file/test.c:
    - remove some dead code, fix some minor issues raised by Coverity
  [ Tyler Hicks ]
  * debian/rules:
    - Use dpkg-buildflags to inject distro compiler hardening flags into the
      build. This also fixes the hardening-no-fortify-functions lintian
      warnings.
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
    doc/manpage/ecryptfs-find.1, doc/manpage/ecryptfs-generate-tpm-
    key.1, doc/manpage/ecryptfs-insert-wrapped-passphrase-into-
    keyring.1, doc/manpage/ecryptfs-manager.8, doc/manpage/ecryptfs-
    migrate-home.8, doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
    passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
    swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
    private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
    doc/manpage/ecryptfs-verify.1, doc/manpage/ecryptfs-wrap-
    passphrase.1, doc/manpage/Makefile.am, doc/manpage/mount.ecryptfs.8,
    doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
    doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1, src/desktop/ecryptfs-find =>
    src/utils/ecryptfs-find, src/desktop/Makefile.am,
    src/utils/Makefile.am:
    - add 3 new manpages, for ecryptfs-find, ecryptfs-verify, and
      ecryptfs-migrate-home
    - Add SEE ALSO section to manpages which were missing it
    - Mention "Debian and Ubuntu" in license location
    - move the ecryptfs-find utility to the proper location in src/utils
  * src/utils/Makefile.am:
    - fix broken build
  * debian/ecryptfs-utils.links:
    - link no longer needed for ecryptfs-find
  [ Colin King ]
  * === added directory tests/kernel/mmap-bmap, === added directory
    tests/kernel/xattr, tests/kernel/link.sh, tests/kernel/Makefile.am,
    tests/kernel/mknod.sh, tests/kernel/mmap-bmap.sh, tests/kernel/mmap-
    bmap/test.c, tests/kernel/tests.rc, tests/kernel/xattr.sh,
    tests/kernel/xattr/test.c:
    - ran the current eCryptfs tests on 3.8-rc4 with kernel gcov enabled
      and spotted a few trivial areas where it would be useful to up the
      test coverage on the code
    - so here are a few very simple additional tests to exercise eCryptfs
      a little further
  [ Dustin Kirkland ]
  * debian/control:
    - bump standards, no change
  [ Tyler Hicks ]
  * autogen.sh, scripts/release.sh, Makefile.am:
    - Break out the autoreconf and intltoolize commands from release.sh into
      an executable autogen.sh
    - Use the --copy option when invoking intltoolize
    - Include the new autogen.sh script in the release tarball
  * debian/rules, debian/control:
    - Use dh-autoreconf so that upstream sources can easily be used to build
      packages for all the stable Ubuntu releases in the ecryptfs-utils daily
      build PPA
    - Override the dh_autoreconf target by running the autogen.sh script
    - Drop Build-Depends on autotools-dev since dh-autoreconf is a superset of
      autotools-dev
    - Drop Build-Depends on autoconf, automake, and libtool since
      dh-autoreconf depends on all of these packages
  * m4/ac_python_devel.m4:
    - Fix FTBFS in Raring Ringtail due to multiarch Python. Be sure to include
      platform specific Python include directions in SWIG_PYTHON_CPPFLAGS.
  * src/utils/mount.ecryptfs_private.c:
    - Fix conditionals when checking whether to remove authentication tokens
      from the kernel keyring upon umount. This conditional was incorrectly
      modified in ecryptfs-utils-101, yet the authentication tokens still seem
      to be removed from the kernel keyring so it isn't clear if there was
      actually a user-facing regression.
    - Pass the FEKEK sig, rather than the FNEK sig, to
      ecryptfs_private_is_mounted()
    - Restore behavior of not printing error messages to syslog when
      unmounting and keys cannot be found in the kernel keyring.
    - Restore behavior of printing a useful error message about
      ecryptfs-mount-private when mounting and keys cannot be found in the
      kernel keyring
    - Fix memory leak and clean up free()'s in an error path
    - Use pointer assignment tests, rather than strlen(), to determine which
      key signatures were fetched
  * src/daemon/main.c, src/include/ecryptfs.h,
    src/libecryptfs/{Makefile.am,messaging.c,miscdev.c,netlink.c,sysfs.c},
    doc/manpage/ecryptfsd.8, doc/design_doc/ecryptfs_design_doc_v0_2.tex:
    - Remove netlink messaging interface support
    - Netlink messaging support was superceded by the miscdev interface
      (/dev/ecryptfs) in upstream kernel version 2.6.26 in July, 2008
    - Netlink messaging support was completely removed from the upstream
      kernel starting with version 2.6.32 in December, 2009
  * src/jprobes/*, scripts/delete-cruft.sh:
    - Remove all jprobes code, as I don't use jprobes to debug eCryptfs kernel
      issues and I don't like the idea of maintaining these jprobes outside of
      the kernel tree
  * src/escrow/*:
    - Remove all escrow code, as it isn't used or maintained
  * tests/kernel/llseek.sh, tests/kernel/llseek/test.c,
    tests/userspace/wrap-unwrap.sh, tests/userspace/wrap-unwrap/test.c:
    - Migrate some old testcases over to the modern test framework
  * tests/lib/etl_funcs.sh:
    - Update etl_create_test_dir() to allow a parent directory to be specified
      when creating the directory
  * src/testcases:
    - Delete old testcases that were either too basic, covered by more
      extensive tests in the modern test framework, or just didn't work
  [ Nobuto MURATA ]
  * src/desktop/ecryptfs-record-passphrase:
  [ Eric Lammerts ]
  * src/libecryptfs/sysfs.c: LP: #1007880
    - Handle NULL mnt pointer when sysfs is not mounted
  [ Tyler Hicks ]
  * src/utils/ecryptfs-migrate-home: LP: #1026180
    - Correct minor misspelling
  * src/utils/ecryptfs-recover-private: LP: #1004082
    - Fix option parsing when --rw is specified
  * src/utils/ecryptfs-recover-private: LP: #1028923
    - Simplify success message to prevent incorrectly reporting that a
      read-only mount was performed when the --rw option is specified
  * tests/lib/etl_func.sh:
    - Add test library function to return a lower path from an upper path,
      based on inode numbers
  * tests/kernel/mmap-close.sh, tests/kernel/mmap-close/test.c:
    - Add regression test for open->mmap()->close()->dirty memory->munmap()
      pattern
  * tests/kernel/lp-561129.sh:
    - Add test for checking that a pre-existing target inode is properly
      evicted after a rename
  * tests/README:
    - Add documentation on the steps to take when adding new test cases
  [ Colin King ]
  * tests/kernel/lp-911507.sh:
    - Add test case for initializing empty lower files during open()
  * tests/kernel/lp-872905.sh:
    - Add test case to check for proper unlinking of lower files when
      lower file initialization fails
  * src/key_mod/ecryptfs_key_mod_openssl.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    src/libecryptfs/key_management.c,
    src/utils/mount.ecryptfs_private.c, src/utils/umount.ecryptfs.c:
    - address some issues raised by smatch static analysis
    - fix some memory leaks with frees
    - fix some pointer refs and derefs
    - fix some comment typos
  [ Dustin Kirkland ]
  * src/libecryptfs/key_management.c:
    - silence pam error message when errno == EACCES
      + "Error attempting to parse .ecryptfsrc file; rc = [-13]"
  * src/utils/mount.ecryptfs_private.c: LP: #1052038
    - fix race condition, which typically manifests itself with a user
      saying that their home directory is not accessible, or that their
      filenames are not decrypted
    - the root of the problem is that we were reading the signature file,
      ~/.ecryptfs/Private.sig, twice; in some cases, the first one succeeds,
      so the file encryption signature is read and key is loaded, but then
      some other process (usually from PAM, perhaps a cron job or a
      subsequent login) mounts the home directory before the filename
      encryption key is loaded; thus, $HOME is mounted but filenames are
      not decrypted, so the second read of ~/.ecryptfs/Private.sig fails
      as that file is not found
    - the solution is to rework the internal fetch_sig() function and read
      one or both signatures within a single open/read/close operation of
      the file
    - free memory used by char **sig on failure
  * debian/copyright:
    - fix lintian warning
  [ Tyler Hicks ]
  * src/pam_ecryptfs/pam_ecryptfs.c, src/libecryptfs/key_management.c:
      LP: #1024476
    - fix regression introduced in ecryptfs-utils-99 when Encrypted
      Home/Private is in use and the eCryptfs kernel code is compiled as a
      module
    - drop check for kernel filename encryption support in pam_ecryptfs, as
      appropriate privileges to load the eCryptfs kernel module may not be
      available and filename encryption has been supported since 2.6.29
    - always add filename encryption key to the kernel keyring from pam_mount
  [ Colin King ]
  * tests/kernel/inode-race-stat/test.c:
    - limit number of forks based on fd limits
  * tests/kernel/enospc.sh, tests/kernel/enospc/test.c,
    tests/kernel/Makefile.am, tests/kernel/tests.rc:
    - add test case for ENOSPC
  [ Tim Harder ]
  * m4/ac_python_devel.m4: LP: #1029217
    - proplery save and restore CPPFLAGS and LIBS when python support is
      enabled
  [ Dustin Kirkland ]
  * debian/ecryptfs-utils.postinst: LP: #936093
    - ensure desktop file is executable
  [ Wesley Wiedenmeier ]
  * src/utils/mount.ecryptfs.c: LP: #329264
    - remove old hack, that worked around a temporary kernel regression;
      ensure that all mount memory is mlocked
  [ Sebastian Krahmer ]
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #732614
    - drop group privileges in the same places that user privileges are
      dropped
    - check return status of setresuid() calls and return if they fail
    - drop privileges before checking for the existence of
      ~/.ecryptfs/auto-mount to prevent possible file existence leakage
      by a symlink to a path that typically would not be searchable by
      the user
    - drop privileges before reading salt from the rc file to prevent the
      leakage of root's salt and, more importantly, using the incorrect salt
    - discovered, independently, by Vasiliy Kulikov and Sebastian Krahmer
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #1020904
    - after dropping privileges, clear the environment before executing the
      private eCryptfs mount helper
    - discovered by Sebastian Krahmer
  * src/utils/mount.ecryptfs_private.c: LP: #1020904
    - do not allow private eCryptfs mount aliases to contain ".." characters
      as a preventative measure against a crafted file path being used as an
      alias
    - force the MS_NOSUID mount flag to protect against user controlled lower
      filesystems, such as an auto mounted USB drive, that may contain a
      setuid-root binary
      + CVE-2012-3409
    - force the MS_NODEV mount flag
    - after dropping privileges, clear the environment before executing umount
    - discovered by Sebastian Krahmer
  [ Tyler Hicks ]
  * src/libecryptfs/key_management.c: LP: #732614
    - zero statically declared buffers to prevent the leakage of stack
      contents in the case of a short file read
    - discovered by Vasiliy Kulikov
  * src/libecryptfs/module_mgr.c, src/pam_ecryptfs/pam_ecryptfs.c:
    - fix compiler warnings
  [ Dustin Kirkland ]
  * debian/ecryptfs-utils.prerm:
    - drop the pre-removal ERRORs down to WARNINGs
    - these have caused a ton of trouble; whatever is causing ecryptfs-utils
      to be marked for removal should be fixed; but ecryptfs exiting 1 seems
      to be causing more trouble than it's worth
    - LP: #871021, #812270, #988960, #990630, #995381, #1010961
  * doc/ecryptfs-faq.html:
    - update the frequently asked questions, which haven't seen much
      attention in a while now
    - drop a few references to sourceforge
  * doc/ecryptfs-pam-doc.txt, doc/manpage/fr/ecryptfs-add-passphrase.1,
    doc/manpage/fr/ecryptfs-generate-tpm-key.1, doc/manpage/fr/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-
    mount-private.1, doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
    doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
    umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
    doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
    zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
    doc/sourceforge_webpage/ecryptfs-article.pdf,
    doc/sourceforge_webpage/ecryptfs_design_doc_v0_1.pdf,
    doc/sourceforge_webpage/ecryptfs-faq.html,
    doc/sourceforge_webpage/ecryptfs-key-diagram-356.png,
    doc/sourceforge_webpage/ecryptfs-key-diagram-640.png,
    doc/sourceforge_webpage/ecryptfs-pageuptodate-call-graph.png,
    doc/sourceforge_webpage/ecryptfs-pam-doc.txt,
    doc/sourceforge_webpage/ecryptfs.pdf,
    doc/sourceforge_webpage/index.html, doc/sourceforge_webpage/README,
    === removed directory doc/manpage/fr, === removed directory
    doc/sourceforge_webpage, rpm/ecryptfs-utils.spec:
    - remove some deprecated documentation
    - fish it out of bzr, if we ever need it again, but let's
      quit publishing it in our release tarballs
  [ Kees Cook ]
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #938326
    - exit, rather than return to prevent duplicate processes
  [ Andreas Raster ]
  * src/desktop/ecryptfs-find:
    - $mounts was quoted once too often
  [ George Wilson ]
  * src/key_mod/ecryptfs_key_mod_openssl.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    src/key_mod/ecryptfs_key_mod_tspi.c: LP: #937331
    - IBM would like to grant a license exception for key modules that
      require linking to OpenSSL. The change should make the modules
      shippable by Linux distributions
  [ Dustin Kirkland ]
  * debian/copyright:
    - note the GPLv2 SSL exception granted by IBM for the key modules
  * debian/control, debian/copyright, doc/manpage/ecryptfs.7,
    doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
    doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
    manager.8, doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
    passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
    swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
    private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
    doc/manpage/ecryptfs-wrap-passphrase.1,
    doc/manpage/mount.ecryptfs.8, doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/pam_ecryptfs.8, doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1, README,
    src/utils/mount.ecryptfs.c:
    - use the new ecryptfs.org website where appropriate
  * debian/control:
    - update to suggest zescrow-client
  [ Sergio Peña ]
  * src/libecryptfs/cipher_list.c: LP: #922821
    - add the new name of the blowfish cipher (linux >= 3.2)
  * src/include/ecryptfs.h, src/libecryptfs/main.c,
    src/utils/mount.ecryptfs.c: LP: #917509
    - use execl() to mount ecryptfs
    - this allows us to support any arbitrary mount options in
      /etc/fstab
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7:
    - Remove the note saying that the passphrase and openssl key modules are
      available by default. That's true upstream but not always true in distro
      builds.
  * tests/run_tests.sh:
    - Make upper and lower mount point arguments optional by automatically
      creating directories in /tmp by default.
    - Make it possible to run only userspace tests without having to specify
      unused mount information
    - Accept a comma-separated list of lower filesystems to test on and loop
      through all kernel tests for each lower filesystem
    - Accept a comma-separated list of tests to run
  * tests/lib/etl_funcs.sh:
    - Unset $ETL_DISK just before etl_remove_disk() successfully returns
  * tests/userspace/Makefile.am:
    - Also build 'make check' tests when building with --enable-tests
  * include/ecryptfs.h, libecryptfs/Makefile.am,
    libecryptfs/cipher_list.c, libecryptfs/module_mgr.c,
    utils/io.h: LP: #994813
    - remove overly complicated implementation to detect what ciphers
      are supported by the currently running kernel's crypto api
    - prompt for the entire supported cipher list, if the user selects a
      cipher that their kernel doesn't support, the mount will fail
      and the kernel will write an error message to the syslog
  * src/libecryptfs/module_mgr.c:
    - Use correct blowfish block size when displaying supported ciphers to
      the user
  * tests/kernel/lp-1009207.sh, tests/kernel/Makefile.am,
    tests/kernel/tests.rc:
    - Add simple test case for incorrect handling of umask and default POSIX
      ACL masks
  * tests/kernel/lp-994247.sh, tests/kernel/lp-994247/test.c,
    tests/kernel/Makefile.am, tests/kernel/tests.rc:
    - Add test case for incorrect handling of open /dev/ecryptfs file
      descriptors that are passed or inherited by other processes
  [ Colin King ]
  * tests/lib/etl_funcs.sh:
    - etl_lumount() should use DST rather than SRC dir so it can run on Lucid
    - use file system appropriate mkfs force flag
    - cater for correct ext2 default mount flags
  * tests/kernel/lp-509180.sh, tests/kernel/lp-509180/test.c:
    - test for trailing garbage at end of files
  * tests/kernel/lp-524919.sh, tests/kernel/lp-524919/test.c:
    - test case for checking lstat/readlink size
  * tests/kernel/lp-870326.sh, tests/kernel/lp-870326/test.c:
    - test case for open(), mmap(), close(), modify mmap'd region
  * tests/kernel/lp-469664.sh:
    - test case for lsattr
  * tests/kernel/lp-613873.sh:
    - test case for stat modify time
  * tests/kernel/lp-745836.sh:
    - test case for clearing ECRYPTFS_NEW_FILE flag during truncate
  * tests/lib/etl_funcs.sh, tests/kernel/extend-file-random.sh,
    tests/kernel/trunc-file.sh (LP: #1007159):
    - Add test library function for estimating available space in lower fs
    - Use new library function in tests that need to create large files
  [ Colin Watson ]
  * src/utils/ecryptfs-setup-swap: Skip /dev/zram* swap devices
    LP: #979350
  [ Serge Hallyn ]
  * src/utils/mount.ecryptfs_private.c:
    - EoL fixes
  [ Dustin Kirkland ]
  * CONTRIBUTING:
    - added a new file to describe how to contribute to ecryptfs
  * === added directory img/old, img/old/ecryptfs_14.png,
    img/old/ecryptfs_192.png, img/old/ecryptfs_64.png:
    - saving the old logos/branding for posterity
  * debian/copyright, img/COPYING:
    - added CC-by-SA 3.0 license
    - use the text version
  * img/ecryptfs_14.png, img/ecryptfs_192.png, img/ecryptfs_64.png:
    - added scaled copies of images used for Launchpad.net branding
  * src/utils/ecryptfs-recover-private: LP: #847505
    - add an option to allow user to enter the mount passphrase,
      in case they've recorded that, but forgotten their login
      passphrase
  * src/libecryptfs/sysfs.c: LP: #802197
    - default sysfs to /sys, if not found in /etc/mtab
    - it seems that reading /etc/mtab for this is outdated
    - ensure that ecryptfs works even if there is no sysfs entry
      in /etc/mtab
  * src/key_mod/ecryptfs_key_mod_tspi.c: LP: #462225
    - fix TPM and string_to_uuid 64bits issue
    - thanks to Janos for the patch
  [ Tyler Hicks ]
  * CONTRIBUTING:
    - clarified how to contribute to the ecryptfs kernel module
  * tests/lib/etl_funcs.sh:
    - created eCryptfs test library of bash functions for use in test
      cases and test harnesses
  * test/etl_add_passphrase_key_to_keyring.c:
    - created a C helper program to allow bash scripts to interface to
      the libecryptfs function that adds passphrase-based keys to the
      kernel keyring
  * tests/kernel/tests.rc, tests/userspace/tests.rc:
    - created a test case category files for test harnesses to source
      when running testcases of a certain category (destructive, safe,
      etc.)
  * tests/run_tests.sh:
    - created a test harness to run eCryptfs test cases
  * tests/kernel/miscdev-bad-count.sh,
    tests/kernel/miscdev-bad-count/test.c:
    - created test case for miscdev issue reported to mailing list
  * tests/kernel/lp-885744.sh:
    - created test case for pathconf bug
  * tests/kernel/lp-926292.sh:
    - created test case for checking stale inode attrs after setxattr
  * tests/new.sh:
    - created new test case template to copy from
  * tests/userspace/verify-passphrase-sig.sh,
    tests/userspace/verify-passphrase-sig/test.c:
    - created test case, for make check, to test the creation of
      passphrase-based fekeks and signatures
  * configure.ac, Makefile.am, tests/Makefile.am, tests/lib/Makefile.am,
    tests/kernel/Makefile.am, tests/userspace/Makefile.am:
    - updated and created autoconf/automake files to build the new tests
      directory
    - added make check target
  [ Eddie Garcia ]
  * img/*: LP: #907131
    - contributing a new set of logos and branding under the CC-by-SA3.0
      license
  [ Colin King ]
  * tests/kernel/extend-file-random.sh,
    tests/kernel/extend-file-random/test.c:
    - Test to randomly extend file size, read/write + unlink
  * tests/kernel/trunc-file.sh, tests/kernel/trunc-file/test.c:
    - Test to exercise file truncation
  * tests/kernel/directory-concurrent.sh,
    tests/kernel/directory-concurrent/test.c:
    - test for directory creation/deletion races with multiple processes
  * tests/kernel/file-concurrent.sh,
    tests/kernel/file-concurrent/test.c:
    - test for file creation/truncation/unlink races with multiple
      processes
  * tests/kernel/inotify.sh, tests/kernel/inotify/test.c:
    - test for proper inotify support
  * tests/kernel/mmap-dir.sh, tests/kernel/mmap-dir/test.c:
    - test that directory files cannot be mmap'ed
  * tests/kernel/read-dir.sh, tests/kernel/read-dir/test.c:
    - test that read() on directory files returns the right error
  * tests/kernel/setattr-flush-dirty.sh:
    - test that the modified timestamp isn't clobbered in writeback
  * tests/kernel/inode-race-stat.sh, tests/kernel/inode-race-stat/test.c:
    - test for inode initialization race condition
  [ Serge Hallyn ]
  * fix infinite loop on arm: fgetc returns an int, and -1 at end of
    options. Arm makes char unsigned. (LP: #884407)
  [ Dustin Kirkland ]
  * debian/compat, debian/control, debian/ecryptfs-utils.install,
    debian/ecryptfs-utils.lintian-overrides,
    debian/libecryptfs0.install, debian/libecryptfs-dev.install,
    debian/lintian/ecryptfs-utils, debian/python-ecryptfs.install,
    debian/rules, debian/source/options, doc/ecryptfs-pam-doc.txt,
    doc/manpage/ecryptfs-setup-private.1, lintian/ecryptfs-utils, ===
    removed directory debian/lintian:
    - merge a bunch of packaging changes from Debian's Daniel Baumann
    - fixes LP: #800647
  * scripts/release.sh:
    - minor release fixes
  [ Dustin Kirkland ]
  * scripts/release.sh:
    - fix release script
    - bump ubuntu release
  * doc/manpage/ecryptfs-recover-private.1, src/utils/ecryptfs-migrate-
    home (properties changed: -x to +x), src/utils/ecryptfs-recover-
    private:
    - add a --rw option for ecryptfs-recover-private
  * src/utils/ecryptfs-migrate-home: LP: #820416
    - show progress on rsync
  * debian/ecryptfs-utils.ecryptfs-utils-restore.upstart,
    debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
    src/utils/ecryptfs-migrate-home,
    src/utils/ecryptfs-setup-private: LP: #883238
    - remove 2 upstart scripts, which attempted to "save" users who didn't
      login after migrating their home; instead, we now require the root
      user to enter user passwords at migration time
  * debian/copyright, debian/ecryptfs-utils.ecryptfs-utils-
    restore.upstart, debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
    doc/manpage/ecryptfs.7, doc/manpage/ecryptfs-add-passphrase.1,
    doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
    mount-private.1, doc/manpage/ecryptfs-recover-private.1,
    doc/manpage/ecryptfs-rewrap-passphrase.1, doc/manpage/ecryptfs-
    rewrite-file.1, doc/manpage/ecryptfs-setup-private.1,
    doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
    doc/manpage/ecryptfs-umount-private.1, doc/manpage/ecryptfs-unwrap-
    passphrase.1, doc/manpage/ecryptfs-wrap-passphrase.1,
    doc/manpage/fr/ecryptfs-add-passphrase.1, doc/manpage/fr/ecryptfs-
    generate-tpm-key.1, doc/manpage/fr/ecryptfs-insert-wrapped-
    passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-mount-private.1,
    doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
    doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
    umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
    doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
    zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
    doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
    doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1,
    src/pam_ecryptfs/pam_ecryptfs.c,
    src/utils/ecryptfs_add_passphrase.c,
    src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    src/utils/ecryptfs-migrate-home, src/utils/ecryptfs-mount-private,
    src/utils/ecryptfs-recover-private,
    src/utils/ecryptfs_rewrap_passphrase.c, src/utils/ecryptfs-rewrite-
    file, src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-
    swap, src/utils/ecryptfs-umount-private,
    src/utils/ecryptfs_unwrap_passphrase.c,
    src/utils/ecryptfs_wrap_passphrase.c:
    - update some email addresses, moving kirkland@canonical.com ->
      kirkland@ubuntu.com (which I can still read)
  * src/libecryptfs/key_management.c: LP: #715066
    - fix 2 places where we were handling
      ecryptfs_add_passphrase_key_to_keyring() inconsistently
    - if we're trying to add a key to the keyring, and it's already there,
      treat that as "success"
  * debian/control:
    - ecryptfs-setup-swap is strongly recommended, which depends on
      cryptsetup; so promote cryptsetup from suggests -> recommends
  [ Stephan Ritscher and Tyler Hicks ]
  * src/libecryptfs/cmd_ln_parser.c: LP: #683535
    - fix passphrase_passwd_fd for pipes
    - handle memory allocation failures
    - free memory in error paths
  [ Arfrever Frehtes Taifersar Arahesis ]
  * configure.ac: LP: #893327
    - no need to check for python, if --disable-pywrap is passed
  * src/utils/ecryptfs-verify, src/utils/Makefile.am:
    - add an ecryptfs-verify utility, LP: #845738
  * src/testcases/write-read.sh:
    - added a write/read test utility
  * doc/manpage/ecryptfs-mount-private.1, doc/manpage/ecryptfs-setup-
    private.1, doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/umount.ecryptfs_private.1: LP: #882267
    - remove inaccurate documentation about being a member of the ecryptfs
      group
  * src/utils/ecryptfs-setup-private: LP: #882314
    - fix preseeded encrypted home Ubuntu installations (thanks Timo!)
  * src/libecryptfs/key_management.c: LP: #725862
    - fix nasty bug affecting users who do *not* encrypt filenames;
      the first login works, but on logout, only one key gets
      cleaned out; subsequent logins do not insert the necessary key
      due to an early "goto out"; this fix needs to be SRU'd
  * debian/rules: LP: #586281
    - fix perms on desktop mount file
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #838471
    - rework syslogging to be less noisy and note pam_ecryptfs
  [ Diego E. "Flameeyes" Pettenò ]
  * configure.ac:
    - fix reliance on nss-config, which hinders cross-compilation
  [ Marc Deslauriers ]
  * src/utils/mount.ecryptfs_private.c:
  * SECURITY UPDATE: wrong mtab ownership and permissions (LP: #830850)
    - debian/patches/CVE-2011-3145.patch: also set gid and umask before
      updating mtab in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-3145
  [ Marc Deslauriers ]
  * SECURITY UPDATE: privilege escalation via mountpoint race conditions
    (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
      before checking permissions in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1831
    - CVE-2011-1832
  * SECURITY UPDATE: race condition when checking source during mount
    (LP: #732628)
    - debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
      kernel option when mounting directory in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1833
  * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
      file first and make sure it succeeds before replacing the real mtab
      in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1834
  * SECURITY UPDATE: key poisoning via insecure temp directory handling
    (LP: #732628)
    - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
      user controlled directory in src/utils/ecryptfs-setup-private.
    - CVE-2011-1835
  * SECURITY UPDATE: information disclosure via recovery mount in /tmp
    (LP: #732628)
    - debian/patches/CVE-2011-1836.patch: mount inside protected
      subdirectory in src/utils/ecryptfs-recover-private.
    - CVE-2011-1836
  * SECURITY UPDATE: arbitrary file overwrite via lock counter race
    condition (LP: #732628)
    - debian/patches/CVE-2011-1837.patch: verify permissions with a file
      descriptor, and don't follow symlinks in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1837
  [ Dustin Kirkland ]
  * debian/control:
    - add missing build dependency needed for release
  * doc/manpage/ecryptfs-wrap-passphrase.1: fix minor error in manpage
  * src/desktop/ecryptfs-find, src/desktop/Makefile.am: LP: #799157
    - add a tool, /usr/share/ecryptfs-utils/ecryptfs-find that can
      help find cleartext/encrypted filenames by inode number
  * src/desktop/ecryptfs-find:
    - test file exists first; ditch the match;
      search all ecryptfs mounts that user can read/traverse
  * debian/ecryptfs-utils.links:
    - add a symlink for Ubuntu
  * scripts/release.sh:
    - improve release script
  [ Serge Hallyn ]
  * Fix from Christophe Dumez: mount.ecryptfs_private: Do not attempt to
    update mtab if it is a symbolic link. (LP: #789888)
  * src/utils/mount.ecryptfs_private.c:
    - reduce the window size for the TOCTOU race;
      does not entirely solve LP: #732628, which is going to need to be
      fixed in the kernel with some heavy locking
  * debian/control: update urls
  * src/utils/ecryptfs-mount-private: LP: #725862
    - fix ecryptfs-mount-private to insert only the fek, if filename
      encryption is disabled
  [ Paolo Bonzini <pbonzini@redhat.com> ]
  * src/utils/ecryptfs-setup-private: update the Private.* selinux
    contexts
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-private:
    - add -p to mkdir, address noise for a non-error
    - must insert keys during testing phase, since we remove keys on
      unmount now, LP: #725862
  * src/utils/ecryptfs_rewrap_passphrase.c: confirm passphrases in
    interactive mode, LP: #667331
  [ Jakob Unterwurzacher ]
  * src/pam_ecryptfs/pam_ecryptfs.c:
    - check if this file exists and ask the user for the wrapping passphrase
      if it does
    - eliminate both ecryptfs_pam_wrapping_independent_set() and
      ecryptfs_pam_automount_set() and replace with a reusable
      file_exists_dotecryptfs() function
  [ Serge Hallyn and Dustin Kirkland ]
  * src/utils/mount.ecryptfs_private.c:
    - support multiple, user configurable private directories by way of
      a command line "alias" argument
    - this "alias" references a configuration file by the name of:
      $HOME/.ecryptfs/alias.conf, which is in an fstab(5) format,
      as well as $HOME/.ecryptfs/alias.sig, in the same format as
      Private.sig
    - if no argument specified, the utility operates in legacy mode,
      defaulting to "Private"
    - rename variables, s/dev/src/ and s/mnt/dest/
    - add a read_config() function
    - add an alias char* to replace the #defined ECRYPTFS_PRIVATE_DIR
    - this is half of the fix to LP: #615657
  * doc/manpage/mount.ecryptfs_private.1: document these changes
  * src/libecryptfs/main.c, src/utils/mount.ecryptfs_private.c:
    - allow umount.ecryptfs_private to succeed when the key is no
      longer in user keyring.
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-recover-private: clean sigs of invalid characters
  * src/utils/mount.ecryptfs_private.c:
    - fix bug LP: #313812, clear used keys on unmount
    - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from
      umount.ecryptfs behave similarly
    - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek
  [ presgas@gmail.com ]
  * src/utils/ecryptfs-migrate-home:
    - support user databases outside of /etc/passwd, LP: #627506
  * src/desktop/ecryptfs-record-passphrase: fix typo, LP: #524139
  * debian/rules, debian/control:
    - disable the gpg key module, as it's not yet functional
    - clean up unneeded build-deps
    - also, not using opencryptoki either
  * doc/manpage/ecryptfs.7: fix minor documentation bug, reported by
    email by Jon 'maddog' Hall
  * doc/manpage/ecryptfs-recover-private.1, doc/manpage/Makefile.am,
    po/POTFILES.in, src/utils/ecryptfs-recover-private,
    src/utils/Makefile.am: add a utility to simplify data recovery
    of an encrypted private directory from a Live ISO, LP: #689969
  [ David Planella ]
  * Makefile.am, configure.ac, debian/control, debian/po/POTFILES.sh,
    debian/po/ecryptfs-utils.pot, debian/po/fr.po, debian/rules,
    po/POTFILES.in, src/desktop/Makefile.am,
    src/desktop/ecryptfs-mount-private.desktop,
    src/desktop/ecryptfs-mount-private.desktop.in,
    src/desktop/ecryptfs-record-passphrase,
    src/desktop/ecryptfs-setup-private.desktop,
    src/desktop/ecryptfs-setup-private.desktop.in:
    - internationalization work for LP: #358283
  * po/LINGUAS, po/ca.po: Catalan translation
  [ Yan Li <yan.i.li@intel.com> ]
  * src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/ecryptfs-migrate-home: add a script and pam hooks to
    support automatic migration to encrypted home directory
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-migrate-home: clean up for merge
    - use $() rather than ``
    - drop set -u
    - use = and !=, and quote vars, rather than testing with -ne, -eq,
      for better shell portability
    - improve usage statement and error text
    - check if already encrypted
    - handle migration of multiple users on boot
    - fix all whitespace, use tabs for indents
    - use quotes around variables, rather than ${} (stylistic preference)
    - major simplification for immediate release
      + remove boot and user modes; only support administrator mode for
        security reasons and to avoid race conditions
      + other modes can be re-added, if necessary, and if security
        concerns can be addressed
    - ensure running as root
    - drop VERBOSE option, always print useful info messages
    - call the user $USER_NAME rather than $USER_ID since id implies
      number, and here we're deailing with names
    - no decimals on awk calculation
    - mktemp on the target user, not root
    - check that there is enough disk space available to do the migration
    - ensure the user's homedir group is correct
    - add critical instructions, user *must* login after the migration and
      before the reboot, as their wrapped passphrase will be cleared on
      reboot (possible we should use an init script to move these to
      /var/tmp on reboot)
    - ensure permissions are set correctly
    - improve text at the end of the migration, organize into notes
  * ecryptfs-utils.ecryptfs-utils-restore.upstart,
    ecryptfs-utils.ecryptfs-utils-save.upstart, rules:
    - try to protect migrating users who don't login before the next reboot
  * debian/ecryptfs-utils.install: install the locale messages
  * src/desktop/ecryptfs-record-passphrase: improve dialog text
  * src/desktop/ecryptfs-record-passphrase: revert the _ bit, as it's not quite
    working yet, will need to talk to David to fix
  * src/utils/ecryptfs-setup-private: fix bug where setup-private
    incorrectly assumed that the home/private dir ownerships should
    be owned by USER:USER; instead, default to USER:GROUP, where
    GROUP is the USER's primary group by default, LP: #445301
  * src/utils/ecryptfs-setup-private, debian/control: LP: #456565
    - fix typo, s/getext/gettext
    - depend on gettext-base
  * src/utils/ecryptfs-setup-private: fix printing of error strings,
    which was broken by the gettext integration, LP: #471725;
    in doing so, use $() in place of ``, use '' for gettext arguments,
    and wrap gettext in "", like this: foo="$(gettext 'blah blah')"
  * debian/control: one package per line, helps tremendously when looking
    at diffs
  * debian/copyright: Add new fields
  * debian/ecryptfs-utils.postinst: minor set -e change
  [ Michael Terry ]
  * src/utils/ecryptfs-setup=swap: clean up some error message reporting,
    LP: #430891, #430890
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs.7: note the 64-char passphrase limit, LP: #386504
  * src/utils/ecryptfs-setup-private: minor documentation change
  [ Evan Dandrea ]
  * src/utils/ecryptfs-setup-swap: allow for setting up encrpyted swap,
    without activating it immediately, necessary for livecd installations
  [ Dustin Kirkland ]
  * debian/control: updated bzr and browser urls, bumped standards version
  * src/pam_ecryptfs/pam_ecryptfs.c: silence useless, oft-shown info
    message
  * src/utils/ecryptfs-mount-private, src/utils/ecryptfs-rewrite-file,
    src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-swap,
    src/utils/ecryptfs-umount-private: use gettext for all string printing,
    such that we can internationalize ecryptfs
  * po/POTFILES.sh, po/ecryptfs-utils.pot, po/fr.po, rules: add po to the
    build system; for now, in the debian/ directory; this should be put in
    the upstream source tree eventually (but I need some help with the
    automake/autoconf integration)
  * ecryptfs-setup-swap: exit(0) if there's no swaps to encrypt, ensures
    that this script succeeds if there is no swap space that needs to be
    secured, or if the existing swap space is already secured
  * doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
    doc/manpage/umount.ecryptfs.8, doc/manpage/Makefile.am: added manpagess
  * doc/manpage/ecryptfs.7: fix lintian warning
  * debian/lintian/ecryptfs-utils: added a lintian overrides file
  * debian/lintian/ecryptfs-utils, debian/ecryptfs-utils.install: add and
    install some proper lintian overrides
  * src/libecryptfs/module_mgr.c: fix typo, LP: #408437
  [ Evan Dandrea ]
  * ecryptfs-setup-swap: support more than one encrypted swap device
  [ Dorin Scutarașu ]
  * src/libecryptfs/key_management.c: fix null pointer deref, LP: #409565
  [ James Westby ]
  * src/libecryptfs/main.c flockfile the filehandle after checking that
    we were able to successfully open it (LP: #403011)
  * debian/libecryptfs0.shlibs: bump shlibs dep to 77 since we added new
    symbols there
  [ Dustin Kirkland ]
  * src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c:
    revert the zombie code removal from pam_ecryptfs as it seems this
    bit is still needed; fix the source of the problem introduced in
    commit r407; check for non-zero return codes; this problem would
    manifest itself as a) unable to unlock screensaver, b) unable to
    switch users, c) unable to mount home folder on initial login;
    LP: #402222, #402029
  * src/utils/ecryptfs-umount-private: use for loop to loop over key
    ids on removal
  * src/utils/mount.ecryptfs_private.c: return non-zero on unmount failure
    due to open sessions; handle this in ecryptfs-umount-private too; make
    the flock() blocking; use /dev/shm for counter; add an iterator to the
    counter file to prevent users from DoS'ing one another from accessing
    their encrypted directories, LP: #402745
  * debian/ecryptfs-utils.postinst: move /tmp counters to /dev/shm
  * configure.ac: link against pam, silence shlib warning
  * src/include/ecryptfs.h, src/libecryptfs/main.c,
    src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/mount.ecryptfs_private.c: move two functions from
    mount.ecryptfs_private to libecryptfs, namely is_mounted() and
    fetch_private_mnt(); use these in both pam_ecryptfs and
    mount.ecryptfs_private; also move PRIVATE to ECRYPTFS_PRIVATE in
    the ecryptfs.h headers; this will allow us to short-circuit some of the
    costly key-loading code on pam_auth if the private dir is already
    mounted, speeding up some subsequent authentications significantly,
    LP: #402748
  * doc/ecryptfs-mount-private.txt: removed the "$" to make copy-n-paste
    more user friendly
  * src/utils/ecryptfs-setup-private: when encrypting home, put the
    .ecryptfs and .Private data in /home/.ecryptfs rather than /var/lib,
    as users are forgetting to backup /var/lib, and are often putting
    /home on a separate partition; furthermore, this gives users a place
    to access their encrypted data for backup, rather than hiding the
    data below $HOME, LP: #371719
  [ Tyler Hicks ]
  * src/libecryptfs/cipher_list.c, src/libecryptfs/module_mgr.c:
    add blowfish/56-bytes to the list of ciphers we officially support,
    LP: #402790
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-swap: switch from vol_id to blkid,
    LP: #376486
  * debian/ecryptfs-utils.postinst, src/utils/ecryptfs-setup-private:
    don't echo mount passphrase if running in bootstrap mode; prune
    potential leakages from install log, LP: #383650
  * SECURITY UPDATE: mount passphrase recorded in install log (LP: #383650).
    - debian/ecryptfs-utils.postinst: prune private information from
      installer log
    - src/utils/ecryptfs-setup-private: don't echo passphrase if running in
      bootstrap mode
    - CVE-2009-1296
  * src/utils/ecryptfs-setup-private: make some of the lanuage more readable,
    (thanks, anrxc)
  * README, configure.ac, debian/control, debian/rules,
    doc/sourceforge_webpage/README, src/libecryptfs-swig/libecryptfs.py,
    src/libecryptfs-swig/libecryptfs_wrap.c,
    src/libecryptfs/key_management.c, src/libecryptfs/libecryptfs.pc.in,
    src/libecryptfs/main.c, src/pam_ecryptfs/Makefile.am,
    src/utils/manager.c, src/utils/mount.ecryptfs.c: move build from gcrypt
    to nss (this change has been pending for some time)
  * src/utils/ecryptfs-dot-private: dropped, was too hacky
  * ecryptfs-mount-private.1, ecryptfs-setup-private.1: align the
    documentation and implementation of the wrapping-independent feature,
    LP: #383746
  * src/utils/ecryptfs-umount-private: use keyctl list @u, since keyctl show
    stopped working, LP: #400484, #395082
  * src/utils/mount.ecryptfs_private.c: fix counter file locking; solves
    a longstanding bug about "random" umount caused by cronjobs, LP: #358573
  [ Michal Hlavinka (edits by Dustin Kirkland) ]
  * doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs.7,
    doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/umount.ecryptfs_private.1: documentation updated to note
    possible ecryptfs group membership requirements; Fix ecrypfs.7 man
    page and key_mod_openssl's error message; fix typo
  * src/libecryptfs/decision_graph.c: put a finite limit (5 tries) on
    interactive input; fix memory leaks when asking questions
  * src/libecryptfs/module_mgr.c: Don't error out with EINVAL when
    verbosity=0 and some options are missing.
  * src/utils/umount.ecryptfs.c: no error for missing key when removing it
  * src/libecryptfs-swig/libecryptfs.i: fix compile werror, cast char*
  * src/utils/ecryptfs_add_passphrase.c: fix/test/use return codes;
    return nonzero for --fnek when not supported but used
  * src/include/ecryptfs.h, src/key_mod/ecryptfs_key_mod_openssl.c,
    src/libecryptfs/module_mgr.c: refuse mounting with too small rsa
    key (key_mod_openssl)
  * src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c: fix return
    codes
  * src/utils/ecryptfs-rewrite-file: polish output
  * src/libecryptfs/key_management.c: inform about full keyring; insert fnek
    sig into keyring if fnek support check fails; don't fail if key already
    exists in keyring
  * src/utils/ecryptfs-setup-private: if the ecryptfs group exists, restrict
    ecryptfs-setup-private to members of this group
  * src/pam_ecryptfs/pam_ecryptfs.c: dynamically load ecryptfs module by
    checking ecryptfs version
  * src/libecryptfs/decision_graph.c, src/utils/io.c,
    src/utils/mount.ecryptfs.c: fix EOF handling, LP: #371587
  * src/desktop/Makefile.am: make desktop files trusted, LP: #371426
  [ Dustin Kirkland and Daniel Baumann ]
  * debian/control, debian/copyright, debian/ecryptfs-utils.dirs,
    debian/ecryptfs-utils.install, debian/ecryptfs-utils.postinst,
    debian/rules, ecryptfs-utils.pam-auth-update: sync Ubuntu's
    packaging with Debian; drop dpatch, drop libssl build dep, clean
    up extraneous debhelper bits, match cflags; remaining diff is only
    ecryptfs-utils.prerm
  [ Arfrever Frehtes Taifersar Arahesis ]
  * key_mod/ecryptfs_key_mod_gpg.c,
    key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    libecryptfs/key_management.c, utils/ecryptfs_unwrap_passphrase.c:
    Fix warnings, initialize a few variables, drop unused ones
  [ David Hicks ]
  * src/lib/key_management.c: fix stray semicolon that prevents .ecryptfsrc
    files from working properly, LP: #372709
  [ Michael Rooney ]
  * src/python/ecryptfsapi.py: added python api
  [ Dustin Kirkland ]
  * debian/rules: drop hackery that moves stuff /usr/share/ecryptfs-utils
  * src/utils/mount.ecryptfs_private.c: update inline documentation
  * debian/changelog, src/libecryptfs/cmd_ln_parser.c,
    src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c,
    src/utils/ecryptfs_add_passphrase.c,
    src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    src/utils/ecryptfs_rewrap_passphrase.c,
    src/utils/ecryptfs_unwrap_passphrase.c,
    src/utils/ecryptfs_wrap_passphrase.c: silence some useless logging,
    LP: #313330
  * include/ecryptfs.h, libecryptfs/key_management.c,
    utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    utils/ecryptfs_unwrap_passphrase.c: if the file to unwrap is
    unspecified, try to use the default ~/.ecryptfs/wrapped-passphrase
    before bailing out, LP: #359997
  * src/utils/ecryptfs-setup-private: unix_chkpwd is not always present
    (eg, gentoo), LP: #332341
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7: ecryptfs_encrypted_view option desription
    was wrong LP: #328761
  [ Michal Hlavinka ]
  * decision_graph.c: fix uninitialized return code
  * mount.ecryptfs.c: don't pass verbosity option to kernel
  [ anrxc & Dustin Kirkland ]
  * doc/Makefile.am, src/desktop/Makefile.am: fix automake installation from
    /usr/share to /usr/share/ecryptfs-utils
  [ Daniel Baumann & Dustin Kirkland ]
  * debian/rules, debian/control: sync differences between Debian & Ubuntu's
    packaging
  [ Arfrever Frehtes Taifersar Arahesis ]
  * src/key_mod/ecryptfs_key_mod_gpg.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c: fix implicit declations
  [ Frédéric Guihéry ]
  * key_mod/ecryptfs_key_mod_tspi.c, utils/ecryptfs_generate_tpm_key.c:
    the SRK password should be set to 20 bytes of NULL (wellknown
    password), in order for different tools to request key protection
    with the Storage Root Key
  [ Michal Hlavinka ]
  * Changes for RH/Fedora release
    - change error codes to be more descriptive
    - decision_graph.h, *: change definition of node return codes to positive
      values
    - mount.ecryptfs.c: insist for yes/no answer for unkown sigs
    - don't print error for removing key from keyring if it succeeded
    - module_mgr.c: insist on yes/no answer
    - use ECRYPTFS_NONEMPTY_VALUE_REQUIRED where reasonable
    - pam_ecryptfs.c: don't try to unwrap key for users not using pam mounting
    - add verbosity to man page
    - decision_graph.* : add ECRYPTFS_NONEMPTY_VALUE_REQUIRED flag for nodes
    - decision_graph.* : add WRONG_VALUE return code to nodes for asking
      question again
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-private: fix bug in grep when running with LANG
    in other locales, LP: #347969
  * doc/manpage/ecryptfs.7: add notes about verbose option
  * src/desktop: add the desktop files to the dist tarball
  * src/utils/ecryptfs-dot-private: sourceable file for accessing your
    encrypted data; useful for conducting backups
  [ Martin Pitt and Dustin Kirkland ]
  Reworked the fixes for LP: #352307, remind user to record their passphrase
  * src/desktop/ecryptfs-record-passphrase: run if
    ~/.ecryptfs/.wrapped-passphrase.recorded does NOT exist; touch that
    file upon successful run of unwrap passphrase
  * debian/patches/00list,
    debian/patches/update-notifier-remind-passphrase.dpatch: dropped, since
    this was moved into PAM

ubuntu/utopic 2014-01-23 22:58:23 UTC 2014-01-23
Import patches-unapplied version 104-0ubuntu1 to ubuntu/trusty-proposed

Author: Nobuto Murata
Author Date: 2013-02-20 16:56:33 UTC

Import patches-unapplied version 104-0ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: dd52703b628dbc7ba718e7d068506782c275f428

New changelog entries:
  [ Colin King ]
  * src/libecryptfs/ecryptfs-stat.c, tests/kernel/extend-file-
    random/test.c, tests/kernel/inode-race-stat/test.c,
    tests/kernel/trunc-file/test.c:
    - Fixed some 32 bit build warnings
  * src/libecryptfs/decision_graph.c, src/libecryptfs/key_management.c,
    src/libecryptfs/main.c, src/libecryptfs/module_mgr.c, src/utils/io.c,
    src/utils/mount.ecryptfs_private.c, tests/kernel/inotify/test.c,
    tests/kernel/trunc-file/test.c, tests/userspace/wrap-unwrap/test.c:
    - Fixed a pile of minor bugs (memory leaks, unclosed file descriptors,
      etc.) mostly in error paths
  * src/key_mod/ecryptfs_key_mod_passphrase.c, src/libecryptfs/main.c,
    src/pam_ecryptfs/pam_ecryptfs.c:
    - more Coverity fixes, memory leak, error checking, etc.
  [ Nobuto MURATA ]
  * fix an empty update-notifier window (LP: #1107650)
    - changes made in Rev.758 was incomplete
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7:
    - adjust man page text to avoid confusion about whether the interactive
      mount helper takes a capital 'N' for the answer to y/n questions
      (LP: #1130460)
  * src/utils/ecryptfs_rewrap_passphrase.c:
    - Handle errors when interactively reading the new wrapping passphrase
      and the confirmation from stdin. Fixes a segfault (invalid memory read)
      in ecryptfs-rewrap-passphrase if there was an error while reading either
      of these passphrases.
  * configure.ac:
    - Set AM_CPPFLAGS to always include config.h as the first include file.
      Some .c files correctly included config.h before anything else. The
      majority of .c files got this wrong by including it after other header
      files, including it multiple times, or not including it at all.
      Including it in the AM_CPPFLAGS should solve these problems and keep
      future mistakes from happening in new source files.
    - Enable large file support (LFS) through the use of the AC_SYS_LARGEFILE
      autoconf macro. ecryptfs-utils has been well tested with LFS enabled
      because ecryptfs-utils is being built with
      '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' in Debian-based distros.
      This is mainly needed for some of the in-tree regression tests but
      ecryptfs-utils, in general, should be built with LFS enabled.
  * debian/rules:
    - Don't append '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' to the CFLAGS
      now that the upstream build enables LFS
  * tests/userspace/lfs.sh, tests/userspace/lfs/test.c:
    - Add a test to verify that LFS is enabled. This test is run under the
      make check target.
  * tests/kernel/enospc/test.c:
    - Fix test failures on 32 bit architectures due to large file sizes
      overflowing data types
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-swap: LP: #1172014
    - write crypttab entry using UUID
  * src/utils/ecryptfs-recover-private: LP: #1028532
    - error out, if we fail to mount the private data correctly
  [ Colin King and Dustin Kirkland ]
  * configure.ac, src/daemon/main.c, src/libecryptfs/cmd_ln_parser.c,
    src/libecryptfs/decision_graph.c, src/utils/mount.ecryptfs.c,
    tests/kernel/trunc-file/test.c:
    - remove some dead code, fix some minor issues raised by Coverity
  [ Tyler Hicks ]
  * debian/rules:
    - Use dpkg-buildflags to inject distro compiler hardening flags into the
      build. This also fixes the hardening-no-fortify-functions lintian
      warnings.
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
    doc/manpage/ecryptfs-find.1, doc/manpage/ecryptfs-generate-tpm-
    key.1, doc/manpage/ecryptfs-insert-wrapped-passphrase-into-
    keyring.1, doc/manpage/ecryptfs-manager.8, doc/manpage/ecryptfs-
    migrate-home.8, doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
    passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
    swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
    private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
    doc/manpage/ecryptfs-verify.1, doc/manpage/ecryptfs-wrap-
    passphrase.1, doc/manpage/Makefile.am, doc/manpage/mount.ecryptfs.8,
    doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
    doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1, src/desktop/ecryptfs-find =>
    src/utils/ecryptfs-find, src/desktop/Makefile.am,
    src/utils/Makefile.am:
    - add 3 new manpages, for ecryptfs-find, ecryptfs-verify, and
      ecryptfs-migrate-home
    - Add SEE ALSO section to manpages which were missing it
    - Mention "Debian and Ubuntu" in license location
    - move the ecryptfs-find utility to the proper location in src/utils
  * src/utils/Makefile.am:
    - fix broken build
  * debian/ecryptfs-utils.links:
    - link no longer needed for ecryptfs-find
  [ Colin King ]
  * === added directory tests/kernel/mmap-bmap, === added directory
    tests/kernel/xattr, tests/kernel/link.sh, tests/kernel/Makefile.am,
    tests/kernel/mknod.sh, tests/kernel/mmap-bmap.sh, tests/kernel/mmap-
    bmap/test.c, tests/kernel/tests.rc, tests/kernel/xattr.sh,
    tests/kernel/xattr/test.c:
    - ran the current eCryptfs tests on 3.8-rc4 with kernel gcov enabled
      and spotted a few trivial areas where it would be useful to up the
      test coverage on the code
    - so here are a few very simple additional tests to exercise eCryptfs
      a little further
  [ Dustin Kirkland ]
  * debian/control:
    - bump standards, no change
  [ Tyler Hicks ]
  * autogen.sh, scripts/release.sh, Makefile.am:
    - Break out the autoreconf and intltoolize commands from release.sh into
      an executable autogen.sh
    - Use the --copy option when invoking intltoolize
    - Include the new autogen.sh script in the release tarball
  * debian/rules, debian/control:
    - Use dh-autoreconf so that upstream sources can easily be used to build
      packages for all the stable Ubuntu releases in the ecryptfs-utils daily
      build PPA
    - Override the dh_autoreconf target by running the autogen.sh script
    - Drop Build-Depends on autotools-dev since dh-autoreconf is a superset of
      autotools-dev
    - Drop Build-Depends on autoconf, automake, and libtool since
      dh-autoreconf depends on all of these packages
  * m4/ac_python_devel.m4:
    - Fix FTBFS in Raring Ringtail due to multiarch Python. Be sure to include
      platform specific Python include directions in SWIG_PYTHON_CPPFLAGS.
  * src/utils/mount.ecryptfs_private.c:
    - Fix conditionals when checking whether to remove authentication tokens
      from the kernel keyring upon umount. This conditional was incorrectly
      modified in ecryptfs-utils-101, yet the authentication tokens still seem
      to be removed from the kernel keyring so it isn't clear if there was
      actually a user-facing regression.
    - Pass the FEKEK sig, rather than the FNEK sig, to
      ecryptfs_private_is_mounted()
    - Restore behavior of not printing error messages to syslog when
      unmounting and keys cannot be found in the kernel keyring.
    - Restore behavior of printing a useful error message about
      ecryptfs-mount-private when mounting and keys cannot be found in the
      kernel keyring
    - Fix memory leak and clean up free()'s in an error path
    - Use pointer assignment tests, rather than strlen(), to determine which
      key signatures were fetched
  * src/daemon/main.c, src/include/ecryptfs.h,
    src/libecryptfs/{Makefile.am,messaging.c,miscdev.c,netlink.c,sysfs.c},
    doc/manpage/ecryptfsd.8, doc/design_doc/ecryptfs_design_doc_v0_2.tex:
    - Remove netlink messaging interface support
    - Netlink messaging support was superceded by the miscdev interface
      (/dev/ecryptfs) in upstream kernel version 2.6.26 in July, 2008
    - Netlink messaging support was completely removed from the upstream
      kernel starting with version 2.6.32 in December, 2009
  * src/jprobes/*, scripts/delete-cruft.sh:
    - Remove all jprobes code, as I don't use jprobes to debug eCryptfs kernel
      issues and I don't like the idea of maintaining these jprobes outside of
      the kernel tree
  * src/escrow/*:
    - Remove all escrow code, as it isn't used or maintained
  * tests/kernel/llseek.sh, tests/kernel/llseek/test.c,
    tests/userspace/wrap-unwrap.sh, tests/userspace/wrap-unwrap/test.c:
    - Migrate some old testcases over to the modern test framework
  * tests/lib/etl_funcs.sh:
    - Update etl_create_test_dir() to allow a parent directory to be specified
      when creating the directory
  * src/testcases:
    - Delete old testcases that were either too basic, covered by more
      extensive tests in the modern test framework, or just didn't work
  [ Nobuto MURATA ]
  * src/desktop/ecryptfs-record-passphrase:
  [ Eric Lammerts ]
  * src/libecryptfs/sysfs.c: LP: #1007880
    - Handle NULL mnt pointer when sysfs is not mounted
  [ Tyler Hicks ]
  * src/utils/ecryptfs-migrate-home: LP: #1026180
    - Correct minor misspelling
  * src/utils/ecryptfs-recover-private: LP: #1004082
    - Fix option parsing when --rw is specified
  * src/utils/ecryptfs-recover-private: LP: #1028923
    - Simplify success message to prevent incorrectly reporting that a
      read-only mount was performed when the --rw option is specified
  * tests/lib/etl_func.sh:
    - Add test library function to return a lower path from an upper path,
      based on inode numbers
  * tests/kernel/mmap-close.sh, tests/kernel/mmap-close/test.c:
    - Add regression test for open->mmap()->close()->dirty memory->munmap()
      pattern
  * tests/kernel/lp-561129.sh:
    - Add test for checking that a pre-existing target inode is properly
      evicted after a rename
  * tests/README:
    - Add documentation on the steps to take when adding new test cases
  [ Colin King ]
  * tests/kernel/lp-911507.sh:
    - Add test case for initializing empty lower files during open()
  * tests/kernel/lp-872905.sh:
    - Add test case to check for proper unlinking of lower files when
      lower file initialization fails
  * src/key_mod/ecryptfs_key_mod_openssl.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    src/libecryptfs/key_management.c,
    src/utils/mount.ecryptfs_private.c, src/utils/umount.ecryptfs.c:
    - address some issues raised by smatch static analysis
    - fix some memory leaks with frees
    - fix some pointer refs and derefs
    - fix some comment typos
  [ Dustin Kirkland ]
  * src/libecryptfs/key_management.c:
    - silence pam error message when errno == EACCES
      + "Error attempting to parse .ecryptfsrc file; rc = [-13]"
  * src/utils/mount.ecryptfs_private.c: LP: #1052038
    - fix race condition, which typically manifests itself with a user
      saying that their home directory is not accessible, or that their
      filenames are not decrypted
    - the root of the problem is that we were reading the signature file,
      ~/.ecryptfs/Private.sig, twice; in some cases, the first one succeeds,
      so the file encryption signature is read and key is loaded, but then
      some other process (usually from PAM, perhaps a cron job or a
      subsequent login) mounts the home directory before the filename
      encryption key is loaded; thus, $HOME is mounted but filenames are
      not decrypted, so the second read of ~/.ecryptfs/Private.sig fails
      as that file is not found
    - the solution is to rework the internal fetch_sig() function and read
      one or both signatures within a single open/read/close operation of
      the file
    - free memory used by char **sig on failure
  * debian/copyright:
    - fix lintian warning
  [ Tyler Hicks ]
  * src/pam_ecryptfs/pam_ecryptfs.c, src/libecryptfs/key_management.c:
      LP: #1024476
    - fix regression introduced in ecryptfs-utils-99 when Encrypted
      Home/Private is in use and the eCryptfs kernel code is compiled as a
      module
    - drop check for kernel filename encryption support in pam_ecryptfs, as
      appropriate privileges to load the eCryptfs kernel module may not be
      available and filename encryption has been supported since 2.6.29
    - always add filename encryption key to the kernel keyring from pam_mount
  [ Colin King ]
  * tests/kernel/inode-race-stat/test.c:
    - limit number of forks based on fd limits
  * tests/kernel/enospc.sh, tests/kernel/enospc/test.c,
    tests/kernel/Makefile.am, tests/kernel/tests.rc:
    - add test case for ENOSPC
  [ Tim Harder ]
  * m4/ac_python_devel.m4: LP: #1029217
    - proplery save and restore CPPFLAGS and LIBS when python support is
      enabled
  [ Dustin Kirkland ]
  * debian/ecryptfs-utils.postinst: LP: #936093
    - ensure desktop file is executable
  [ Wesley Wiedenmeier ]
  * src/utils/mount.ecryptfs.c: LP: #329264
    - remove old hack, that worked around a temporary kernel regression;
      ensure that all mount memory is mlocked
  [ Sebastian Krahmer ]
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #732614
    - drop group privileges in the same places that user privileges are
      dropped
    - check return status of setresuid() calls and return if they fail
    - drop privileges before checking for the existence of
      ~/.ecryptfs/auto-mount to prevent possible file existence leakage
      by a symlink to a path that typically would not be searchable by
      the user
    - drop privileges before reading salt from the rc file to prevent the
      leakage of root's salt and, more importantly, using the incorrect salt
    - discovered, independently, by Vasiliy Kulikov and Sebastian Krahmer
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #1020904
    - after dropping privileges, clear the environment before executing the
      private eCryptfs mount helper
    - discovered by Sebastian Krahmer
  * src/utils/mount.ecryptfs_private.c: LP: #1020904
    - do not allow private eCryptfs mount aliases to contain ".." characters
      as a preventative measure against a crafted file path being used as an
      alias
    - force the MS_NOSUID mount flag to protect against user controlled lower
      filesystems, such as an auto mounted USB drive, that may contain a
      setuid-root binary
      + CVE-2012-3409
    - force the MS_NODEV mount flag
    - after dropping privileges, clear the environment before executing umount
    - discovered by Sebastian Krahmer
  [ Tyler Hicks ]
  * src/libecryptfs/key_management.c: LP: #732614
    - zero statically declared buffers to prevent the leakage of stack
      contents in the case of a short file read
    - discovered by Vasiliy Kulikov
  * src/libecryptfs/module_mgr.c, src/pam_ecryptfs/pam_ecryptfs.c:
    - fix compiler warnings
  [ Dustin Kirkland ]
  * debian/ecryptfs-utils.prerm:
    - drop the pre-removal ERRORs down to WARNINGs
    - these have caused a ton of trouble; whatever is causing ecryptfs-utils
      to be marked for removal should be fixed; but ecryptfs exiting 1 seems
      to be causing more trouble than it's worth
    - LP: #871021, #812270, #988960, #990630, #995381, #1010961
  * doc/ecryptfs-faq.html:
    - update the frequently asked questions, which haven't seen much
      attention in a while now
    - drop a few references to sourceforge
  * doc/ecryptfs-pam-doc.txt, doc/manpage/fr/ecryptfs-add-passphrase.1,
    doc/manpage/fr/ecryptfs-generate-tpm-key.1, doc/manpage/fr/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-
    mount-private.1, doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
    doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
    umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
    doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
    zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
    doc/sourceforge_webpage/ecryptfs-article.pdf,
    doc/sourceforge_webpage/ecryptfs_design_doc_v0_1.pdf,
    doc/sourceforge_webpage/ecryptfs-faq.html,
    doc/sourceforge_webpage/ecryptfs-key-diagram-356.png,
    doc/sourceforge_webpage/ecryptfs-key-diagram-640.png,
    doc/sourceforge_webpage/ecryptfs-pageuptodate-call-graph.png,
    doc/sourceforge_webpage/ecryptfs-pam-doc.txt,
    doc/sourceforge_webpage/ecryptfs.pdf,
    doc/sourceforge_webpage/index.html, doc/sourceforge_webpage/README,
    === removed directory doc/manpage/fr, === removed directory
    doc/sourceforge_webpage, rpm/ecryptfs-utils.spec:
    - remove some deprecated documentation
    - fish it out of bzr, if we ever need it again, but let's
      quit publishing it in our release tarballs
  [ Kees Cook ]
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #938326
    - exit, rather than return to prevent duplicate processes
  [ Andreas Raster ]
  * src/desktop/ecryptfs-find:
    - $mounts was quoted once too often
  [ George Wilson ]
  * src/key_mod/ecryptfs_key_mod_openssl.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    src/key_mod/ecryptfs_key_mod_tspi.c: LP: #937331
    - IBM would like to grant a license exception for key modules that
      require linking to OpenSSL. The change should make the modules
      shippable by Linux distributions
  [ Dustin Kirkland ]
  * debian/copyright:
    - note the GPLv2 SSL exception granted by IBM for the key modules
  * debian/control, debian/copyright, doc/manpage/ecryptfs.7,
    doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
    doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
    manager.8, doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
    passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
    swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
    private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
    doc/manpage/ecryptfs-wrap-passphrase.1,
    doc/manpage/mount.ecryptfs.8, doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/pam_ecryptfs.8, doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1, README,
    src/utils/mount.ecryptfs.c:
    - use the new ecryptfs.org website where appropriate
  * debian/control:
    - update to suggest zescrow-client
  [ Sergio Peña ]
  * src/libecryptfs/cipher_list.c: LP: #922821
    - add the new name of the blowfish cipher (linux >= 3.2)
  * src/include/ecryptfs.h, src/libecryptfs/main.c,
    src/utils/mount.ecryptfs.c: LP: #917509
    - use execl() to mount ecryptfs
    - this allows us to support any arbitrary mount options in
      /etc/fstab
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7:
    - Remove the note saying that the passphrase and openssl key modules are
      available by default. That's true upstream but not always true in distro
      builds.
  * tests/run_tests.sh:
    - Make upper and lower mount point arguments optional by automatically
      creating directories in /tmp by default.
    - Make it possible to run only userspace tests without having to specify
      unused mount information
    - Accept a comma-separated list of lower filesystems to test on and loop
      through all kernel tests for each lower filesystem
    - Accept a comma-separated list of tests to run
  * tests/lib/etl_funcs.sh:
    - Unset $ETL_DISK just before etl_remove_disk() successfully returns
  * tests/userspace/Makefile.am:
    - Also build 'make check' tests when building with --enable-tests
  * include/ecryptfs.h, libecryptfs/Makefile.am,
    libecryptfs/cipher_list.c, libecryptfs/module_mgr.c,
    utils/io.h: LP: #994813
    - remove overly complicated implementation to detect what ciphers
      are supported by the currently running kernel's crypto api
    - prompt for the entire supported cipher list, if the user selects a
      cipher that their kernel doesn't support, the mount will fail
      and the kernel will write an error message to the syslog
  * src/libecryptfs/module_mgr.c:
    - Use correct blowfish block size when displaying supported ciphers to
      the user
  * tests/kernel/lp-1009207.sh, tests/kernel/Makefile.am,
    tests/kernel/tests.rc:
    - Add simple test case for incorrect handling of umask and default POSIX
      ACL masks
  * tests/kernel/lp-994247.sh, tests/kernel/lp-994247/test.c,
    tests/kernel/Makefile.am, tests/kernel/tests.rc:
    - Add test case for incorrect handling of open /dev/ecryptfs file
      descriptors that are passed or inherited by other processes
  [ Colin King ]
  * tests/lib/etl_funcs.sh:
    - etl_lumount() should use DST rather than SRC dir so it can run on Lucid
    - use file system appropriate mkfs force flag
    - cater for correct ext2 default mount flags
  * tests/kernel/lp-509180.sh, tests/kernel/lp-509180/test.c:
    - test for trailing garbage at end of files
  * tests/kernel/lp-524919.sh, tests/kernel/lp-524919/test.c:
    - test case for checking lstat/readlink size
  * tests/kernel/lp-870326.sh, tests/kernel/lp-870326/test.c:
    - test case for open(), mmap(), close(), modify mmap'd region
  * tests/kernel/lp-469664.sh:
    - test case for lsattr
  * tests/kernel/lp-613873.sh:
    - test case for stat modify time
  * tests/kernel/lp-745836.sh:
    - test case for clearing ECRYPTFS_NEW_FILE flag during truncate
  * tests/lib/etl_funcs.sh, tests/kernel/extend-file-random.sh,
    tests/kernel/trunc-file.sh (LP: #1007159):
    - Add test library function for estimating available space in lower fs
    - Use new library function in tests that need to create large files
  [ Colin Watson ]
  * src/utils/ecryptfs-setup-swap: Skip /dev/zram* swap devices
    LP: #979350
  [ Serge Hallyn ]
  * src/utils/mount.ecryptfs_private.c:
    - EoL fixes
  [ Dustin Kirkland ]
  * CONTRIBUTING:
    - added a new file to describe how to contribute to ecryptfs
  * === added directory img/old, img/old/ecryptfs_14.png,
    img/old/ecryptfs_192.png, img/old/ecryptfs_64.png:
    - saving the old logos/branding for posterity
  * debian/copyright, img/COPYING:
    - added CC-by-SA 3.0 license
    - use the text version
  * img/ecryptfs_14.png, img/ecryptfs_192.png, img/ecryptfs_64.png:
    - added scaled copies of images used for Launchpad.net branding
  * src/utils/ecryptfs-recover-private: LP: #847505
    - add an option to allow user to enter the mount passphrase,
      in case they've recorded that, but forgotten their login
      passphrase
  * src/libecryptfs/sysfs.c: LP: #802197
    - default sysfs to /sys, if not found in /etc/mtab
    - it seems that reading /etc/mtab for this is outdated
    - ensure that ecryptfs works even if there is no sysfs entry
      in /etc/mtab
  * src/key_mod/ecryptfs_key_mod_tspi.c: LP: #462225
    - fix TPM and string_to_uuid 64bits issue
    - thanks to Janos for the patch
  [ Tyler Hicks ]
  * CONTRIBUTING:
    - clarified how to contribute to the ecryptfs kernel module
  * tests/lib/etl_funcs.sh:
    - created eCryptfs test library of bash functions for use in test
      cases and test harnesses
  * test/etl_add_passphrase_key_to_keyring.c:
    - created a C helper program to allow bash scripts to interface to
      the libecryptfs function that adds passphrase-based keys to the
      kernel keyring
  * tests/kernel/tests.rc, tests/userspace/tests.rc:
    - created a test case category files for test harnesses to source
      when running testcases of a certain category (destructive, safe,
      etc.)
  * tests/run_tests.sh:
    - created a test harness to run eCryptfs test cases
  * tests/kernel/miscdev-bad-count.sh,
    tests/kernel/miscdev-bad-count/test.c:
    - created test case for miscdev issue reported to mailing list
  * tests/kernel/lp-885744.sh:
    - created test case for pathconf bug
  * tests/kernel/lp-926292.sh:
    - created test case for checking stale inode attrs after setxattr
  * tests/new.sh:
    - created new test case template to copy from
  * tests/userspace/verify-passphrase-sig.sh,
    tests/userspace/verify-passphrase-sig/test.c:
    - created test case, for make check, to test the creation of
      passphrase-based fekeks and signatures
  * configure.ac, Makefile.am, tests/Makefile.am, tests/lib/Makefile.am,
    tests/kernel/Makefile.am, tests/userspace/Makefile.am:
    - updated and created autoconf/automake files to build the new tests
      directory
    - added make check target
  [ Eddie Garcia ]
  * img/*: LP: #907131
    - contributing a new set of logos and branding under the CC-by-SA3.0
      license
  [ Colin King ]
  * tests/kernel/extend-file-random.sh,
    tests/kernel/extend-file-random/test.c:
    - Test to randomly extend file size, read/write + unlink
  * tests/kernel/trunc-file.sh, tests/kernel/trunc-file/test.c:
    - Test to exercise file truncation
  * tests/kernel/directory-concurrent.sh,
    tests/kernel/directory-concurrent/test.c:
    - test for directory creation/deletion races with multiple processes
  * tests/kernel/file-concurrent.sh,
    tests/kernel/file-concurrent/test.c:
    - test for file creation/truncation/unlink races with multiple
      processes
  * tests/kernel/inotify.sh, tests/kernel/inotify/test.c:
    - test for proper inotify support
  * tests/kernel/mmap-dir.sh, tests/kernel/mmap-dir/test.c:
    - test that directory files cannot be mmap'ed
  * tests/kernel/read-dir.sh, tests/kernel/read-dir/test.c:
    - test that read() on directory files returns the right error
  * tests/kernel/setattr-flush-dirty.sh:
    - test that the modified timestamp isn't clobbered in writeback
  * tests/kernel/inode-race-stat.sh, tests/kernel/inode-race-stat/test.c:
    - test for inode initialization race condition
  [ Serge Hallyn ]
  * fix infinite loop on arm: fgetc returns an int, and -1 at end of
    options. Arm makes char unsigned. (LP: #884407)
  [ Dustin Kirkland ]
  * debian/compat, debian/control, debian/ecryptfs-utils.install,
    debian/ecryptfs-utils.lintian-overrides,
    debian/libecryptfs0.install, debian/libecryptfs-dev.install,
    debian/lintian/ecryptfs-utils, debian/python-ecryptfs.install,
    debian/rules, debian/source/options, doc/ecryptfs-pam-doc.txt,
    doc/manpage/ecryptfs-setup-private.1, lintian/ecryptfs-utils, ===
    removed directory debian/lintian:
    - merge a bunch of packaging changes from Debian's Daniel Baumann
    - fixes LP: #800647
  * scripts/release.sh:
    - minor release fixes
  [ Dustin Kirkland ]
  * scripts/release.sh:
    - fix release script
    - bump ubuntu release
  * doc/manpage/ecryptfs-recover-private.1, src/utils/ecryptfs-migrate-
    home (properties changed: -x to +x), src/utils/ecryptfs-recover-
    private:
    - add a --rw option for ecryptfs-recover-private
  * src/utils/ecryptfs-migrate-home: LP: #820416
    - show progress on rsync
  * debian/ecryptfs-utils.ecryptfs-utils-restore.upstart,
    debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
    src/utils/ecryptfs-migrate-home,
    src/utils/ecryptfs-setup-private: LP: #883238
    - remove 2 upstart scripts, which attempted to "save" users who didn't
      login after migrating their home; instead, we now require the root
      user to enter user passwords at migration time
  * debian/copyright, debian/ecryptfs-utils.ecryptfs-utils-
    restore.upstart, debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
    doc/manpage/ecryptfs.7, doc/manpage/ecryptfs-add-passphrase.1,
    doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
    mount-private.1, doc/manpage/ecryptfs-recover-private.1,
    doc/manpage/ecryptfs-rewrap-passphrase.1, doc/manpage/ecryptfs-
    rewrite-file.1, doc/manpage/ecryptfs-setup-private.1,
    doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
    doc/manpage/ecryptfs-umount-private.1, doc/manpage/ecryptfs-unwrap-
    passphrase.1, doc/manpage/ecryptfs-wrap-passphrase.1,
    doc/manpage/fr/ecryptfs-add-passphrase.1, doc/manpage/fr/ecryptfs-
    generate-tpm-key.1, doc/manpage/fr/ecryptfs-insert-wrapped-
    passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-mount-private.1,
    doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
    doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
    umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
    doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
    zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
    doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
    doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1,
    src/pam_ecryptfs/pam_ecryptfs.c,
    src/utils/ecryptfs_add_passphrase.c,
    src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    src/utils/ecryptfs-migrate-home, src/utils/ecryptfs-mount-private,
    src/utils/ecryptfs-recover-private,
    src/utils/ecryptfs_rewrap_passphrase.c, src/utils/ecryptfs-rewrite-
    file, src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-
    swap, src/utils/ecryptfs-umount-private,
    src/utils/ecryptfs_unwrap_passphrase.c,
    src/utils/ecryptfs_wrap_passphrase.c:
    - update some email addresses, moving kirkland@canonical.com ->
      kirkland@ubuntu.com (which I can still read)
  * src/libecryptfs/key_management.c: LP: #715066
    - fix 2 places where we were handling
      ecryptfs_add_passphrase_key_to_keyring() inconsistently
    - if we're trying to add a key to the keyring, and it's already there,
      treat that as "success"
  * debian/control:
    - ecryptfs-setup-swap is strongly recommended, which depends on
      cryptsetup; so promote cryptsetup from suggests -> recommends
  [ Stephan Ritscher and Tyler Hicks ]
  * src/libecryptfs/cmd_ln_parser.c: LP: #683535
    - fix passphrase_passwd_fd for pipes
    - handle memory allocation failures
    - free memory in error paths
  [ Arfrever Frehtes Taifersar Arahesis ]
  * configure.ac: LP: #893327
    - no need to check for python, if --disable-pywrap is passed
  * src/utils/ecryptfs-verify, src/utils/Makefile.am:
    - add an ecryptfs-verify utility, LP: #845738
  * src/testcases/write-read.sh:
    - added a write/read test utility
  * doc/manpage/ecryptfs-mount-private.1, doc/manpage/ecryptfs-setup-
    private.1, doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/umount.ecryptfs_private.1: LP: #882267
    - remove inaccurate documentation about being a member of the ecryptfs
      group
  * src/utils/ecryptfs-setup-private: LP: #882314
    - fix preseeded encrypted home Ubuntu installations (thanks Timo!)
  * src/libecryptfs/key_management.c: LP: #725862
    - fix nasty bug affecting users who do *not* encrypt filenames;
      the first login works, but on logout, only one key gets
      cleaned out; subsequent logins do not insert the necessary key
      due to an early "goto out"; this fix needs to be SRU'd
  * debian/rules: LP: #586281
    - fix perms on desktop mount file
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #838471
    - rework syslogging to be less noisy and note pam_ecryptfs
  [ Diego E. "Flameeyes" Pettenò ]
  * configure.ac:
    - fix reliance on nss-config, which hinders cross-compilation
  [ Marc Deslauriers ]
  * src/utils/mount.ecryptfs_private.c:
  * SECURITY UPDATE: wrong mtab ownership and permissions (LP: #830850)
    - debian/patches/CVE-2011-3145.patch: also set gid and umask before
      updating mtab in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-3145
  [ Marc Deslauriers ]
  * SECURITY UPDATE: privilege escalation via mountpoint race conditions
    (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
      before checking permissions in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1831
    - CVE-2011-1832
  * SECURITY UPDATE: race condition when checking source during mount
    (LP: #732628)
    - debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
      kernel option when mounting directory in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1833
  * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
      file first and make sure it succeeds before replacing the real mtab
      in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1834
  * SECURITY UPDATE: key poisoning via insecure temp directory handling
    (LP: #732628)
    - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
      user controlled directory in src/utils/ecryptfs-setup-private.
    - CVE-2011-1835
  * SECURITY UPDATE: information disclosure via recovery mount in /tmp
    (LP: #732628)
    - debian/patches/CVE-2011-1836.patch: mount inside protected
      subdirectory in src/utils/ecryptfs-recover-private.
    - CVE-2011-1836
  * SECURITY UPDATE: arbitrary file overwrite via lock counter race
    condition (LP: #732628)
    - debian/patches/CVE-2011-1837.patch: verify permissions with a file
      descriptor, and don't follow symlinks in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1837
  [ Dustin Kirkland ]
  * debian/control:
    - add missing build dependency needed for release
  * doc/manpage/ecryptfs-wrap-passphrase.1: fix minor error in manpage
  * src/desktop/ecryptfs-find, src/desktop/Makefile.am: LP: #799157
    - add a tool, /usr/share/ecryptfs-utils/ecryptfs-find that can
      help find cleartext/encrypted filenames by inode number
  * src/desktop/ecryptfs-find:
    - test file exists first; ditch the match;
      search all ecryptfs mounts that user can read/traverse
  * debian/ecryptfs-utils.links:
    - add a symlink for Ubuntu
  * scripts/release.sh:
    - improve release script
  [ Serge Hallyn ]
  * Fix from Christophe Dumez: mount.ecryptfs_private: Do not attempt to
    update mtab if it is a symbolic link. (LP: #789888)
  * src/utils/mount.ecryptfs_private.c:
    - reduce the window size for the TOCTOU race;
      does not entirely solve LP: #732628, which is going to need to be
      fixed in the kernel with some heavy locking
  * debian/control: update urls
  * src/utils/ecryptfs-mount-private: LP: #725862
    - fix ecryptfs-mount-private to insert only the fek, if filename
      encryption is disabled
  [ Paolo Bonzini <pbonzini@redhat.com> ]
  * src/utils/ecryptfs-setup-private: update the Private.* selinux
    contexts
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-private:
    - add -p to mkdir, address noise for a non-error
    - must insert keys during testing phase, since we remove keys on
      unmount now, LP: #725862
  * src/utils/ecryptfs_rewrap_passphrase.c: confirm passphrases in
    interactive mode, LP: #667331
  [ Jakob Unterwurzacher ]
  * src/pam_ecryptfs/pam_ecryptfs.c:
    - check if this file exists and ask the user for the wrapping passphrase
      if it does
    - eliminate both ecryptfs_pam_wrapping_independent_set() and
      ecryptfs_pam_automount_set() and replace with a reusable
      file_exists_dotecryptfs() function
  [ Serge Hallyn and Dustin Kirkland ]
  * src/utils/mount.ecryptfs_private.c:
    - support multiple, user configurable private directories by way of
      a command line "alias" argument
    - this "alias" references a configuration file by the name of:
      $HOME/.ecryptfs/alias.conf, which is in an fstab(5) format,
      as well as $HOME/.ecryptfs/alias.sig, in the same format as
      Private.sig
    - if no argument specified, the utility operates in legacy mode,
      defaulting to "Private"
    - rename variables, s/dev/src/ and s/mnt/dest/
    - add a read_config() function
    - add an alias char* to replace the #defined ECRYPTFS_PRIVATE_DIR
    - this is half of the fix to LP: #615657
  * doc/manpage/mount.ecryptfs_private.1: document these changes
  * src/libecryptfs/main.c, src/utils/mount.ecryptfs_private.c:
    - allow umount.ecryptfs_private to succeed when the key is no
      longer in user keyring.
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-recover-private: clean sigs of invalid characters
  * src/utils/mount.ecryptfs_private.c:
    - fix bug LP: #313812, clear used keys on unmount
    - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from
      umount.ecryptfs behave similarly
    - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek
  [ presgas@gmail.com ]
  * src/utils/ecryptfs-migrate-home:
    - support user databases outside of /etc/passwd, LP: #627506
  * src/desktop/ecryptfs-record-passphrase: fix typo, LP: #524139
  * debian/rules, debian/control:
    - disable the gpg key module, as it's not yet functional
    - clean up unneeded build-deps
    - also, not using opencryptoki either
  * doc/manpage/ecryptfs.7: fix minor documentation bug, reported by
    email by Jon 'maddog' Hall
  * doc/manpage/ecryptfs-recover-private.1, doc/manpage/Makefile.am,
    po/POTFILES.in, src/utils/ecryptfs-recover-private,
    src/utils/Makefile.am: add a utility to simplify data recovery
    of an encrypted private directory from a Live ISO, LP: #689969
  [ David Planella ]
  * Makefile.am, configure.ac, debian/control, debian/po/POTFILES.sh,
    debian/po/ecryptfs-utils.pot, debian/po/fr.po, debian/rules,
    po/POTFILES.in, src/desktop/Makefile.am,
    src/desktop/ecryptfs-mount-private.desktop,
    src/desktop/ecryptfs-mount-private.desktop.in,
    src/desktop/ecryptfs-record-passphrase,
    src/desktop/ecryptfs-setup-private.desktop,
    src/desktop/ecryptfs-setup-private.desktop.in:
    - internationalization work for LP: #358283
  * po/LINGUAS, po/ca.po: Catalan translation
  [ Yan Li <yan.i.li@intel.com> ]
  * src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/ecryptfs-migrate-home: add a script and pam hooks to
    support automatic migration to encrypted home directory
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-migrate-home: clean up for merge
    - use $() rather than ``
    - drop set -u
    - use = and !=, and quote vars, rather than testing with -ne, -eq,
      for better shell portability
    - improve usage statement and error text
    - check if already encrypted
    - handle migration of multiple users on boot
    - fix all whitespace, use tabs for indents
    - use quotes around variables, rather than ${} (stylistic preference)
    - major simplification for immediate release
      + remove boot and user modes; only support administrator mode for
        security reasons and to avoid race conditions
      + other modes can be re-added, if necessary, and if security
        concerns can be addressed
    - ensure running as root
    - drop VERBOSE option, always print useful info messages
    - call the user $USER_NAME rather than $USER_ID since id implies
      number, and here we're deailing with names
    - no decimals on awk calculation
    - mktemp on the target user, not root
    - check that there is enough disk space available to do the migration
    - ensure the user's homedir group is correct
    - add critical instructions, user *must* login after the migration and
      before the reboot, as their wrapped passphrase will be cleared on
      reboot (possible we should use an init script to move these to
      /var/tmp on reboot)
    - ensure permissions are set correctly
    - improve text at the end of the migration, organize into notes
  * ecryptfs-utils.ecryptfs-utils-restore.upstart,
    ecryptfs-utils.ecryptfs-utils-save.upstart, rules:
    - try to protect migrating users who don't login before the next reboot
  * debian/ecryptfs-utils.install: install the locale messages
  * src/desktop/ecryptfs-record-passphrase: improve dialog text
  * src/desktop/ecryptfs-record-passphrase: revert the _ bit, as it's not quite
    working yet, will need to talk to David to fix
  * src/utils/ecryptfs-setup-private: fix bug where setup-private
    incorrectly assumed that the home/private dir ownerships should
    be owned by USER:USER; instead, default to USER:GROUP, where
    GROUP is the USER's primary group by default, LP: #445301
  * src/utils/ecryptfs-setup-private, debian/control: LP: #456565
    - fix typo, s/getext/gettext
    - depend on gettext-base
  * src/utils/ecryptfs-setup-private: fix printing of error strings,
    which was broken by the gettext integration, LP: #471725;
    in doing so, use $() in place of ``, use '' for gettext arguments,
    and wrap gettext in "", like this: foo="$(gettext 'blah blah')"
  * debian/control: one package per line, helps tremendously when looking
    at diffs
  * debian/copyright: Add new fields
  * debian/ecryptfs-utils.postinst: minor set -e change
  [ Michael Terry ]
  * src/utils/ecryptfs-setup=swap: clean up some error message reporting,
    LP: #430891, #430890
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs.7: note the 64-char passphrase limit, LP: #386504
  * src/utils/ecryptfs-setup-private: minor documentation change
  [ Evan Dandrea ]
  * src/utils/ecryptfs-setup-swap: allow for setting up encrpyted swap,
    without activating it immediately, necessary for livecd installations
  [ Dustin Kirkland ]
  * debian/control: updated bzr and browser urls, bumped standards version
  * src/pam_ecryptfs/pam_ecryptfs.c: silence useless, oft-shown info
    message
  * src/utils/ecryptfs-mount-private, src/utils/ecryptfs-rewrite-file,
    src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-swap,
    src/utils/ecryptfs-umount-private: use gettext for all string printing,
    such that we can internationalize ecryptfs
  * po/POTFILES.sh, po/ecryptfs-utils.pot, po/fr.po, rules: add po to the
    build system; for now, in the debian/ directory; this should be put in
    the upstream source tree eventually (but I need some help with the
    automake/autoconf integration)
  * ecryptfs-setup-swap: exit(0) if there's no swaps to encrypt, ensures
    that this script succeeds if there is no swap space that needs to be
    secured, or if the existing swap space is already secured
  * doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
    doc/manpage/umount.ecryptfs.8, doc/manpage/Makefile.am: added manpagess
  * doc/manpage/ecryptfs.7: fix lintian warning
  * debian/lintian/ecryptfs-utils: added a lintian overrides file
  * debian/lintian/ecryptfs-utils, debian/ecryptfs-utils.install: add and
    install some proper lintian overrides
  * src/libecryptfs/module_mgr.c: fix typo, LP: #408437
  [ Evan Dandrea ]
  * ecryptfs-setup-swap: support more than one encrypted swap device
  [ Dorin Scutarașu ]
  * src/libecryptfs/key_management.c: fix null pointer deref, LP: #409565
  [ James Westby ]
  * src/libecryptfs/main.c flockfile the filehandle after checking that
    we were able to successfully open it (LP: #403011)
  * debian/libecryptfs0.shlibs: bump shlibs dep to 77 since we added new
    symbols there
  [ Dustin Kirkland ]
  * src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c:
    revert the zombie code removal from pam_ecryptfs as it seems this
    bit is still needed; fix the source of the problem introduced in
    commit r407; check for non-zero return codes; this problem would
    manifest itself as a) unable to unlock screensaver, b) unable to
    switch users, c) unable to mount home folder on initial login;
    LP: #402222, #402029
  * src/utils/ecryptfs-umount-private: use for loop to loop over key
    ids on removal
  * src/utils/mount.ecryptfs_private.c: return non-zero on unmount failure
    due to open sessions; handle this in ecryptfs-umount-private too; make
    the flock() blocking; use /dev/shm for counter; add an iterator to the
    counter file to prevent users from DoS'ing one another from accessing
    their encrypted directories, LP: #402745
  * debian/ecryptfs-utils.postinst: move /tmp counters to /dev/shm
  * configure.ac: link against pam, silence shlib warning
  * src/include/ecryptfs.h, src/libecryptfs/main.c,
    src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/mount.ecryptfs_private.c: move two functions from
    mount.ecryptfs_private to libecryptfs, namely is_mounted() and
    fetch_private_mnt(); use these in both pam_ecryptfs and
    mount.ecryptfs_private; also move PRIVATE to ECRYPTFS_PRIVATE in
    the ecryptfs.h headers; this will allow us to short-circuit some of the
    costly key-loading code on pam_auth if the private dir is already
    mounted, speeding up some subsequent authentications significantly,
    LP: #402748
  * doc/ecryptfs-mount-private.txt: removed the "$" to make copy-n-paste
    more user friendly
  * src/utils/ecryptfs-setup-private: when encrypting home, put the
    .ecryptfs and .Private data in /home/.ecryptfs rather than /var/lib,
    as users are forgetting to backup /var/lib, and are often putting
    /home on a separate partition; furthermore, this gives users a place
    to access their encrypted data for backup, rather than hiding the
    data below $HOME, LP: #371719
  [ Tyler Hicks ]
  * src/libecryptfs/cipher_list.c, src/libecryptfs/module_mgr.c:
    add blowfish/56-bytes to the list of ciphers we officially support,
    LP: #402790
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-swap: switch from vol_id to blkid,
    LP: #376486
  * debian/ecryptfs-utils.postinst, src/utils/ecryptfs-setup-private:
    don't echo mount passphrase if running in bootstrap mode; prune
    potential leakages from install log, LP: #383650
  * SECURITY UPDATE: mount passphrase recorded in install log (LP: #383650).
    - debian/ecryptfs-utils.postinst: prune private information from
      installer log
    - src/utils/ecryptfs-setup-private: don't echo passphrase if running in
      bootstrap mode
    - CVE-2009-1296
  * src/utils/ecryptfs-setup-private: make some of the lanuage more readable,
    (thanks, anrxc)
  * README, configure.ac, debian/control, debian/rules,
    doc/sourceforge_webpage/README, src/libecryptfs-swig/libecryptfs.py,
    src/libecryptfs-swig/libecryptfs_wrap.c,
    src/libecryptfs/key_management.c, src/libecryptfs/libecryptfs.pc.in,
    src/libecryptfs/main.c, src/pam_ecryptfs/Makefile.am,
    src/utils/manager.c, src/utils/mount.ecryptfs.c: move build from gcrypt
    to nss (this change has been pending for some time)
  * src/utils/ecryptfs-dot-private: dropped, was too hacky
  * ecryptfs-mount-private.1, ecryptfs-setup-private.1: align the
    documentation and implementation of the wrapping-independent feature,
    LP: #383746
  * src/utils/ecryptfs-umount-private: use keyctl list @u, since keyctl show
    stopped working, LP: #400484, #395082
  * src/utils/mount.ecryptfs_private.c: fix counter file locking; solves
    a longstanding bug about "random" umount caused by cronjobs, LP: #358573
  [ Michal Hlavinka (edits by Dustin Kirkland) ]
  * doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs.7,
    doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/umount.ecryptfs_private.1: documentation updated to note
    possible ecryptfs group membership requirements; Fix ecrypfs.7 man
    page and key_mod_openssl's error message; fix typo
  * src/libecryptfs/decision_graph.c: put a finite limit (5 tries) on
    interactive input; fix memory leaks when asking questions
  * src/libecryptfs/module_mgr.c: Don't error out with EINVAL when
    verbosity=0 and some options are missing.
  * src/utils/umount.ecryptfs.c: no error for missing key when removing it
  * src/libecryptfs-swig/libecryptfs.i: fix compile werror, cast char*
  * src/utils/ecryptfs_add_passphrase.c: fix/test/use return codes;
    return nonzero for --fnek when not supported but used
  * src/include/ecryptfs.h, src/key_mod/ecryptfs_key_mod_openssl.c,
    src/libecryptfs/module_mgr.c: refuse mounting with too small rsa
    key (key_mod_openssl)
  * src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c: fix return
    codes
  * src/utils/ecryptfs-rewrite-file: polish output
  * src/libecryptfs/key_management.c: inform about full keyring; insert fnek
    sig into keyring if fnek support check fails; don't fail if key already
    exists in keyring
  * src/utils/ecryptfs-setup-private: if the ecryptfs group exists, restrict
    ecryptfs-setup-private to members of this group
  * src/pam_ecryptfs/pam_ecryptfs.c: dynamically load ecryptfs module by
    checking ecryptfs version
  * src/libecryptfs/decision_graph.c, src/utils/io.c,
    src/utils/mount.ecryptfs.c: fix EOF handling, LP: #371587
  * src/desktop/Makefile.am: make desktop files trusted, LP: #371426
  [ Dustin Kirkland and Daniel Baumann ]
  * debian/control, debian/copyright, debian/ecryptfs-utils.dirs,
    debian/ecryptfs-utils.install, debian/ecryptfs-utils.postinst,
    debian/rules, ecryptfs-utils.pam-auth-update: sync Ubuntu's
    packaging with Debian; drop dpatch, drop libssl build dep, clean
    up extraneous debhelper bits, match cflags; remaining diff is only
    ecryptfs-utils.prerm
  [ Arfrever Frehtes Taifersar Arahesis ]
  * key_mod/ecryptfs_key_mod_gpg.c,
    key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    libecryptfs/key_management.c, utils/ecryptfs_unwrap_passphrase.c:
    Fix warnings, initialize a few variables, drop unused ones
  [ David Hicks ]
  * src/lib/key_management.c: fix stray semicolon that prevents .ecryptfsrc
    files from working properly, LP: #372709
  [ Michael Rooney ]
  * src/python/ecryptfsapi.py: added python api
  [ Dustin Kirkland ]
  * debian/rules: drop hackery that moves stuff /usr/share/ecryptfs-utils
  * src/utils/mount.ecryptfs_private.c: update inline documentation
  * debian/changelog, src/libecryptfs/cmd_ln_parser.c,
    src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c,
    src/utils/ecryptfs_add_passphrase.c,
    src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    src/utils/ecryptfs_rewrap_passphrase.c,
    src/utils/ecryptfs_unwrap_passphrase.c,
    src/utils/ecryptfs_wrap_passphrase.c: silence some useless logging,
    LP: #313330
  * include/ecryptfs.h, libecryptfs/key_management.c,
    utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    utils/ecryptfs_unwrap_passphrase.c: if the file to unwrap is
    unspecified, try to use the default ~/.ecryptfs/wrapped-passphrase
    before bailing out, LP: #359997
  * src/utils/ecryptfs-setup-private: unix_chkpwd is not always present
    (eg, gentoo), LP: #332341
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7: ecryptfs_encrypted_view option desription
    was wrong LP: #328761
  [ Michal Hlavinka ]
  * decision_graph.c: fix uninitialized return code
  * mount.ecryptfs.c: don't pass verbosity option to kernel
  [ anrxc & Dustin Kirkland ]
  * doc/Makefile.am, src/desktop/Makefile.am: fix automake installation from
    /usr/share to /usr/share/ecryptfs-utils
  [ Daniel Baumann & Dustin Kirkland ]
  * debian/rules, debian/control: sync differences between Debian & Ubuntu's
    packaging
  [ Arfrever Frehtes Taifersar Arahesis ]
  * src/key_mod/ecryptfs_key_mod_gpg.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c: fix implicit declations
  [ Frédéric Guihéry ]
  * key_mod/ecryptfs_key_mod_tspi.c, utils/ecryptfs_generate_tpm_key.c:
    the SRK password should be set to 20 bytes of NULL (wellknown
    password), in order for different tools to request key protection
    with the Storage Root Key
  [ Michal Hlavinka ]
  * Changes for RH/Fedora release
    - change error codes to be more descriptive
    - decision_graph.h, *: change definition of node return codes to positive
      values
    - mount.ecryptfs.c: insist for yes/no answer for unkown sigs
    - don't print error for removing key from keyring if it succeeded
    - module_mgr.c: insist on yes/no answer
    - use ECRYPTFS_NONEMPTY_VALUE_REQUIRED where reasonable
    - pam_ecryptfs.c: don't try to unwrap key for users not using pam mounting
    - add verbosity to man page
    - decision_graph.* : add ECRYPTFS_NONEMPTY_VALUE_REQUIRED flag for nodes
    - decision_graph.* : add WRONG_VALUE return code to nodes for asking
      question again
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-private: fix bug in grep when running with LANG
    in other locales, LP: #347969
  * doc/manpage/ecryptfs.7: add notes about verbose option
  * src/desktop: add the desktop files to the dist tarball
  * src/utils/ecryptfs-dot-private: sourceable file for accessing your
    encrypted data; useful for conducting backups
  [ Martin Pitt and Dustin Kirkland ]
  Reworked the fixes for LP: #352307, remind user to record their passphrase
  * src/desktop/ecryptfs-record-passphrase: run if
    ~/.ecryptfs/.wrapped-passphrase.recorded does NOT exist; touch that
    file upon successful run of unwrap passphrase
  * debian/patches/00list,
    debian/patches/update-notifier-remind-passphrase.dpatch: dropped, since
    this was moved into PAM

ubuntu/saucy 2013-02-20 14:03:29 UTC 2013-02-20
Import patches-unapplied version 103-0ubuntu2 to ubuntu/raring-proposed

Author: Nobuto Murata
Author Date: 2013-02-20 05:05:42 UTC

Import patches-unapplied version 103-0ubuntu2 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 09dfa90125fc80098cd14d0f43eafc1d6bf35d23

New changelog entries:
  * fix an empty update-notifier window (LP: #1107650)
    - needed part was dropped accidentally at 102-0ubuntu1

ubuntu/raring-proposed 2013-02-20 14:03:29 UTC 2013-02-20
Import patches-unapplied version 103-0ubuntu2 to ubuntu/raring-proposed

Author: Nobuto Murata
Author Date: 2013-02-20 05:05:42 UTC

Import patches-unapplied version 103-0ubuntu2 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 09dfa90125fc80098cd14d0f43eafc1d6bf35d23

New changelog entries:
  * fix an empty update-notifier window (LP: #1107650)
    - needed part was dropped accidentally at 102-0ubuntu1

ubuntu/raring-devel 2013-02-20 14:03:29 UTC 2013-02-20
Import patches-unapplied version 103-0ubuntu2 to ubuntu/raring-proposed

Author: Nobuto Murata
Author Date: 2013-02-20 05:05:42 UTC

Import patches-unapplied version 103-0ubuntu2 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 09dfa90125fc80098cd14d0f43eafc1d6bf35d23

New changelog entries:
  * fix an empty update-notifier window (LP: #1107650)
    - needed part was dropped accidentally at 102-0ubuntu1

ubuntu/raring 2013-02-20 14:03:29 UTC 2013-02-20
Import patches-unapplied version 103-0ubuntu2 to ubuntu/raring-proposed

Author: Nobuto Murata
Author Date: 2013-02-20 05:05:42 UTC

Import patches-unapplied version 103-0ubuntu2 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 09dfa90125fc80098cd14d0f43eafc1d6bf35d23

New changelog entries:
  * fix an empty update-notifier window (LP: #1107650)
    - needed part was dropped accidentally at 102-0ubuntu1

ubuntu/saucy-devel 2013-02-20 14:03:29 UTC 2013-02-20
Import patches-unapplied version 103-0ubuntu2 to ubuntu/raring-proposed

Author: Nobuto Murata
Author Date: 2013-02-20 05:05:42 UTC

Import patches-unapplied version 103-0ubuntu2 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 09dfa90125fc80098cd14d0f43eafc1d6bf35d23

New changelog entries:
  * fix an empty update-notifier window (LP: #1107650)
    - needed part was dropped accidentally at 102-0ubuntu1

ubuntu/precise-proposed 2013-02-05 19:03:34 UTC 2013-02-05
Import patches-unapplied version 96-0ubuntu3.1 to ubuntu/precise-proposed

Author: Tyler Hicks
Author Date: 2012-12-04 20:12:55 UTC

Import patches-unapplied version 96-0ubuntu3.1 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 97af871d5c4871650ae322938efd619034a4822c

New changelog entries:
  * Fix encrypted home/private race condition that could result in encrypted
    filenames not being decrypted, despite the directory being mounted
    correctly otherwise. (LP: #1052038)
    - debian/patches/fix-private-mount-race.patch: Fix race condition by only
      opening the signature file once, rather than opening, reading, and
      closing it for each key signature.

ubuntu/quantal-proposed 2013-01-31 18:03:32 UTC 2013-01-31
Import patches-unapplied version 100-0ubuntu1.1 to ubuntu/quantal-proposed

Author: Tyler Hicks
Author Date: 2012-12-04 20:12:27 UTC

Import patches-unapplied version 100-0ubuntu1.1 to ubuntu/quantal-proposed

Imported using git-ubuntu import.

Changelog parent: b6dca781e18ae1dfbb2cffbcd1931680eb98e46c

New changelog entries:
  * Fix encrypted home/private race condition that could result in encrypted
    filenames not being decrypted, despite the directory being mounted
    correctly otherwise. (LP: #1052038)
    - debian/patches/fix-private-mount-race.patch: Fix race condition by only
      opening the signature file once, rather than opening, reading, and
      closing it for each key signature.

ubuntu/quantal-updates 2013-01-31 18:03:32 UTC 2013-01-31
Import patches-unapplied version 100-0ubuntu1.1 to ubuntu/quantal-proposed

Author: Tyler Hicks
Author Date: 2012-12-04 20:12:27 UTC

Import patches-unapplied version 100-0ubuntu1.1 to ubuntu/quantal-proposed

Imported using git-ubuntu import.

Changelog parent: b6dca781e18ae1dfbb2cffbcd1931680eb98e46c

New changelog entries:
  * Fix encrypted home/private race condition that could result in encrypted
    filenames not being decrypted, despite the directory being mounted
    correctly otherwise. (LP: #1052038)
    - debian/patches/fix-private-mount-race.patch: Fix race condition by only
      opening the signature file once, rather than opening, reading, and
      closing it for each key signature.

ubuntu/oneiric-devel 2013-01-31 18:03:32 UTC 2013-01-31
Import patches-unapplied version 92-0ubuntu1.2 to ubuntu/oneiric-proposed

Author: Tyler Hicks
Author Date: 2012-12-04 20:13:46 UTC

Import patches-unapplied version 92-0ubuntu1.2 to ubuntu/oneiric-proposed

Imported using git-ubuntu import.

Changelog parent: f2e3324e4670ae7d180f8a830fc1a29c08156457

New changelog entries:
  * Fix encrypted home/private race condition that could result in encrypted
    filenames not being decrypted, despite the directory being mounted
    correctly otherwise. (LP: #1052038)
    - debian/patches/fix-private-mount-race.patch: Fix race condition by only
      opening the signature file once, rather than opening, reading, and
      closing it for each key signature.

ubuntu/oneiric-proposed 2013-01-31 18:03:32 UTC 2013-01-31
Import patches-unapplied version 92-0ubuntu1.2 to ubuntu/oneiric-proposed

Author: Tyler Hicks
Author Date: 2012-12-04 20:13:46 UTC

Import patches-unapplied version 92-0ubuntu1.2 to ubuntu/oneiric-proposed

Imported using git-ubuntu import.

Changelog parent: f2e3324e4670ae7d180f8a830fc1a29c08156457

New changelog entries:
  * Fix encrypted home/private race condition that could result in encrypted
    filenames not being decrypted, despite the directory being mounted
    correctly otherwise. (LP: #1052038)
    - debian/patches/fix-private-mount-race.patch: Fix race condition by only
      opening the signature file once, rather than opening, reading, and
      closing it for each key signature.

ubuntu/oneiric-updates 2013-01-31 18:03:32 UTC 2013-01-31
Import patches-unapplied version 92-0ubuntu1.2 to ubuntu/oneiric-proposed

Author: Tyler Hicks
Author Date: 2012-12-04 20:13:46 UTC

Import patches-unapplied version 92-0ubuntu1.2 to ubuntu/oneiric-proposed

Imported using git-ubuntu import.

Changelog parent: f2e3324e4670ae7d180f8a830fc1a29c08156457

New changelog entries:
  * Fix encrypted home/private race condition that could result in encrypted
    filenames not being decrypted, despite the directory being mounted
    correctly otherwise. (LP: #1052038)
    - debian/patches/fix-private-mount-race.patch: Fix race condition by only
      opening the signature file once, rather than opening, reading, and
      closing it for each key signature.

ubuntu/quantal-devel 2013-01-31 18:03:32 UTC 2013-01-31
Import patches-unapplied version 100-0ubuntu1.1 to ubuntu/quantal-proposed

Author: Tyler Hicks
Author Date: 2012-12-04 20:12:27 UTC

Import patches-unapplied version 100-0ubuntu1.1 to ubuntu/quantal-proposed

Imported using git-ubuntu import.

Changelog parent: b6dca781e18ae1dfbb2cffbcd1931680eb98e46c

New changelog entries:
  * Fix encrypted home/private race condition that could result in encrypted
    filenames not being decrypted, despite the directory being mounted
    correctly otherwise. (LP: #1052038)
    - debian/patches/fix-private-mount-race.patch: Fix race condition by only
      opening the signature file once, rather than opening, reading, and
      closing it for each key signature.

ubuntu/quantal 2012-08-02 22:33:54 UTC 2012-08-02
Import patches-unapplied version 100-0ubuntu1 to ubuntu/quantal

Author: Dustin Kirkland 
Author Date: 2012-08-02 21:33:55 UTC

Import patches-unapplied version 100-0ubuntu1 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: dd52703b628dbc7ba718e7d068506782c275f428

New changelog entries:
  [ Tyler Hicks ]
  * src/pam_ecryptfs/pam_ecryptfs.c, src/libecryptfs/key_management.c:
      LP: #1024476
    - fix regression introduced in ecryptfs-utils-99 when Encrypted
      Home/Private is in use and the eCryptfs kernel code is compiled as a
      module
    - drop check for kernel filename encryption support in pam_ecryptfs, as
      appropriate privileges to load the eCryptfs kernel module may not be
      available and filename encryption has been supported since 2.6.29
    - always add filename encryption key to the kernel keyring from pam mount
  [ Colin King ]
  * tests/kernel/inode-race-stat/test.c:
    - limit number of forks based on fd limits
  * tests/kernel/enospc.sh, tests/kernel/enospc/test.c,
    tests/kernel/Makefile.am, tests/kernel/tests.rc:
    - add test case for ENOSPC
  [ Tim Harder ]
  * m4/ac_python_devel.m4: LP: #1029217
    - properly save and restore CPPFLAGS and LIBS when python support is
      enabled
  [ Dustin Kirkland ]
  * debian/ecryptfs-utils.postinst: LP: #936093
    - ensure desktop file is executable
  [ Wesley Wiedenmeier ]
  * src/utils/mount.ecryptfs.c: LP: #329264
    - remove old hack, that worked around a temporary kernel regression;
      ensure that all mount memory is mlocked
  [ Sebastian Krahmer ]
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #732614
    - drop group privileges in the same places that user privileges are
      dropped
    - check return status of setresuid() calls and return if they fail
    - drop privileges before checking for the existence of
      ~/.ecryptfs/auto-mount to prevent possible file existence leakage
      by a symlink to a path that typically would not be searchable by
      the user
    - drop privileges before reading salt from the rc file to prevent the
      leakage of root's salt and, more importantly, using the incorrect salt
    - discovered, independently, by Vasiliy Kulikov and Sebastian Krahmer
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #1020904
    - after dropping privileges, clear the environment before executing the
      private eCryptfs mount helper
    - discovered by Sebastian Krahmer
  * src/utils/mount.ecryptfs_private.c: LP: #1020904
    - do not allow private eCryptfs mount aliases to contain ".." characters
      as a preventative measure against a crafted file path being used as an
      alias
    - force the MS_NOSUID mount flag to protect against user controlled lower
      filesystems, such as an auto mounted USB drive, that may contain a
      setuid-root binary
      + CVE-2012-3409
    - force the MS_NODEV mount flag
    - after dropping privileges, clear the environment before executing umount
    - discovered by Sebastian Krahmer
  [ Tyler Hicks ]
  * src/libecryptfs/key_management.c: LP: #732614
    - zero statically declared buffers to prevent the leakage of stack
      contents in the case of a short file read
    - discovered by Vasiliy Kulikov
  * src/libecryptfs/module_mgr.c, src/pam_ecryptfs/pam_ecryptfs.c:
    - fix compiler warnings
  [ Dustin Kirkland ]
  * debian/ecryptfs-utils.prerm:
    - drop the pre-removal ERRORs down to WARNINGs
    - these have caused a ton of trouble; whatever is causing ecryptfs-utils
      to be marked for removal should be fixed; but ecryptfs exiting 1 seems
      to be causing more trouble than it's worth
    - LP: #871021, #812270, #988960, #990630, #995381, #1010961
  * doc/ecryptfs-faq.html:
    - update the frequently asked questions, which haven't seen much
      attention in a while now
    - drop a few references to sourceforge
  * doc/ecryptfs-pam-doc.txt, doc/manpage/fr/ecryptfs-add-passphrase.1,
    doc/manpage/fr/ecryptfs-generate-tpm-key.1, doc/manpage/fr/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-
    mount-private.1, doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
    doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
    umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
    doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
    zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
    doc/sourceforge_webpage/ecryptfs-article.pdf,
    doc/sourceforge_webpage/ecryptfs_design_doc_v0_1.pdf,
    doc/sourceforge_webpage/ecryptfs-faq.html,
    doc/sourceforge_webpage/ecryptfs-key-diagram-356.png,
    doc/sourceforge_webpage/ecryptfs-key-diagram-640.png,
    doc/sourceforge_webpage/ecryptfs-pageuptodate-call-graph.png,
    doc/sourceforge_webpage/ecryptfs-pam-doc.txt,
    doc/sourceforge_webpage/ecryptfs.pdf,
    doc/sourceforge_webpage/index.html, doc/sourceforge_webpage/README,
    === removed directory doc/manpage/fr, === removed directory
    doc/sourceforge_webpage, rpm/ecryptfs-utils.spec:
    - remove some deprecated documentation
    - fish it out of bzr, if we ever need it again, but let's
      quit publishing it in our release tarballs
  [ Kees Cook ]
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #938326
    - exit, rather than return to prevent duplicate processes
  [ Andreas Raster ]
  * src/desktop/ecryptfs-find:
    - $mounts was quoted once too often
  [ George Wilson ]
  * src/key_mod/ecryptfs_key_mod_openssl.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    src/key_mod/ecryptfs_key_mod_tspi.c: LP: #937331
    - IBM would like to grant a license exception for key modules that
      require linking to OpenSSL. The change should make the modules
      shippable by Linux distributions
  [ Dustin Kirkland ]
  * debian/copyright:
    - note the GPLv2 SSL exception granted by IBM for the key modules
  * debian/control, debian/copyright, doc/manpage/ecryptfs.7,
    doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
    doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
    manager.8, doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
    passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
    swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
    private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
    doc/manpage/ecryptfs-wrap-passphrase.1,
    doc/manpage/mount.ecryptfs.8, doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/pam_ecryptfs.8, doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1, README,
    src/utils/mount.ecryptfs.c:
    - use the new ecryptfs.org website where appropriate
  * debian/control:
    - update to suggest zescrow-client
  [ Sergio Peña ]
  * src/libecryptfs/cipher_list.c: LP: #922821
    - add the new name of the blowfish cipher (linux >= 3.2)
  * src/include/ecryptfs.h, src/libecryptfs/main.c,
    src/utils/mount.ecryptfs.c: LP: #917509
    - use execl() to mount ecryptfs
    - this allows us to support any arbitrary mount options in
      /etc/fstab
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7:
    - Remove the note saying that the passphrase and openssl key modules are
      available by default. That's true upstream but not always true in distro
      builds.
  * tests/run_tests.sh:
    - Make upper and lower mount point arguments optional by automatically
      creating directories in /tmp by default.
    - Make it possible to run only userspace tests without having to specify
      unused mount information
    - Accept a comma-separated list of lower filesystems to test on and loop
      through all kernel tests for each lower filesystem
    - Accept a comma-separated list of tests to run
  * tests/lib/etl_funcs.sh:
    - Unset $ETL_DISK just before etl_remove_disk() successfully returns
  * tests/userspace/Makefile.am:
    - Also build 'make check' tests when building with --enable-tests
  * include/ecryptfs.h, libecryptfs/Makefile.am,
    libecryptfs/cipher_list.c, libecryptfs/module_mgr.c,
    utils/io.h: LP: #994813
    - remove overly complicated implementation to detect what ciphers
      are supported by the currently running kernel's crypto api
    - prompt for the entire supported cipher list, if the user selects a
      cipher that their kernel doesn't support, the mount will fail
      and the kernel will write an error message to the syslog
  * src/libecryptfs/module_mgr.c:
    - Use correct blowfish block size when displaying supported ciphers to
      the user
  * tests/kernel/lp-1009207.sh, tests/kernel/Makefile.am,
    tests/kernel/tests.rc:
    - Add simple test case for incorrect handling of umask and default POSIX
      ACL masks
  * tests/kernel/lp-994247.sh, tests/kernel/lp-994247/test.c,
    tests/kernel/Makefile.am, tests/kernel/tests.rc:
    - Add test case for incorrect handling of open /dev/ecryptfs file
      descriptors that are passed or inherited by other processes
  [ Colin King ]
  * tests/lib/etl_funcs.sh:
    - etl_lumount() should use DST rather than SRC dir so it can run on Lucid
    - use file system appropriate mkfs force flag
    - cater for correct ext2 default mount flags
  * tests/kernel/lp-509180.sh, tests/kernel/lp-509180/test.c:
    - test for trailing garbage at end of files
  * tests/kernel/lp-524919.sh, tests/kernel/lp-524919/test.c:
    - test case for checking lstat/readlink size
  * tests/kernel/lp-870326.sh, tests/kernel/lp-870326/test.c:
    - test case for open(), mmap(), close(), modify mmap'd region
  * tests/kernel/lp-469664.sh:
    - test case for lsattr
  * tests/kernel/lp-613873.sh:
    - test case for stat modify time
  * tests/kernel/lp-745836.sh:
    - test case for clearing ECRYPTFS_NEW_FILE flag during truncate
  * tests/lib/etl_funcs.sh, tests/kernel/extend-file-random.sh,
    tests/kernel/trunc-file.sh (LP: #1007159):
    - Add test library function for estimating available space in lower fs
    - Use new library function in tests that need to create large files
  [ Colin Watson ]
  * src/utils/ecryptfs-setup-swap: Skip /dev/zram* swap devices
    LP: #979350
  [ Serge Hallyn ]
  * src/utils/mount.ecryptfs_private.c:
    - EoL fixes
  [ Dustin Kirkland ]
  * CONTRIBUTING:
    - added a new file to describe how to contribute to ecryptfs
  * === added directory img/old, img/old/ecryptfs_14.png,
    img/old/ecryptfs_192.png, img/old/ecryptfs_64.png:
    - saving the old logos/branding for posterity
  * debian/copyright, img/COPYING:
    - added CC-by-SA 3.0 license
    - use the text version
  * img/ecryptfs_14.png, img/ecryptfs_192.png, img/ecryptfs_64.png:
    - added scaled copies of images used for Launchpad.net branding
  * src/utils/ecryptfs-recover-private: LP: #847505
    - add an option to allow user to enter the mount passphrase,
      in case they've recorded that, but forgotten their login
      passphrase
  * src/libecryptfs/sysfs.c: LP: #802197
    - default sysfs to /sys, if not found in /etc/mtab
    - it seems that reading /etc/mtab for this is outdated
    - ensure that ecryptfs works even if there is no sysfs entry
      in /etc/mtab
  * src/key_mod/ecryptfs_key_mod_tspi.c: LP: #462225
    - fix TPM and string_to_uuid 64bits issue
    - thanks to Janos for the patch
  [ Tyler Hicks ]
  * CONTRIBUTING:
    - clarified how to contribute to the ecryptfs kernel module
  * tests/lib/etl_funcs.sh:
    - created eCryptfs test library of bash functions for use in test
      cases and test harnesses
  * test/etl_add_passphrase_key_to_keyring.c:
    - created a C helper program to allow bash scripts to interface to
      the libecryptfs function that adds passphrase-based keys to the
      kernel keyring
  * tests/kernel/tests.rc, tests/userspace/tests.rc:
    - created a test case category files for test harnesses to source
      when running testcases of a certain category (destructive, safe,
      etc.)
  * tests/run_tests.sh:
    - created a test harness to run eCryptfs test cases
  * tests/kernel/miscdev-bad-count.sh,
    tests/kernel/miscdev-bad-count/test.c:
    - created test case for miscdev issue reported to mailing list
  * tests/kernel/lp-885744.sh:
    - created test case for pathconf bug
  * tests/kernel/lp-926292.sh:
    - created test case for checking stale inode attrs after setxattr
  * tests/new.sh:
    - created new test case template to copy from
  * tests/userspace/verify-passphrase-sig.sh,
    tests/userspace/verify-passphrase-sig/test.c:
    - created test case, for make check, to test the creation of
      passphrase-based fekeks and signatures
  * configure.ac, Makefile.am, tests/Makefile.am, tests/lib/Makefile.am,
    tests/kernel/Makefile.am, tests/userspace/Makefile.am:
    - updated and created autoconf/automake files to build the new tests
      directory
    - added make check target
  [ Eddie Garcia ]
  * img/*: LP: #907131
    - contributing a new set of logos and branding under the CC-by-SA3.0
      license
  [ Colin King ]
  * tests/kernel/extend-file-random.sh,
    tests/kernel/extend-file-random/test.c:
    - Test to randomly extend file size, read/write + unlink
  * tests/kernel/trunc-file.sh, tests/kernel/trunc-file/test.c:
    - Test to exercise file truncation
  * tests/kernel/directory-concurrent.sh,
    tests/kernel/directory-concurrent/test.c:
    - test for directory creation/deletion races with multiple processes
  * tests/kernel/file-concurrent.sh,
    tests/kernel/file-concurrent/test.c:
    - test for file creation/truncation/unlink races with multiple
      processes
  * tests/kernel/inotify.sh, tests/kernel/inotify/test.c:
    - test for proper inotify support
  * tests/kernel/mmap-dir.sh, tests/kernel/mmap-dir/test.c:
    - test that directory files cannot be mmap'ed
  * tests/kernel/read-dir.sh, tests/kernel/read-dir/test.c:
    - test that read() on directory files returns the right error
  * tests/kernel/setattr-flush-dirty.sh:
    - test that the modified timestamp isn't clobbered in writeback
  * tests/kernel/inode-race-stat.sh, tests/kernel/inode-race-stat/test.c:
    - test for inode initialization race condition
  [ Serge Hallyn ]
  * fix infinite loop on arm: fgetc returns an int, and -1 at end of
    options. Arm makes char unsigned. (LP: #884407)
  [ Dustin Kirkland ]
  * debian/compat, debian/control, debian/ecryptfs-utils.install,
    debian/ecryptfs-utils.lintian-overrides,
    debian/libecryptfs0.install, debian/libecryptfs-dev.install,
    debian/lintian/ecryptfs-utils, debian/python-ecryptfs.install,
    debian/rules, debian/source/options, doc/ecryptfs-pam-doc.txt,
    doc/manpage/ecryptfs-setup-private.1, lintian/ecryptfs-utils, ===
    removed directory debian/lintian:
    - merge a bunch of packaging changes from Debian's Daniel Baumann
    - fixes LP: #800647
  * scripts/release.sh:
    - minor release fixes
  [ Dustin Kirkland ]
  * scripts/release.sh:
    - fix release script
    - bump ubuntu release
  * doc/manpage/ecryptfs-recover-private.1, src/utils/ecryptfs-migrate-
    home (properties changed: -x to +x), src/utils/ecryptfs-recover-
    private:
    - add a --rw option for ecryptfs-recover-private
  * src/utils/ecryptfs-migrate-home: LP: #820416
    - show progress on rsync
  * debian/ecryptfs-utils.ecryptfs-utils-restore.upstart,
    debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
    src/utils/ecryptfs-migrate-home,
    src/utils/ecryptfs-setup-private: LP: #883238
    - remove 2 upstart scripts, which attempted to "save" users who didn't
      login after migrating their home; instead, we now require the root
      user to enter user passwords at migration time
  * debian/copyright, debian/ecryptfs-utils.ecryptfs-utils-
    restore.upstart, debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
    doc/manpage/ecryptfs.7, doc/manpage/ecryptfs-add-passphrase.1,
    doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
    mount-private.1, doc/manpage/ecryptfs-recover-private.1,
    doc/manpage/ecryptfs-rewrap-passphrase.1, doc/manpage/ecryptfs-
    rewrite-file.1, doc/manpage/ecryptfs-setup-private.1,
    doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
    doc/manpage/ecryptfs-umount-private.1, doc/manpage/ecryptfs-unwrap-
    passphrase.1, doc/manpage/ecryptfs-wrap-passphrase.1,
    doc/manpage/fr/ecryptfs-add-passphrase.1, doc/manpage/fr/ecryptfs-
    generate-tpm-key.1, doc/manpage/fr/ecryptfs-insert-wrapped-
    passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-mount-private.1,
    doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
    doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
    umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
    doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
    zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
    doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
    doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1,
    src/pam_ecryptfs/pam_ecryptfs.c,
    src/utils/ecryptfs_add_passphrase.c,
    src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    src/utils/ecryptfs-migrate-home, src/utils/ecryptfs-mount-private,
    src/utils/ecryptfs-recover-private,
    src/utils/ecryptfs_rewrap_passphrase.c, src/utils/ecryptfs-rewrite-
    file, src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-
    swap, src/utils/ecryptfs-umount-private,
    src/utils/ecryptfs_unwrap_passphrase.c,
    src/utils/ecryptfs_wrap_passphrase.c:
    - update some email addresses, moving kirkland@canonical.com ->
      kirkland@ubuntu.com (which I can still read)
  * src/libecryptfs/key_management.c: LP: #715066
    - fix 2 places where we were handling
      ecryptfs_add_passphrase_key_to_keyring() inconsistently
    - if we're trying to add a key to the keyring, and it's already there,
      treat that as "success"
  * debian/control:
    - ecryptfs-setup-swap is strongly recommended, which depends on
      cryptsetup; so promote cryptsetup from suggests -> recommends
  [ Stephan Ritscher and Tyler Hicks ]
  * src/libecryptfs/cmd_ln_parser.c: LP: #683535
    - fix passphrase_passwd_fd for pipes
    - handle memory allocation failures
    - free memory in error paths
  [ Arfrever Frehtes Taifersar Arahesis ]
  * configure.ac: LP: #893327
    - no need to check for python, if --disable-pywrap is passed
  * src/utils/ecryptfs-verify, src/utils/Makefile.am:
    - add an ecryptfs-verify utility, LP: #845738
  * src/testcases/write-read.sh:
    - added a write/read test utility
  * doc/manpage/ecryptfs-mount-private.1, doc/manpage/ecryptfs-setup-
    private.1, doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/umount.ecryptfs_private.1: LP: #882267
    - remove inaccurate documentation about being a member of the ecryptfs
      group
  * src/utils/ecryptfs-setup-private: LP: #882314
    - fix preseeded encrypted home Ubuntu installations (thanks Timo!)
  * src/libecryptfs/key_management.c: LP: #725862
    - fix nasty bug affecting users who do *not* encrypt filenames;
      the first login works, but on logout, only one key gets
      cleaned out; subsequent logins do not insert the necessary key
      due to an early "goto out"; this fix needs to be SRU'd
  * debian/rules: LP: #586281
    - fix perms on desktop mount file
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #838471
    - rework syslogging to be less noisy and note pam_ecryptfs
  [ Diego E. "Flameeyes" Pettenò ]
  * configure.ac:
    - fix reliance on nss-config, which hinders cross-compilation
  [ Marc Deslauriers ]
  * src/utils/mount.ecryptfs_private.c:
  * SECURITY UPDATE: wrong mtab ownership and permissions (LP: #830850)
    - debian/patches/CVE-2011-3145.patch: also set gid and umask before
      updating mtab in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-3145
  [ Marc Deslauriers ]
  * SECURITY UPDATE: privilege escalation via mountpoint race conditions
    (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
      before checking permissions in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1831
    - CVE-2011-1832
  * SECURITY UPDATE: race condition when checking source during mount
    (LP: #732628)
    - debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
      kernel option when mounting directory in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1833
  * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
      file first and make sure it succeeds before replacing the real mtab
      in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1834
  * SECURITY UPDATE: key poisoning via insecure temp directory handling
    (LP: #732628)
    - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
      user controlled directory in src/utils/ecryptfs-setup-private.
    - CVE-2011-1835
  * SECURITY UPDATE: information disclosure via recovery mount in /tmp
    (LP: #732628)
    - debian/patches/CVE-2011-1836.patch: mount inside protected
      subdirectory in src/utils/ecryptfs-recover-private.
    - CVE-2011-1836
  * SECURITY UPDATE: arbitrary file overwrite via lock counter race
    condition (LP: #732628)
    - debian/patches/CVE-2011-1837.patch: verify permissions with a file
      descriptor, and don't follow symlinks in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1837
  [ Dustin Kirkland ]
  * debian/control:
    - add missing build dependency needed for release
  * doc/manpage/ecryptfs-wrap-passphrase.1: fix minor error in manpage
  * src/desktop/ecryptfs-find, src/desktop/Makefile.am: LP: #799157
    - add a tool, /usr/share/ecryptfs-utils/ecryptfs-find that can
      help find cleartext/encrypted filenames by inode number
  * src/desktop/ecryptfs-find:
    - test file exists first; ditch the match;
      search all ecryptfs mounts that user can read/traverse
  * debian/ecryptfs-utils.links:
    - add a symlink for Ubuntu
  * scripts/release.sh:
    - improve release script
  [ Serge Hallyn ]
  * Fix from Christophe Dumez: mount.ecryptfs_private: Do not attempt to
    update mtab if it is a symbolic link. (LP: #789888)
  * src/utils/mount.ecryptfs_private.c:
    - reduce the window size for the TOCTOU race;
      does not entirely solve LP: #732628, which is going to need to be
      fixed in the kernel with some heavy locking
  * debian/control: update urls
  * src/utils/ecryptfs-mount-private: LP: #725862
    - fix ecryptfs-mount-private to insert only the fek, if filename
      encryption is disabled
  [ Paolo Bonzini <pbonzini@redhat.com> ]
  * src/utils/ecryptfs-setup-private: update the Private.* selinux
    contexts
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-private:
    - add -p to mkdir, address noise for a non-error
    - must insert keys during testing phase, since we remove keys on
      unmount now, LP: #725862
  * src/utils/ecryptfs_rewrap_passphrase.c: confirm passphrases in
    interactive mode, LP: #667331
  [ Jakob Unterwurzacher ]
  * src/pam_ecryptfs/pam_ecryptfs.c:
    - check if this file exists and ask the user for the wrapping passphrase
      if it does
    - eliminate both ecryptfs_pam_wrapping_independent_set() and
      ecryptfs_pam_automount_set() and replace with a reusable
      file_exists_dotecryptfs() function
  [ Serge Hallyn and Dustin Kirkland ]
  * src/utils/mount.ecryptfs_private.c:
    - support multiple, user configurable private directories by way of
      a command line "alias" argument
    - this "alias" references a configuration file by the name of:
      $HOME/.ecryptfs/alias.conf, which is in an fstab(5) format,
      as well as $HOME/.ecryptfs/alias.sig, in the same format as
      Private.sig
    - if no argument specified, the utility operates in legacy mode,
      defaulting to "Private"
    - rename variables, s/dev/src/ and s/mnt/dest/
    - add a read_config() function
    - add an alias char* to replace the #defined ECRYPTFS_PRIVATE_DIR
    - this is half of the fix to LP: #615657
  * doc/manpage/mount.ecryptfs_private.1: document these changes
  * src/libecryptfs/main.c, src/utils/mount.ecryptfs_private.c:
    - allow umount.ecryptfs_private to succeed when the key is no
      longer in user keyring.
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-recover-private: clean sigs of invalid characters
  * src/utils/mount.ecryptfs_private.c:
    - fix bug LP: #313812, clear used keys on unmount
    - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from
      umount.ecryptfs behave similarly
    - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek
  [ presgas@gmail.com ]
  * src/utils/ecryptfs-migrate-home:
    - support user databases outside of /etc/passwd, LP: #627506
  * src/desktop/ecryptfs-record-passphrase: fix typo, LP: #524139
  * debian/rules, debian/control:
    - disable the gpg key module, as it's not yet functional
    - clean up unneeded build-deps
    - also, not using opencryptoki either
  * doc/manpage/ecryptfs.7: fix minor documentation bug, reported by
    email by Jon 'maddog' Hall
  * doc/manpage/ecryptfs-recover-private.1, doc/manpage/Makefile.am,
    po/POTFILES.in, src/utils/ecryptfs-recover-private,
    src/utils/Makefile.am: add a utility to simplify data recovery
    of an encrypted private directory from a Live ISO, LP: #689969
  [ David Planella ]
  * Makefile.am, configure.ac, debian/control, debian/po/POTFILES.sh,
    debian/po/ecryptfs-utils.pot, debian/po/fr.po, debian/rules,
    po/POTFILES.in, src/desktop/Makefile.am,
    src/desktop/ecryptfs-mount-private.desktop,
    src/desktop/ecryptfs-mount-private.desktop.in,
    src/desktop/ecryptfs-record-passphrase,
    src/desktop/ecryptfs-setup-private.desktop,
    src/desktop/ecryptfs-setup-private.desktop.in:
    - internationalization work for LP: #358283
  * po/LINGUAS, po/ca.po: Catalan translation
  [ Yan Li <yan.i.li@intel.com> ]
  * src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/ecryptfs-migrate-home: add a script and pam hooks to
    support automatic migration to encrypted home directory
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-migrate-home: clean up for merge
    - use $() rather than ``
    - drop set -u
    - use = and !=, and quote vars, rather than testing with -ne, -eq,
      for better shell portability
    - improve usage statement and error text
    - check if already encrypted
    - handle migration of multiple users on boot
    - fix all whitespace, use tabs for indents
    - use quotes around variables, rather than ${} (stylistic preference)
    - major simplification for immediate release
      + remove boot and user modes; only support administrator mode for
        security reasons and to avoid race conditions
      + other modes can be re-added, if necessary, and if security
        concerns can be addressed
    - ensure running as root
    - drop VERBOSE option, always print useful info messages
    - call the user $USER_NAME rather than $USER_ID since id implies
      number, and here we're deailing with names
    - no decimals on awk calculation
    - mktemp on the target user, not root
    - check that there is enough disk space available to do the migration
    - ensure the user's homedir group is correct
    - add critical instructions, user *must* login after the migration and
      before the reboot, as their wrapped passphrase will be cleared on
      reboot (possible we should use an init script to move these to
      /var/tmp on reboot)
    - ensure permissions are set correctly
    - improve text at the end of the migration, organize into notes
  * ecryptfs-utils.ecryptfs-utils-restore.upstart,
    ecryptfs-utils.ecryptfs-utils-save.upstart, rules:
    - try to protect migrating users who don't login before the next reboot
  * debian/ecryptfs-utils.install: install the locale messages
  * src/desktop/ecryptfs-record-passphrase: improve dialog text
  * src/desktop/ecryptfs-record-passphrase: revert the _ bit, as it's not quite
    working yet, will need to talk to David to fix
  * src/utils/ecryptfs-setup-private: fix bug where setup-private
    incorrectly assumed that the home/private dir ownerships should
    be owned by USER:USER; instead, default to USER:GROUP, where
    GROUP is the USER's primary group by default, LP: #445301
  * src/utils/ecryptfs-setup-private, debian/control: LP: #456565
    - fix typo, s/getext/gettext
    - depend on gettext-base
  * src/utils/ecryptfs-setup-private: fix printing of error strings,
    which was broken by the gettext integration, LP: #471725;
    in doing so, use $() in place of ``, use '' for gettext arguments,
    and wrap gettext in "", like this: foo="$(gettext 'blah blah')"
  * debian/control: one package per line, helps tremendously when looking
    at diffs
  * debian/copyright: Add new fields
  * debian/ecryptfs-utils.postinst: minor set -e change
  [ Michael Terry ]
  * src/utils/ecryptfs-setup=swap: clean up some error message reporting,
    LP: #430891, #430890
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs.7: note the 64-char passphrase limit, LP: #386504
  * src/utils/ecryptfs-setup-private: minor documentation change
  [ Evan Dandrea ]
  * src/utils/ecryptfs-setup-swap: allow for setting up encrpyted swap,
    without activating it immediately, necessary for livecd installations
  [ Dustin Kirkland ]
  * debian/control: updated bzr and browser urls, bumped standards version
  * src/pam_ecryptfs/pam_ecryptfs.c: silence useless, oft-shown info
    message
  * src/utils/ecryptfs-mount-private, src/utils/ecryptfs-rewrite-file,
    src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-swap,
    src/utils/ecryptfs-umount-private: use gettext for all string printing,
    such that we can internationalize ecryptfs
  * po/POTFILES.sh, po/ecryptfs-utils.pot, po/fr.po, rules: add po to the
    build system; for now, in the debian/ directory; this should be put in
    the upstream source tree eventually (but I need some help with the
    automake/autoconf integration)
  * ecryptfs-setup-swap: exit(0) if there's no swaps to encrypt, ensures
    that this script succeeds if there is no swap space that needs to be
    secured, or if the existing swap space is already secured
  * doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
    doc/manpage/umount.ecryptfs.8, doc/manpage/Makefile.am: added manpagess
  * doc/manpage/ecryptfs.7: fix lintian warning
  * debian/lintian/ecryptfs-utils: added a lintian overrides file
  * debian/lintian/ecryptfs-utils, debian/ecryptfs-utils.install: add and
    install some proper lintian overrides
  * src/libecryptfs/module_mgr.c: fix typo, LP: #408437
  [ Evan Dandrea ]
  * ecryptfs-setup-swap: support more than one encrypted swap device
  [ Dorin Scutarașu ]
  * src/libecryptfs/key_management.c: fix null pointer deref, LP: #409565
  [ James Westby ]
  * src/libecryptfs/main.c flockfile the filehandle after checking that
    we were able to successfully open it (LP: #403011)
  * debian/libecryptfs0.shlibs: bump shlibs dep to 77 since we added new
    symbols there
  [ Dustin Kirkland ]
  * src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c:
    revert the zombie code removal from pam_ecryptfs as it seems this
    bit is still needed; fix the source of the problem introduced in
    commit r407; check for non-zero return codes; this problem would
    manifest itself as a) unable to unlock screensaver, b) unable to
    switch users, c) unable to mount home folder on initial login;
    LP: #402222, #402029
  * src/utils/ecryptfs-umount-private: use for loop to loop over key
    ids on removal
  * src/utils/mount.ecryptfs_private.c: return non-zero on unmount failure
    due to open sessions; handle this in ecryptfs-umount-private too; make
    the flock() blocking; use /dev/shm for counter; add an iterator to the
    counter file to prevent users from DoS'ing one another from accessing
    their encrypted directories, LP: #402745
  * debian/ecryptfs-utils.postinst: move /tmp counters to /dev/shm
  * configure.ac: link against pam, silence shlib warning
  * src/include/ecryptfs.h, src/libecryptfs/main.c,
    src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/mount.ecryptfs_private.c: move two functions from
    mount.ecryptfs_private to libecryptfs, namely is_mounted() and
    fetch_private_mnt(); use these in both pam_ecryptfs and
    mount.ecryptfs_private; also move PRIVATE to ECRYPTFS_PRIVATE in
    the ecryptfs.h headers; this will allow us to short-circuit some of the
    costly key-loading code on pam_auth if the private dir is already
    mounted, speeding up some subsequent authentications significantly,
    LP: #402748
  * doc/ecryptfs-mount-private.txt: removed the "$" to make copy-n-paste
    more user friendly
  * src/utils/ecryptfs-setup-private: when encrypting home, put the
    .ecryptfs and .Private data in /home/.ecryptfs rather than /var/lib,
    as users are forgetting to backup /var/lib, and are often putting
    /home on a separate partition; furthermore, this gives users a place
    to access their encrypted data for backup, rather than hiding the
    data below $HOME, LP: #371719
  [ Tyler Hicks ]
  * src/libecryptfs/cipher_list.c, src/libecryptfs/module_mgr.c:
    add blowfish/56-bytes to the list of ciphers we officially support,
    LP: #402790
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-swap: switch from vol_id to blkid,
    LP: #376486
  * debian/ecryptfs-utils.postinst, src/utils/ecryptfs-setup-private:
    don't echo mount passphrase if running in bootstrap mode; prune
    potential leakages from install log, LP: #383650
  * SECURITY UPDATE: mount passphrase recorded in install log (LP: #383650).
    - debian/ecryptfs-utils.postinst: prune private information from
      installer log
    - src/utils/ecryptfs-setup-private: don't echo passphrase if running in
      bootstrap mode
    - CVE-2009-1296
  * src/utils/ecryptfs-setup-private: make some of the lanuage more readable,
    (thanks, anrxc)
  * README, configure.ac, debian/control, debian/rules,
    doc/sourceforge_webpage/README, src/libecryptfs-swig/libecryptfs.py,
    src/libecryptfs-swig/libecryptfs_wrap.c,
    src/libecryptfs/key_management.c, src/libecryptfs/libecryptfs.pc.in,
    src/libecryptfs/main.c, src/pam_ecryptfs/Makefile.am,
    src/utils/manager.c, src/utils/mount.ecryptfs.c: move build from gcrypt
    to nss (this change has been pending for some time)
  * src/utils/ecryptfs-dot-private: dropped, was too hacky
  * ecryptfs-mount-private.1, ecryptfs-setup-private.1: align the
    documentation and implementation of the wrapping-independent feature,
    LP: #383746
  * src/utils/ecryptfs-umount-private: use keyctl list @u, since keyctl show
    stopped working, LP: #400484, #395082
  * src/utils/mount.ecryptfs_private.c: fix counter file locking; solves
    a longstanding bug about "random" umount caused by cronjobs, LP: #358573
  [ Michal Hlavinka (edits by Dustin Kirkland) ]
  * doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs.7,
    doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/umount.ecryptfs_private.1: documentation updated to note
    possible ecryptfs group membership requirements; Fix ecrypfs.7 man
    page and key_mod_openssl's error message; fix typo
  * src/libecryptfs/decision_graph.c: put a finite limit (5 tries) on
    interactive input; fix memory leaks when asking questions
  * src/libecryptfs/module_mgr.c: Don't error out with EINVAL when
    verbosity=0 and some options are missing.
  * src/utils/umount.ecryptfs.c: no error for missing key when removing it
  * src/libecryptfs-swig/libecryptfs.i: fix compile werror, cast char*
  * src/utils/ecryptfs_add_passphrase.c: fix/test/use return codes;
    return nonzero for --fnek when not supported but used
  * src/include/ecryptfs.h, src/key_mod/ecryptfs_key_mod_openssl.c,
    src/libecryptfs/module_mgr.c: refuse mounting with too small rsa
    key (key_mod_openssl)
  * src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c: fix return
    codes
  * src/utils/ecryptfs-rewrite-file: polish output
  * src/libecryptfs/key_management.c: inform about full keyring; insert fnek
    sig into keyring if fnek support check fails; don't fail if key already
    exists in keyring
  * src/utils/ecryptfs-setup-private: if the ecryptfs group exists, restrict
    ecryptfs-setup-private to members of this group
  * src/pam_ecryptfs/pam_ecryptfs.c: dynamically load ecryptfs module by
    checking ecryptfs version
  * src/libecryptfs/decision_graph.c, src/utils/io.c,
    src/utils/mount.ecryptfs.c: fix EOF handling, LP: #371587
  * src/desktop/Makefile.am: make desktop files trusted, LP: #371426
  [ Dustin Kirkland and Daniel Baumann ]
  * debian/control, debian/copyright, debian/ecryptfs-utils.dirs,
    debian/ecryptfs-utils.install, debian/ecryptfs-utils.postinst,
    debian/rules, ecryptfs-utils.pam-auth-update: sync Ubuntu's
    packaging with Debian; drop dpatch, drop libssl build dep, clean
    up extraneous debhelper bits, match cflags; remaining diff is only
    ecryptfs-utils.prerm
  [ Arfrever Frehtes Taifersar Arahesis ]
  * key_mod/ecryptfs_key_mod_gpg.c,
    key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    libecryptfs/key_management.c, utils/ecryptfs_unwrap_passphrase.c:
    Fix warnings, initialize a few variables, drop unused ones
  [ David Hicks ]
  * src/lib/key_management.c: fix stray semicolon that prevents .ecryptfsrc
    files from working properly, LP: #372709
  [ Michael Rooney ]
  * src/python/ecryptfsapi.py: added python api
  [ Dustin Kirkland ]
  * debian/rules: drop hackery that moves stuff /usr/share/ecryptfs-utils
  * src/utils/mount.ecryptfs_private.c: update inline documentation
  * debian/changelog, src/libecryptfs/cmd_ln_parser.c,
    src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c,
    src/utils/ecryptfs_add_passphrase.c,
    src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    src/utils/ecryptfs_rewrap_passphrase.c,
    src/utils/ecryptfs_unwrap_passphrase.c,
    src/utils/ecryptfs_wrap_passphrase.c: silence some useless logging,
    LP: #313330
  * include/ecryptfs.h, libecryptfs/key_management.c,
    utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    utils/ecryptfs_unwrap_passphrase.c: if the file to unwrap is
    unspecified, try to use the default ~/.ecryptfs/wrapped-passphrase
    before bailing out, LP: #359997
  * src/utils/ecryptfs-setup-private: unix_chkpwd is not always present
    (eg, gentoo), LP: #332341
  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7: ecryptfs_encrypted_view option desription
    was wrong LP: #328761
  [ Michal Hlavinka ]
  * decision_graph.c: fix uninitialized return code
  * mount.ecryptfs.c: don't pass verbosity option to kernel
  [ anrxc & Dustin Kirkland ]
  * doc/Makefile.am, src/desktop/Makefile.am: fix automake installation from
    /usr/share to /usr/share/ecryptfs-utils
  [ Daniel Baumann & Dustin Kirkland ]
  * debian/rules, debian/control: sync differences between Debian & Ubuntu's
    packaging
  [ Arfrever Frehtes Taifersar Arahesis ]
  * src/key_mod/ecryptfs_key_mod_gpg.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c: fix implicit declations
  [ Frédéric Guihéry ]
  * key_mod/ecryptfs_key_mod_tspi.c, utils/ecryptfs_generate_tpm_key.c:
    the SRK password should be set to 20 bytes of NULL (wellknown
    password), in order for different tools to request key protection
    with the Storage Root Key
  [ Michal Hlavinka ]
  * Changes for RH/Fedora release
    - change error codes to be more descriptive
    - decision_graph.h, *: change definition of node return codes to positive
      values
    - mount.ecryptfs.c: insist for yes/no answer for unkown sigs
    - don't print error for removing key from keyring if it succeeded
    - module_mgr.c: insist on yes/no answer
    - use ECRYPTFS_NONEMPTY_VALUE_REQUIRED where reasonable
    - pam_ecryptfs.c: don't try to unwrap key for users not using pam mounting
    - add verbosity to man page
    - decision_graph.* : add ECRYPTFS_NONEMPTY_VALUE_REQUIRED flag for nodes
    - decision_graph.* : add WRONG_VALUE return code to nodes for asking
      question again
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-private: fix bug in grep when running with LANG
    in other locales, LP: #347969
  * doc/manpage/ecryptfs.7: add notes about verbose option
  * src/desktop: add the desktop files to the dist tarball
  * src/utils/ecryptfs-dot-private: sourceable file for accessing your
    encrypted data; useful for conducting backups
  [ Martin Pitt and Dustin Kirkland ]
  Reworked the fixes for LP: #352307, remind user to record their passphrase
  * src/desktop/ecryptfs-record-passphrase: run if
    ~/.ecryptfs/.wrapped-passphrase.recorded does NOT exist; touch that
    file upon successful run of unwrap passphrase
  * debian/patches/00list,
    debian/patches/update-notifier-remind-passphrase.dpatch: dropped, since
    this was moved into PAM

ubuntu/precise 2012-04-18 16:34:12 UTC 2012-04-18
Import patches-unapplied version 96-0ubuntu3 to ubuntu/precise

Author: Colin Watson
Author Date: 2012-04-18 14:52:45 UTC

Import patches-unapplied version 96-0ubuntu3 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: 2871e929540143c5af32878cb7cf2e0f23f2a373

New changelog entries:
  * src/utils/ecryptfs-setup-swap: Skip /dev/zram* swap devices
    (LP: #979350).

applied/debian/lenny 2012-03-10 15:11:19 UTC 2012-03-10
Import patches-applied version 68-1+lenny1 to applied/debian/lenny

Author: Jonathan Wiltshire
Author Date: 2012-01-06 20:36:51 UTC

Import patches-applied version 68-1+lenny1 to applied/debian/lenny

Imported using git-ubuntu import.

Changelog parent: ec12d38df6c7a99a32c0d8d104dc9c8c4ebb6532
Unapplied parent: 9b17f5efbe30ea3ae06760726b0262093677fa91

New changelog entries:
  * Non-maintainer upload by the security team.
  * Various security fixes in src/utils/mount.ecryptfs_private.c:
    - chdir into mountpoint before checking permissions in (CVE-2011-1831,
      CVE-2011-1832)
    - modify mtab via a temp file first and make sure it succeeds before
      replacing the real mtab (CVE-2011-1834)
    - make sure we don't copy into a user controlled directory (CVE-2011-1835)
    - also set gid and umask before updating mtab (CVE-2011-3145)

debian/lenny 2012-03-10 15:11:19 UTC 2012-03-10
Import patches-unapplied version 68-1+lenny1 to debian/lenny

Author: Jonathan Wiltshire
Author Date: 2012-01-06 20:36:51 UTC

Import patches-unapplied version 68-1+lenny1 to debian/lenny

Imported using git-ubuntu import.

Changelog parent: 1db1b5286ae2913165ed23b3c936a77991b61665

New changelog entries:
  * Non-maintainer upload by the security team.
  * Various security fixes in src/utils/mount.ecryptfs_private.c:
    - chdir into mountpoint before checking permissions in (CVE-2011-1831,
      CVE-2011-1832)
    - modify mtab via a temp file first and make sure it succeeds before
      replacing the real mtab (CVE-2011-1834)
    - make sure we don't copy into a user controlled directory (CVE-2011-1835)
    - also set gid and umask before updating mtab (CVE-2011-3145)

applied/debian/squeeze 2012-01-28 15:16:44 UTC 2012-01-28
Import patches-applied version 83-4+squeeze1 to applied/debian/squeeze

Author: Jonathan Wiltshire
Author Date: 2012-01-04 22:01:03 UTC

Import patches-applied version 83-4+squeeze1 to applied/debian/squeeze

Imported using git-ubuntu import.

Changelog parent: a448b7689b4ef6ed01c163b3eb4e9a0902cd2b1a
Unapplied parent: 868a5a6e3e04186fc9d59febc223657d50c7b929

New changelog entries:
  * Non-maintainer upload by the security team.
  * Various security fixes:
    - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
      before checking permissions in src/utils/mount.ecryptfs_private.c.
      (CVE-2011-1831, CVE-2011-1832)
    - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
      file first and make sure it succeeds before replacing the real mtab
      in src/utils/mount.ecryptfs_private.c. (CVE-2011-1834)
    - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
      user controlled directory in src/utils/ecryptfs-setup-private.
      (CVE-2011-1835)
    - debian/patches/CVE-2011-1837.patch: verify permissions with a file
      descriptor, and don't follow symlinks in
      src/utils/mount.ecryptfs_private.c. (CVE-2011-1837)
    - debian/patches/CVE-2011-3145.patch: also set gid and umask before
      updating mtab in src/utils/mount.ecryptfs_private.c. (CVE-2011-3145)

debian/squeeze 2012-01-28 15:16:44 UTC 2012-01-28
Import patches-unapplied version 83-4+squeeze1 to debian/squeeze

Author: Jonathan Wiltshire
Author Date: 2012-01-04 22:01:03 UTC

Import patches-unapplied version 83-4+squeeze1 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 8154dc05075cbf84af3ba9f66b349b842c579d85

New changelog entries:
  * Non-maintainer upload by the security team.
  * Various security fixes:
    - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
      before checking permissions in src/utils/mount.ecryptfs_private.c.
      (CVE-2011-1831, CVE-2011-1832)
    - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
      file first and make sure it succeeds before replacing the real mtab
      in src/utils/mount.ecryptfs_private.c. (CVE-2011-1834)
    - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
      user controlled directory in src/utils/ecryptfs-setup-private.
      (CVE-2011-1835)
    - debian/patches/CVE-2011-1837.patch: verify permissions with a file
      descriptor, and don't follow symlinks in
      src/utils/mount.ecryptfs_private.c. (CVE-2011-1837)
    - debian/patches/CVE-2011-3145.patch: also set gid and umask before
      updating mtab in src/utils/mount.ecryptfs_private.c. (CVE-2011-3145)

ubuntu/maverick-proposed 2011-09-06 17:04:27 UTC 2011-09-06
Import patches-unapplied version 83-0ubuntu3.2.10.10.3 to ubuntu/maverick-pro...

Author: Dustin Kirkland 
Author Date: 2011-09-02 22:46:45 UTC

Import patches-unapplied version 83-0ubuntu3.2.10.10.3 to ubuntu/maverick-proposed

Imported using git-ubuntu import.

Changelog parent: 9a902b036981a121ff27451a6f1f41d82a590a74

New changelog entries:
  * src/libecryptfs/key_management.c: LP: #725862
    - fix nasty bug affecting users who do *not* encrypt filenames;
      the first login works, but on logout, only one key gets
      cleaned out; subsequent logins do not insert the necessary key
      due to an early "goto out"

ubuntu/natty-updates 2011-09-06 17:04:27 UTC 2011-09-06
Import patches-unapplied version 87-0ubuntu1.3 to ubuntu/natty-proposed

Author: Dustin Kirkland 
Author Date: 2011-09-02 22:47:19 UTC

Import patches-unapplied version 87-0ubuntu1.3 to ubuntu/natty-proposed

Imported using git-ubuntu import.

Changelog parent: 58fe9d19fda54d26396fd374f48610da97d7079e

New changelog entries:
  * src/libecryptfs/key_management.c: LP: #725862
    - fix nasty bug affecting users who do *not* encrypt filenames;
      the first login works, but on logout, only one key gets
      cleaned out; subsequent logins do not insert the necessary key
      due to an early "goto out"

ubuntu/natty-proposed 2011-09-06 17:04:27 UTC 2011-09-06
Import patches-unapplied version 87-0ubuntu1.3 to ubuntu/natty-proposed

Author: Dustin Kirkland 
Author Date: 2011-09-02 22:47:19 UTC

Import patches-unapplied version 87-0ubuntu1.3 to ubuntu/natty-proposed

Imported using git-ubuntu import.

Changelog parent: 58fe9d19fda54d26396fd374f48610da97d7079e

New changelog entries:
  * src/libecryptfs/key_management.c: LP: #725862
    - fix nasty bug affecting users who do *not* encrypt filenames;
      the first login works, but on logout, only one key gets
      cleaned out; subsequent logins do not insert the necessary key
      due to an early "goto out"

ubuntu/natty-devel 2011-09-06 17:04:27 UTC 2011-09-06
Import patches-unapplied version 87-0ubuntu1.3 to ubuntu/natty-proposed

Author: Dustin Kirkland 
Author Date: 2011-09-02 22:47:19 UTC

Import patches-unapplied version 87-0ubuntu1.3 to ubuntu/natty-proposed

Imported using git-ubuntu import.

Changelog parent: 58fe9d19fda54d26396fd374f48610da97d7079e

New changelog entries:
  * src/libecryptfs/key_management.c: LP: #725862
    - fix nasty bug affecting users who do *not* encrypt filenames;
      the first login works, but on logout, only one key gets
      cleaned out; subsequent logins do not insert the necessary key
      due to an early "goto out"

ubuntu/lucid-proposed 2011-09-06 17:04:27 UTC 2011-09-06
Import patches-unapplied version 83-0ubuntu3.2.10.04.3 to ubuntu/lucid-proposed

Author: Dustin Kirkland 
Author Date: 2011-09-02 22:47:02 UTC

Import patches-unapplied version 83-0ubuntu3.2.10.04.3 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: b684a093bb03fb06448b7bc29ce7729f3fcbbabf

New changelog entries:
  * src/libecryptfs/key_management.c: LP: #725862
    - fix nasty bug affecting users who do *not* encrypt filenames;
      the first login works, but on logout, only one key gets
      cleaned out; subsequent logins do not insert the necessary key
      due to an early "goto out"

ubuntu/maverick-devel 2011-09-06 17:04:27 UTC 2011-09-06
Import patches-unapplied version 83-0ubuntu3.2.10.10.3 to ubuntu/maverick-pro...

Author: Dustin Kirkland 
Author Date: 2011-09-02 22:46:45 UTC

Import patches-unapplied version 83-0ubuntu3.2.10.10.3 to ubuntu/maverick-proposed

Imported using git-ubuntu import.

Changelog parent: 9a902b036981a121ff27451a6f1f41d82a590a74

New changelog entries:
  * src/libecryptfs/key_management.c: LP: #725862
    - fix nasty bug affecting users who do *not* encrypt filenames;
      the first login works, but on logout, only one key gets
      cleaned out; subsequent logins do not insert the necessary key
      due to an early "goto out"

ubuntu/oneiric 2011-09-01 22:03:52 UTC 2011-09-01
Import patches-unapplied version 92-0ubuntu1 to ubuntu/oneiric

Author: Dustin Kirkland 
Author Date: 2011-09-01 21:25:03 UTC

Import patches-unapplied version 92-0ubuntu1 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: dd52703b628dbc7ba718e7d068506782c275f428

New changelog entries:
  * src/libecryptfs/key_management.c: LP: #725862
    - fix nasty bug affecting users who do *not* encrypt filenames;
      the first login works, but on logout, only one key gets
      cleaned out; subsequent logins do not insert the necessary key
      due to an early "goto out"; this fix needs to be SRU'd
  * debian/rules: LP: #586281
    - fix perms on desktop mount file
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #838471
    - rework syslogging to be less noisy and note pam_ecryptfs
  [ Diego E. "Flameeyes" Pettenò ]
  * configure.ac:
    - fix reliance on nss-config, which hinders cross-compilation
  [ Marc Deslauriers ]
  * src/utils/mount.ecryptfs_private.c:
  * SECURITY UPDATE: wrong mtab ownership and permissions (LP: #830850)
    - debian/patches/CVE-2011-3145.patch: also set gid and umask before
      updating mtab in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-3145
  [ Marc Deslauriers ]
  * SECURITY UPDATE: privilege escalation via mountpoint race conditions
    (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
      before checking permissions in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1831
    - CVE-2011-1832
  * SECURITY UPDATE: race condition when checking source during mount
    (LP: #732628)
    - debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
      kernel option when mounting directory in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1833
  * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
      file first and make sure it succeeds before replacing the real mtab
      in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1834
  * SECURITY UPDATE: key poisoning via insecure temp directory handling
    (LP: #732628)
    - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
      user controlled directory in src/utils/ecryptfs-setup-private.
    - CVE-2011-1835
  * SECURITY UPDATE: information disclosure via recovery mount in /tmp
    (LP: #732628)
    - debian/patches/CVE-2011-1836.patch: mount inside protected
      subdirectory in src/utils/ecryptfs-recover-private.
    - CVE-2011-1836
  * SECURITY UPDATE: arbitrary file overwrite via lock counter race
    condition (LP: #732628)
    - debian/patches/CVE-2011-1837.patch: verify permissions with a file
      descriptor, and don't follow symlinks in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1837
  [ Dustin Kirkland ]
  * debian/control:
    - add missing build dependency needed for release
  * doc/manpage/ecryptfs-wrap-passphrase.1: fix minor error in manpage
  * src/desktop/ecryptfs-find, src/desktop/Makefile.am: LP: #799157
    - add a tool, /usr/share/ecryptfs-utils/ecryptfs-find that can
      help find cleartext/encrypted filenames by inode number
  * src/desktop/ecryptfs-find:
    - test file exists first; ditch the match;
      search all ecryptfs mounts that user can read/traverse
  * debian/ecryptfs-utils.links:
    - add a symlink for Ubuntu
  * scripts/release.sh:
    - improve release script
  [ Serge Hallyn ]
  * Fix from Christophe Dumez: mount.ecryptfs_private: Do not attempt to
    update mtab if it is a symbolic link. (LP: #789888)
  * src/utils/mount.ecryptfs_private.c:
    - reduce the window size for the TOCTOU race;
      does not entirely solve LP: #732628, which is going to need to be
      fixed in the kernel with some heavy locking
  * debian/control: update urls
  * src/utils/ecryptfs-mount-private: LP: #725862
    - fix ecryptfs-mount-private to insert only the fek, if filename
      encryption is disabled
  [ Paolo Bonzini <pbonzini@redhat.com> ]
  * src/utils/ecryptfs-setup-private: update the Private.* selinux
    contexts
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-private:
    - add -p to mkdir, address noise for a non-error
    - must insert keys during testing phase, since we remove keys on
      unmount now, LP: #725862
  * src/utils/ecryptfs_rewrap_passphrase.c: confirm passphrases in
    interactive mode, LP: #667331
  [ Jakob Unterwurzacher ]
  * src/pam_ecryptfs/pam_ecryptfs.c:
    - check if this file exists and ask the user for the wrapping passphrase
      if it does
    - eliminate both ecryptfs_pam_wrapping_independent_set() and
      ecryptfs_pam_automount_set() and replace with a reusable
      file_exists_dotecryptfs() function
  [ Serge Hallyn and Dustin Kirkland ]
  * src/utils/mount.ecryptfs_private.c:
    - support multiple, user configurable private directories by way of
      a command line "alias" argument
    - this "alias" references a configuration file by the name of:
      $HOME/.ecryptfs/alias.conf, which is in an fstab(5) format,
      as well as $HOME/.ecryptfs/alias.sig, in the same format as
      Private.sig
    - if no argument specified, the utility operates in legacy mode,
      defaulting to "Private"
    - rename variables, s/dev/src/ and s/mnt/dest/
    - add a read_config() function
    - add an alias char* to replace the #defined ECRYPTFS_PRIVATE_DIR
    - this is half of the fix to LP: #615657
  * doc/manpage/mount.ecryptfs_private.1: document these changes
  * src/libecryptfs/main.c, src/utils/mount.ecryptfs_private.c:
    - allow umount.ecryptfs_private to succeed when the key is no
      longer in user keyring.
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-recover-private: clean sigs of invalid characters
  * src/utils/mount.ecryptfs_private.c:
    - fix bug LP: #313812, clear used keys on unmount
    - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from
      umount.ecryptfs behave similarly
    - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek
  [ presgas@gmail.com ]
  * src/utils/ecryptfs-migrate-home:
    - support user databases outside of /etc/passwd, LP: #627506
  * src/desktop/ecryptfs-record-passphrase: fix typo, LP: #524139
  * debian/rules, debian/control:
    - disable the gpg key module, as it's not yet functional
    - clean up unneeded build-deps
    - also, not using opencryptoki either
  * doc/manpage/ecryptfs.7: fix minor documentation bug, reported by
    email by Jon 'maddog' Hall
  * doc/manpage/ecryptfs-recover-private.1, doc/manpage/Makefile.am,
    po/POTFILES.in, src/utils/ecryptfs-recover-private,
    src/utils/Makefile.am: add a utility to simplify data recovery
    of an encrypted private directory from a Live ISO, LP: #689969
  [ David Planella ]
  * Makefile.am, configure.ac, debian/control, debian/po/POTFILES.sh,
    debian/po/ecryptfs-utils.pot, debian/po/fr.po, debian/rules,
    po/POTFILES.in, src/desktop/Makefile.am,
    src/desktop/ecryptfs-mount-private.desktop,
    src/desktop/ecryptfs-mount-private.desktop.in,
    src/desktop/ecryptfs-record-passphrase,
    src/desktop/ecryptfs-setup-private.desktop,
    src/desktop/ecryptfs-setup-private.desktop.in:
    - internationalization work for LP: #358283
  * po/LINGUAS, po/ca.po: Catalan translation
  [ Yan Li <yan.i.li@intel.com> ]
  * src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/ecryptfs-migrate-home: add a script and pam hooks to
    support automatic migration to encrypted home directory
  [ Dustin Kirkland ]
  * src/utils/ecryptfs-migrate-home: clean up for merge
    - use $() rather than ``
    - drop set -u
    - use = and !=, and quote vars, rather than testing with -ne, -eq,
      for better shell portability
    - improve usage statement and error text
    - check if already encrypted
    - handle migration of multiple users on boot
    - fix all whitespace, use tabs for indents
    - use quotes around variables, rather than ${} (stylistic preference)
    - major simplification for immediate release
      + remove boot and user modes; only support administrator mode for
        security reasons and to avoid race conditions
      + other modes can be re-added, if necessary, and if security
        concerns can be addressed
    - ensure running as root
    - drop VERBOSE option, always print useful info messages
    - call the user $USER_NAME rather than $USER_ID since id implies
      number, and here we're deailing with names
    - no decimals on awk calculation
    - mktemp on the target user, not root
    - check that there is enough disk space available to do the migration
    - ensure the user's homedir group is correct
    - add critical instructions, user *must* login after the migration and
      before the reboot, as their wrapped passphrase will be cleared on
      reboot (possible we should use an init script to move these to
      /var/tmp on reboot)
    - ensure permissions are set correctly
    - improve text at the end of the migration, organize into notes
  * ecryptfs-utils.ecryptfs-utils-restore.upstart,
    ecryptfs-utils.ecryptfs-utils-save.upstart, rules:
    - try to protect migrating users who don't login before the next reboot
  * debian/ecryptfs-utils.install: install the locale messages
  * src/desktop/ecryptfs-record-passphrase: improve dialog text
  * src/desktop/ecryptfs-record-passphrase: revert the _ bit, as it's not quite
    working yet, will need to talk to David to fix
  * src/utils/ecryptfs-setup-private: fix bug where setup-private
    incorrectly assumed that the home/private dir ownerships should
    be owned by USER:USER; instead, default to USER:GROUP, where
    GROUP is the USER's primary group by default, LP: #445301
  * src/utils/ecryptfs-setup-private, debian/control: LP: #456565
    - fix typo, s/getext/gettext
    - depend on gettext-base
  * src/utils/ecryptfs-setup-private: fix printing of error strings,
    which was broken by the gettext integration, LP: #471725;
    in doing so, use $() in place of ``, use '' for gettext arguments,
    and wrap gettext in "", like this: foo="$(gettext 'blah blah')"
  * debian/control: one package per line, helps tremendously when looking
    at diffs
  * debian/copyright: Add new fields
  * debian/ecryptfs-utils.postinst: minor set -e change
  [ Michael Terry ]
  * src/utils/ecryptfs-setup=swap: clean up some error message reporting,
    LP: #430891, #430890
  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs.7: note the 64-char passphrase limit, LP: #386504
  * src/utils/ecryptfs-setup-private: minor documentation change
  [ Evan Dandrea ]
  * src/utils/ecryptfs-setup-swap: allow for setting up encrpyted swap,
    without activating it immediately, necessary for livecd installations
  [ Dustin Kirkland ]
  * debian/control: updated bzr and browser urls, bumped standards version
  * src/pam_ecryptfs/pam_ecryptfs.c: silence useless, oft-shown info
    message
  * src/utils/ecryptfs-mount-private, src/utils/ecryptfs-rewrite-file,
    src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-swap,
    src/utils/ecryptfs-umount-private: use gettext for all string printing,
    such that we can internationalize ecryptfs
  * po/POTFILES.sh, po/ecryptfs-utils.pot, po/fr.po, rules: add po to the
    build system; for now, in the debian/ directory; this should be put in
    the upstream source tree eventually (but I need some help with the
    automake/autoconf integration)
  * ecryptfs-setup-swap: exit(0) if there's no swaps to encrypt, ensures
    that this script succeeds if there is no swap space that needs to be
    secured, or if the existing swap space is already secured
  * doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
    doc/manpage/umount.ecryptfs.8, doc/manpage/Makefile.am: added manpagess
  * doc/manpage/ecryptfs.7: fix lintian warning
  * debian/lintian/ecryptfs-utils: added a lintian overrides file
  * debian/lintian/ecryptfs-utils, debian/ecryptfs-utils.install: add and
    install some proper lintian overrides
  * src/libecryptfs/module_mgr.c: fix typo, LP: #408437
  [ Evan Dandrea ]
  * ecryptfs-setup-swap: support more than one encrypted swap device
  [ Dorin Scutarașu ]
  * src/libecryptfs/key_management.c: fix null pointer deref, LP: #409565
  [ James Westby ]
  * src/libecryptfs/main.c flockfile the filehandle after checking that
    we were able to successfully open it (LP: #403011)
  * debian/libecryptfs0.shlibs: bump shlibs dep to 77 since we added new
    symbols there
  [ Dustin Kirkland ]
  * src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c:
    revert the zombie code removal from pam_ecryptfs as it seems this
    bit is still needed; fix the source of the problem introduced in
    commit r407; check for non-zero return codes; this problem would
    manifest itself as a) unable to unlock screensaver, b) unable to
    switch users, c) unable to mount home folder on initial login;
    LP: #402222, #402029
  * src/utils/ecryptfs-umount-private: use for loop to loop over key
    ids on removal
  * src/utils/mount.ecryptfs_private.c: return non-zero on unmount failure
    due to open sessions; handle this in ecryptfs-umount-private too; make
    the flock() blocking; use /dev/shm for counter; add an iterator to the
    counter file to prevent users from DoS'ing one another from accessing
    their encrypted directories, LP: #402745
  * debian/ecryptfs-utils.postinst: move /tmp counters to /dev/shm
  * configure.ac: link against pam, silence shlib warning
  * src/include/ecryptfs.h, src/libecryptfs/main.c,
    src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/mount.ecryptfs_private.c: move two functions from
    mount.ecryptfs_private to libecryptfs, namely is_mounted() and
    fetch_private_mnt(); use these in both pam_ecryptfs and
    mount.ecryptfs_private; also move PRIVATE to ECRYPTFS_PRIVATE in
    the ecryptfs.h headers; this will allow us to short-circuit some of the
    costly key-loading code on pam_auth if the private dir is already
    mounted, speeding up some subsequent authentications significantly,
    LP: #402748
  * doc/ecryptfs-mount-private.txt: removed the "$" to make copy-n-paste
    more user friendly
  * src/utils/ecryptfs-setup-private: when encrypting home, put the
    .ecryptfs and .Private data in /home/.ecryptfs rather than /var/lib,
    as users are forgetting to backup /var/lib, and are often putting
    /home on a separate partition; furthermore, this gives users a place
    to access their encrypted data for backup, rather than hiding the
    data below $HOME, LP: #371719
  [ Tyler Hicks ]
  * src/libecryptfs/cipher_list.c, src/libecryptfs/module_mgr.c:
    add blowfish/56-bytes to the list of ciphers we officially support,
    LP: