Branches for Utopic

Author: Nobuto Murata
Revision Date: 2013-02-21 01:56:33 UTC

[ Colin King ]
* src/libecryptfs/ecryptfs-stat.c, tests/kernel/extend-file-
  random/test.c, tests/kernel/inode-race-stat/test.c,
  tests/kernel/trunc-file/test.c:
  - Fixed some 32 bit build warnings
* src/libecryptfs/decision_graph.c, src/libecryptfs/key_management.c,
  src/libecryptfs/main.c, src/libecryptfs/module_mgr.c, src/utils/io.c,
  src/utils/mount.ecryptfs_private.c, tests/kernel/inotify/test.c,
  tests/kernel/trunc-file/test.c, tests/userspace/wrap-unwrap/test.c:
  - Fixed a pile of minor bugs (memory leaks, unclosed file descriptors,
    etc.) mostly in error paths
* src/key_mod/ecryptfs_key_mod_passphrase.c, src/libecryptfs/main.c,
  src/pam_ecryptfs/pam_ecryptfs.c:
  - more Coverity fixes, memory leak, error checking, etc.

[ Nobuto MURATA ]
* fix an empty update-notifier window (LP: #1107650)
  - changes made in Rev.758 was incomplete

[ Tyler Hicks ]
* doc/manpage/ecryptfs.7:
  - adjust man page text to avoid confusion about whether the interactive
    mount helper takes a capital 'N' for the answer to y/n questions
    (LP: #1130460)
* src/utils/ecryptfs_rewrap_passphrase.c:
  - Handle errors when interactively reading the new wrapping passphrase
    and the confirmation from stdin. Fixes a segfault (invalid memory read)
    in ecryptfs-rewrap-passphrase if there was an error while reading either
    of these passphrases.
* configure.ac:
  - Set AM_CPPFLAGS to always include config.h as the first include file.
    Some .c files correctly included config.h before anything else. The
    majority of .c files got this wrong by including it after other header
    files, including it multiple times, or not including it at all.
    Including it in the AM_CPPFLAGS should solve these problems and keep
    future mistakes from happening in new source files.
  - Enable large file support (LFS) through the use of the AC_SYS_LARGEFILE
    autoconf macro. ecryptfs-utils has been well tested with LFS enabled
    because ecryptfs-utils is being built with
    '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' in Debian-based distros.
    This is mainly needed for some of the in-tree regression tests but
    ecryptfs-utils, in general, should be built with LFS enabled.
* debian/rules:
  - Don't append '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' to the CFLAGS
    now that the upstream build enables LFS
* tests/userspace/lfs.sh, tests/userspace/lfs/test.c:
  - Add a test to verify that LFS is enabled. This test is run under the
    make check target.
* tests/kernel/enospc/test.c:
  - Fix test failures on 32 bit architectures due to large file sizes
    overflowing data types

[ Dustin Kirkland ]
* src/utils/ecryptfs-setup-swap: LP: #1172014
  - write crypttab entry using UUID
* src/utils/ecryptfs-recover-private: LP: #1028532
  - error out, if we fail to mount the private data correctly

[ Colin King and Dustin Kirkland ]
* configure.ac, src/daemon/main.c, src/libecryptfs/cmd_ln_parser.c,
  src/libecryptfs/decision_graph.c, src/utils/mount.ecryptfs.c,
  tests/kernel/trunc-file/test.c:
  - remove some dead code, fix some minor issues raised by Coverity

Author: Tyler Hicks
Revision Date: 2015-03-04 16:40:18 UTC

* SECURITY UPDATE: Mount passphrase wrapped with a default salt value
  - debian/patches/CVE-2014-9687.patch: Generate a random salt when wrapping
    the mount passphrase. If a user has a mount passphrase that was wrapped
    using the default salt, their mount passphrase will be rewrapped using a
    random salt when they log in with their password.
  - debian/patches/CVE-2014-9687.patch: Create a temporary file when
    creating a new wrapped-passphrase file and copy it to its final
    destination after the file has been fully synced to disk (LP: #1020902)
  - debian/rules: Set the executable bit on the
    v1-to-v2-wrapped-passphrase.sh test script that was created by
    wrapping-passphrase-salt.patch
  - CVE-2014-9687

Author: Tyler Hicks
Revision Date: 2015-03-04 16:40:18 UTC

* SECURITY UPDATE: Mount passphrase wrapped with a default salt value
  - debian/patches/CVE-2014-9687.patch: Generate a random salt when wrapping
    the mount passphrase. If a user has a mount passphrase that was wrapped
    using the default salt, their mount passphrase will be rewrapped using a
    random salt when they log in with their password.
  - debian/patches/CVE-2014-9687.patch: Create a temporary file when
    creating a new wrapped-passphrase file and copy it to its final
    destination after the file has been fully synced to disk (LP: #1020902)
  - debian/rules: Set the executable bit on the
    v1-to-v2-wrapped-passphrase.sh test script that was created by
    wrapping-passphrase-salt.patch
  - CVE-2014-9687