Created by Chris J Arges on 2012-10-26 and last modified on 2012-10-26
Get this branch:
bzr branch lp:~arges/ubuntu/precise/ecryptfs-utils/fix-lp1052038
Only Chris J Arges can upload to this branch. If you are Chris J Arges please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Chris J Arges

Recent revisions

83. By Chris J Arges on 2012-10-26

[ Dustin Kirkland ]
* src/utils/mount.ecryptfs_private.c: LP: #1052038
  - fix race condition, which typically manifests itself with a user
    saying that their home directory is not accessible, or that their
    filenames are not decrypted
  - the root of the problem is that we were reading the signature file,
    ~/.ecryptfs/Private.sig, twice; in some cases, the first one succeeds,
    so the file encryption signature is read and key is loaded, but then
    some other process (usually from PAM, perhaps a cron job or a
    subsequent login) mounts the home directory before the filename
    encryption key is loaded; thus, $HOME is mounted but filenames are
    not decrypted, so the second read of ~/.ecryptfs/Private.sig fails
    as that file is not found
  - the solution is to rework the internal fetch_sig() function and read
    one or both signatures within a single open/read/close operation of
    the file

82. By Colin Watson on 2012-04-18

src/utils/ecryptfs-setup-swap: Skip /dev/zram* swap devices
(LP: #979350).

81. By Kees Cook on 2012-02-21

Add debian/patches/automount-fork-exit.patch (LP: #938326).

80. By Dustin Kirkland  on 2012-02-16

[ Dustin Kirkland ]
  - added a new file to describe how to contribute to ecryptfs
* === added directory img/old, img/old/ecryptfs_14.png,
  img/old/ecryptfs_192.png, img/old/ecryptfs_64.png:
  - saving the old logos/branding for posterity
* debian/copyright, img/COPYING:
  - added CC-by-SA 3.0 license
  - use the text version
* img/ecryptfs_14.png, img/ecryptfs_192.png, img/ecryptfs_64.png:
  - added scaled copies of images used for Launchpad.net branding
* src/utils/ecryptfs-recover-private: LP: #847505
  - add an option to allow user to enter the mount passphrase,
    in case they've recorded that, but forgotten their login
* src/libecryptfs/sysfs.c: LP: #802197
  - default sysfs to /sys, if not found in /etc/mtab
  - it seems that reading /etc/mtab for this is outdated
  - ensure that ecryptfs works even if there is no sysfs entry
    in /etc/mtab
* src/key_mod/ecryptfs_key_mod_tspi.c: LP: #462225
  - fix TPM and string_to_uuid 64bits issue
  - thanks to Janos for the patch
* precise

[ Tyler Hicks ]
  - clarified how to contribute to the ecryptfs kernel module
* tests/lib/etl_funcs.sh:
  - created eCryptfs test library of bash functions for use in test
    cases and test harnesses
* test/etl_add_passphrase_key_to_keyring.c:
  - created a C helper program to allow bash scripts to interface to
    the libecryptfs function that adds passphrase-based keys to the
    kernel keyring
* tests/kernel/tests.rc, tests/userspace/tests.rc:
  - created a test case category files for test harnesses to source
    when running testcases of a certain category (destructive, safe,
* tests/run_tests.sh:
  - created a test harness to run eCryptfs test cases
* tests/kernel/miscdev-bad-count.sh,
  - created test case for miscdev issue reported to mailing list
* tests/kernel/lp-885744.sh:
  - created test case for pathconf bug
* tests/kernel/lp-926292.sh:
  - created test case for checking stale inode attrs after setxattr
* tests/new.sh:
  - created new test case template to copy from
* tests/userspace/verify-passphrase-sig.sh,
  - created test case, for make check, to test the creation of
    passphrase-based fekeks and signatures
* configure.ac, Makefile.am, tests/Makefile.am, tests/lib/Makefile.am,
  tests/kernel/Makefile.am, tests/userspace/Makefile.am:
  - updated and created autoconf/automake files to build the new tests
  - added make check target

[ Eddie Garcia ]
* img/*: LP: #907131
  - contributing a new set of logos and branding under the CC-by-SA3.0

[ Colin King ]
* tests/kernel/extend-file-random.sh,
  - Test to randomly extend file size, read/write + unlink
* tests/kernel/trunc-file.sh, tests/kernel/trunc-file/test.c:
  - Test to exercise file truncation
* tests/kernel/directory-concurrent.sh,
  - test for directory creation/deletion races with multiple processes
* tests/kernel/file-concurrent.sh,
  - test for file creation/truncation/unlink races with multiple
* tests/kernel/inotify.sh, tests/kernel/inotify/test.c:
  - test for proper inotify support
* tests/kernel/mmap-dir.sh, tests/kernel/mmap-dir/test.c:
  - test that directory files cannot be mmap'ed
* tests/kernel/read-dir.sh, tests/kernel/read-dir/test.c:
  - test that read() on directory files returns the right error
* tests/kernel/setattr-flush-dirty.sh:
  - test that the modified timestamp isn't clobbered in writeback
* tests/kernel/inode-race-stat.sh, tests/kernel/inode-race-stat/test.c:
  - test for inode initialization race condition

79. By Dustin Kirkland  on 2011-12-14

[ Serge Hallyn ]
* fix infinite loop on arm: fgetc returns an int, and -1 at end of
  options. Arm makes char unsigned. (LP: #884407)

[ Dustin Kirkland ]
* debian/compat, debian/control, debian/ecryptfs-utils.install,
  debian/libecryptfs0.install, debian/libecryptfs-dev.install,
  debian/lintian/ecryptfs-utils, debian/python-ecryptfs.install,
  debian/rules, debian/source/options, doc/ecryptfs-pam-doc.txt,
  doc/manpage/ecryptfs-setup-private.1, lintian/ecryptfs-utils, ===
  removed directory debian/lintian:
  - merge a bunch of packaging changes from Debian's Daniel Baumann
* scripts/release.sh:
  - minor release fixes

78. By Dustin Kirkland  on 2011-12-14

[ Dustin Kirkland ]
* scripts/release.sh:
  - fix release script
  - bump ubuntu release
* doc/manpage/ecryptfs-recover-private.1, src/utils/ecryptfs-migrate-
  home (properties changed: -x to +x), src/utils/ecryptfs-recover-
  - add a --rw option for ecryptfs-recover-private
* src/utils/ecryptfs-migrate-home: LP: #820416
  - show progress on rsync
* debian/ecryptfs-utils.ecryptfs-utils-restore.upstart,
  src/utils/ecryptfs-setup-private: LP: #883238
  - remove 2 upstart scripts, which attempted to "save" users who didn't
    login after migrating their home; instead, we now require the root
    user to enter user passwords at migration time
* debian/copyright, debian/ecryptfs-utils.ecryptfs-utils-
  restore.upstart, debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
  doc/manpage/ecryptfs.7, doc/manpage/ecryptfs-add-passphrase.1,
  doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
  insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
  mount-private.1, doc/manpage/ecryptfs-recover-private.1,
  doc/manpage/ecryptfs-rewrap-passphrase.1, doc/manpage/ecryptfs-
  rewrite-file.1, doc/manpage/ecryptfs-setup-private.1,
  doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
  doc/manpage/ecryptfs-umount-private.1, doc/manpage/ecryptfs-unwrap-
  passphrase.1, doc/manpage/ecryptfs-wrap-passphrase.1,
  doc/manpage/fr/ecryptfs-add-passphrase.1, doc/manpage/fr/ecryptfs-
  generate-tpm-key.1, doc/manpage/fr/ecryptfs-insert-wrapped-
  passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-mount-private.1,
  doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
  umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
  doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
  zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
  doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
  src/utils/ecryptfs-migrate-home, src/utils/ecryptfs-mount-private,
  src/utils/ecryptfs_rewrap_passphrase.c, src/utils/ecryptfs-rewrite-
  file, src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-
  swap, src/utils/ecryptfs-umount-private,
  - update some email addresses, moving <email address hidden> ->
    <email address hidden> (which I can still read)
* src/libecryptfs/key_management.c: LP: #715066
  - fix 2 places where we were handling
    ecryptfs_add_passphrase_key_to_keyring() inconsistently
  - if we're trying to add a key to the keyring, and it's already there,
    treat that as "success"
* debian/control:
  - ecryptfs-setup-swap is strongly recommended, which depends on
    cryptsetup; so promote cryptsetup from suggests -> recommends
* precise

[ Stephan Ritscher and Tyler Hicks ]
* src/libecryptfs/cmd_ln_parser.c: LP: #683535
  - fix passphrase_passwd_fd for pipes
  - handle memory allocation failures
  - free memory in error paths

[ Arfrever Frehtes Taifersar Arahesis ]
* configure.ac: LP: #893327
  - no need to check for python, if --disable-pywrap is passed

77. By Serge Hallyn on 2011-11-08

fix infinite loop on arm: fgetc returns an int, and -1 at end of
options. Arm makes char unsigned. (LP: #884407)

76. By Dustin Kirkland  on 2011-10-27

* src/utils/ecryptfs-verify, src/utils/Makefile.am:
  - add an ecryptfs-verify utility, LP: #845738
* src/testcases/write-read.sh:
  - added a write/read test utility
* doc/manpage/ecryptfs-mount-private.1, doc/manpage/ecryptfs-setup-
  private.1, doc/manpage/mount.ecryptfs_private.1,
  doc/manpage/umount.ecryptfs_private.1: LP: #882267
  - remove inaccurate documentation about being a member of the ecryptfs
* src/utils/ecryptfs-setup-private: LP: #882314
  - fix preseeded encrypted home Ubuntu installations (thanks Timo!)
* oneiric

75. By Dustin Kirkland  on 2011-09-01

* src/libecryptfs/key_management.c: LP: #725862
  - fix nasty bug affecting users who do *not* encrypt filenames;
    the first login works, but on logout, only one key gets
    cleaned out; subsequent logins do not insert the necessary key
    due to an early "goto out"; this fix needs to be SRU'd
* debian/rules: LP: #586281
  - fix perms on desktop mount file
* src/pam_ecryptfs/pam_ecryptfs.c: LP: #838471
  - rework syslogging to be less noisy and note pam_ecryptfs

74. By Dustin Kirkland  on 2011-08-31

[ Diego E. "Flameeyes" Pettenò ]
* configure.ac:
  - fix reliance on nss-config, which hinders cross-compilation

[ Marc Deslauriers ]
* src/utils/mount.ecryptfs_private.c:
* SECURITY UPDATE: wrong mtab ownership and permissions (LP: #830850)
  - debian/patches/CVE-2011-3145.patch: also set gid and umask before
    updating mtab in src/utils/mount.ecryptfs_private.c.
  - CVE-2011-3145

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.