lp:~flameeyes/ecryptfs/devel

Branch merges

Propose for merging

No branches dependent on this one.

Merged into lp:~ecryptfs/ecryptfs/oldtrunk at revision 557

eCryptfs: Pending requested 2011-08-31

Diff: 26 lines (+6/-10)

1 file modified

configure.ac (+6/-10)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #837762: Reliance on nss-config hinders cross-compilation

Medium

Fix Released

Link a bug report

Related blueprints

557. By Diego Elio Pettenò on 2011-08-31

build: use pkg-config to identify presence of NSS.

The nss-config script is not cross-compile aware, but pkg-config is (or can
be made so). Instead of calling directly the former, use the latter.

This also allows for the flags and libs variables to be overridden by the
user at ./configure time, like any other important variable, and decouples
from nspr dependency, as nss pkg-config file already imports that.

556. By Dustin Kirkland  on 2011-08-10

opening 91

555. By Dustin Kirkland  on 2011-08-10

releasing version 90

554. By Dustin Kirkland  on 2011-08-10

* SECURITY UPDATE: privilege escalation via mountpoint race conditions
  (LP: #732628)
  - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
    before checking permissions in src/utils/mount.ecryptfs_private.c.
  - CVE-2011-1831
  - CVE-2011-1832
* SECURITY UPDATE: race condition when checking source during mount
  (LP: #732628)
  - debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
    kernel option when mounting directory in
    src/utils/mount.ecryptfs_private.c.
  - CVE-2011-1833
* SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
  - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
    file first and make sure it succeeds before replacing the real mtab
    in src/utils/mount.ecryptfs_private.c.
  - CVE-2011-1834
* SECURITY UPDATE: key poisoning via insecure temp directory handling
  (LP: #732628)
  - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
    user controlled directory in src/utils/ecryptfs-setup-private.
  - CVE-2011-1835
* SECURITY UPDATE: information disclosure via recovery mount in /tmp
  (LP: #732628)
  - debian/patches/CVE-2011-1836.patch: mount inside protected
    subdirectory in src/utils/ecryptfs-recover-private.
  - CVE-2011-1836
* SECURITY UPDATE: arbitrary file overwrite via lock counter race
  condition (LP: #732628)
  - debian/patches/CVE-2011-1837.patch: verify permissions with a file
    descriptor, and don't follow symlinks in
    src/utils/mount.ecryptfs_private.c.
  - CVE-2011-1837

553. By Dustin Kirkland  on 2011-07-19

fix path

552. By Dustin Kirkland  on 2011-07-19

opening 90

551. By Dustin Kirkland  on 2011-07-19

releasing version 89

550. By Dustin Kirkland  on 2011-07-19

fix changelog

549. By Dustin Kirkland  on 2011-07-19

emit next steps as echo

548. By Dustin Kirkland  on 2011-07-19

opening 90