Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/natty-security/ecryptfs-utils
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

71. By Marc Deslauriers

* SECURITY UPDATE: wrong mtab ownership and permissions (LP: #830850)
  - debian/patches/CVE-2011-3145.patch: also set gid and umask before
    updating mtab in src/utils/mount.ecryptfs_private.c.
  - CVE-2011-3145

70. By Marc Deslauriers

* SECURITY UPDATE: privilege escalation via mountpoint race conditions
  (LP: #732628)
  - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
    before checking permissions in src/utils/mount.ecryptfs_private.c.
  - CVE-2011-1831
  - CVE-2011-1832
* SECURITY UPDATE: race condition when checking source during mount
  (LP: #732628)
  - debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
    kernel option when mounting directory in
  - CVE-2011-1833
* SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
  - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
    file first and make sure it succeeds before replacing the real mtab
    in src/utils/mount.ecryptfs_private.c.
  - CVE-2011-1834
* SECURITY UPDATE: key poisoning via insecure temp directory handling
  (LP: #732628)
  - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
    user controlled directory in src/utils/ecryptfs-setup-private.
  - CVE-2011-1835
* SECURITY UPDATE: information disclosure via recovery mount in /tmp
  (LP: #732628)
  - debian/patches/CVE-2011-1836.patch: mount inside protected
    subdirectory in src/utils/ecryptfs-recover-private.
  - CVE-2011-1836
* SECURITY UPDATE: arbitrary file overwrite via lock counter race
  condition (LP: #732628)
  - debian/patches/CVE-2011-1837.patch: verify permissions with a file
    descriptor, and don't follow symlinks in
  - CVE-2011-1837

69. By Dustin Kirkland 

[ Paolo Bonzini <email address hidden> ]
* src/utils/ecryptfs-setup-private: update the Private.* selinux

[ Dustin Kirkland ]
* src/utils/ecryptfs-setup-private:
  - add -p to mkdir, address noise for a non-error
  - must insert keys during testing phase, since we remove keys on
    unmount now, LP: #725862
* src/utils/ecryptfs_rewrap_passphrase.c: confirm passphrases in
  interactive mode, LP: #667331

68. By Dustin Kirkland 

[ Jakob Unterwurzacher ]
* src/pam_ecryptfs/pam_ecryptfs.c:
  - check if this file exists and ask the user for the wrapping passphrase
    if it does
  - eliminate both ecryptfs_pam_wrapping_independent_set() and
    ecryptfs_pam_automount_set() and replace with a reusable
    file_exists_dotecryptfs() function

[ Serge Hallyn and Dustin Kirkland ]
* src/utils/mount.ecryptfs_private.c:
  - support multiple, user configurable private directories by way of
    a command line "alias" argument
  - this "alias" references a configuration file by the name of:
    $HOME/.ecryptfs/alias.conf, which is in an fstab(5) format,
    as well as $HOME/.ecryptfs/alias.sig, in the same format as
  - if no argument specified, the utility operates in legacy mode,
    defaulting to "Private"
  - rename variables, s/dev/src/ and s/mnt/dest/
  - add a read_config() function
  - add an alias char* to replace the #defined ECRYPTFS_PRIVATE_DIR
  - this is half of the fix to LP: #615657
* doc/manpage/mount.ecryptfs_private.1: document these changes
* src/libecryptfs/main.c, src/utils/mount.ecryptfs_private.c:
  - allow umount.ecryptfs_private to succeed when the key is no
    longer in user keyring.

67. By Dustin Kirkland 

[ Dustin Kirkland ]
* src/utils/ecryptfs-recover-private: clean sigs of invalid characters
* src/utils/mount.ecryptfs_private.c:
  - fix bug LP: #313812, clear used keys on unmount
  - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from
    umount.ecryptfs behave similarly
  - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek

[ <email address hidden> ]
* src/utils/ecryptfs-migrate-home:
  - support user databases outside of /etc/passwd, LP: #627506

66. By Dustin Kirkland 

* src/desktop/ecryptfs-record-passphrase: fix typo, LP: #524139
* debian/rules, debian/control:
  - disable the gpg key module, as it's not yet functional
  - clean up unneeded build-deps
  - also, not using opencryptoki either
* doc/manpage/ecryptfs.7: fix minor documentation bug, reported by
  email by Jon 'maddog' Hall
* doc/manpage/ecryptfs-recover-private.1, doc/manpage/Makefile.am,
  po/POTFILES.in, src/utils/ecryptfs-recover-private,
  src/utils/Makefile.am: add a utility to simplify data recovery
  of an encrypted private directory from a Live ISO, LP: #689969

65. By Dustin Kirkland 

src/desktop/ecryptfs-record-passphrase: fix typo, LP: #524139

64. By Dustin Kirkland 

debian/rules, debian/control: disable the gpg key module,
as it's not yet functional; does more harm than good to build it;
should not be in 10.04 LTS; clean up build-deps; also, not using
opencryptoki either; unbreak the build for 32-bit Lucid

63. By Dustin Kirkland 

[ David Planella ]
* Makefile.am, configure.ac, debian/control, debian/po/POTFILES.sh,
  debian/po/ecryptfs-utils.pot, debian/po/fr.po, debian/rules,
  po/POTFILES.in, src/desktop/Makefile.am,
  - internationalization work for LP: #358283
* po/LINGUAS, po/ca.po: Catalan translation

[ Yan Li <email address hidden> ]
* src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
  src/utils/ecryptfs-migrate-home: add a script and pam hooks to
  support automatic migration to encrypted home directory

[ Dustin Kirkland ]
* src/utils/ecryptfs-migrate-home: clean up for merge
  - use $() rather than ``
  - drop set -u
  - use = and !=, and quote vars, rather than testing with -ne, -eq,
    for better shell portability
  - improve usage statement and error text
  - check if already encrypted
  - handle migration of multiple users on boot
  - fix all whitespace, use tabs for indents
  - use quotes around variables, rather than ${} (stylistic preference)
  - major simplification for immediate release
    + remove boot and user modes; only support administrator mode for
      security reasons and to avoid race conditions
    + other modes can be re-added, if necessary, and if security
      concerns can be addressed
  - ensure running as root
  - drop VERBOSE option, always print useful info messages
  - call the user $USER_NAME rather than $USER_ID since id implies
    number, and here we're deailing with names
  - no decimals on awk calculation
  - mktemp on the target user, not root
  - check that there is enough disk space available to do the migration
  - ensure the user's homedir group is correct
  - add critical instructions, user *must* login after the migration and
    before the reboot, as their wrapped passphrase will be cleared on
    reboot (possible we should use an init script to move these to
    /var/tmp on reboot)
  - ensure permissions are set correctly
  - improve text at the end of the migration, organize into notes
* ecryptfs-utils.ecryptfs-utils-restore.upstart,
  ecryptfs-utils.ecryptfs-utils-save.upstart, rules:
  - try to protect migrating users who don't login before the next reboot
* debian/ecryptfs-utils.install: install the locale messages
* src/desktop/ecryptfs-record-passphrase: improve dialog text
* src/desktop/ecryptfs-record-passphrase: revert the _ bit, as it's not quite
  working yet, will need to talk to David to fix
* Mark LP: #471725 as fixed

62. By Dustin Kirkland 

debian/rules: fix FTBFS, CFLAGS needed for libgcrypt11-dev linking

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.