lp:ubuntu/oneiric/ecryptfs-utils
- Get this branch:
- bzr branch lp:ubuntu/oneiric/ecryptfs-utils
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 75. By Dustin Kirkland
-
* src/libecryptfs
/key_management .c: LP: #725862
- fix nasty bug affecting users who do *not* encrypt filenames;
the first login works, but on logout, only one key gets
cleaned out; subsequent logins do not insert the necessary key
due to an early "goto out"; this fix needs to be SRU'd
* debian/rules: LP: #586281
- fix perms on desktop mount file
* src/pam_ecryptfs/ pam_ecryptfs. c: LP: #838471
- rework syslogging to be less noisy and note pam_ecryptfs - 74. By Dustin Kirkland
-
[ Diego E. "Flameeyes" Pettenò ]
* configure.ac:
- fix reliance on nss-config, which hinders cross-compilation[ Marc Deslauriers ]
* src/utils/mount.ecryptfs_ private. c:
* SECURITY UPDATE: wrong mtab ownership and permissions (LP: #830850)
- debian/patches/ CVE-2011- 3145.patch: also set gid and umask before
updating mtab in src/utils/mount.ecryptfs_ private. c.
- CVE-2011-3145 - 73. By Dustin Kirkland
-
[ Marc Deslauriers ]
* SECURITY UPDATE: privilege escalation via mountpoint race conditions
(LP: #732628)
- debian/patches/ CVE-2011- 1831,1832, 1834.patch: chdir into mountpoint
before checking permissions in src/utils/mount.ecryptfs_ private. c.
- CVE-2011-1831
- CVE-2011-1832
* SECURITY UPDATE: race condition when checking source during mount
(LP: #732628)
- debian/patches/ CVE-2011- 1833.patch: use new ecryptfs_ check_dev_ ruid
kernel option when mounting directory in
src/utils/mount. ecryptfs_ private. c.
- CVE-2011-1833
* SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
- debian/patches/ CVE-2011- 1831,1832, 1834.patch: modify mtab via a temp
file first and make sure it succeeds before replacing the real mtab
in src/utils/mount.ecryptfs_ private. c.
- CVE-2011-1834
* SECURITY UPDATE: key poisoning via insecure temp directory handling
(LP: #732628)
- debian/patches/ CVE-2011- 1835.patch: make sure we don't copy into a
user controlled directory in src/utils/ecryptfs- setup-private.
- CVE-2011-1835
* SECURITY UPDATE: information disclosure via recovery mount in /tmp
(LP: #732628)
- debian/patches/ CVE-2011- 1836.patch: mount inside protected
subdirectory in src/utils/ecryptfs- recover- private.
- CVE-2011-1836
* SECURITY UPDATE: arbitrary file overwrite via lock counter race
condition (LP: #732628)
- debian/patches/ CVE-2011- 1837.patch: verify permissions with a file
descriptor, and don't follow symlinks in
src/utils/mount. ecryptfs_ private. c.
- CVE-2011-1837 - 72. By Marc Deslauriers
-
* SECURITY UPDATE: privilege escalation via mountpoint race conditions
(LP: #732628)
- debian/patches/ CVE-2011- 1831,1832, 1834.patch: chdir into mountpoint
before checking permissions in src/utils/mount.ecryptfs_ private. c.
- CVE-2011-1831
- CVE-2011-1832
* SECURITY UPDATE: race condition when checking source during mount
(LP: #732628)
- debian/patches/ CVE-2011- 1833.patch: use new ecryptfs_ check_dev_ ruid
kernel option when mounting directory in
src/utils/mount. ecryptfs_ private. c.
- CVE-2011-1833
* SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
- debian/patches/ CVE-2011- 1831,1832, 1834.patch: modify mtab via a temp
file first and make sure it succeeds before replacing the real mtab
in src/utils/mount.ecryptfs_ private. c.
- CVE-2011-1834
* SECURITY UPDATE: key poisoning via insecure temp directory handling
(LP: #732628)
- debian/patches/ CVE-2011- 1835.patch: make sure we don't copy into a
user controlled directory in src/utils/ecryptfs- setup-private.
- CVE-2011-1835
* SECURITY UPDATE: information disclosure via recovery mount in /tmp
(LP: #732628)
- debian/patches/ CVE-2011- 1836.patch: mount inside protected
subdirectory in src/utils/ecryptfs- recover- private.
- CVE-2011-1836
* SECURITY UPDATE: arbitrary file overwrite via lock counter race
condition (LP: #732628)
- debian/patches/ CVE-2011- 1837.patch: verify permissions with a file
descriptor, and don't follow symlinks in
src/utils/mount. ecryptfs_ private. c.
- CVE-2011-1837 - 71. By Dustin Kirkland
-
[ Dustin Kirkland ]
* debian/control:
- add missing build dependency needed for release
* doc/manpage/ecryptfs- wrap-passphrase .1: fix minor error in manpage
* src/desktop/ecryptfs- find, src/desktop/ Makefile. am: LP: #799157
- add a tool, /usr/share/ecryptfs- utils/ecryptfs- find that can
help find cleartext/encrypted filenames by inode number
* src/desktop/ecryptfs- find:
- test file exists first; ditch the match;
search all ecryptfs mounts that user can read/traverse
* debian/ecryptfs- utils.links:
- add a symlink for Ubuntu
* scripts/release.sh:
- improve release script[ Serge Hallyn ]
* Fix from Christophe Dumez: mount.ecryptfs_private: Do not attempt to
update mtab if it is a symbolic link. (LP: #789888) - 70. By Dustin Kirkland
-
* src/utils/
mount.ecryptfs_ private. c:
- reduce the window size for the TOCTOU race;
does not entirely solve LP: #732628, which is going to need to be
fixed in the kernel with some heavy locking
* debian/control: update urls
* src/utils/ecryptfs- mount-private: LP: #725862
- fix ecryptfs-mount-private to insert only the fek, if filename
encryption is disabled - 69. By Dustin Kirkland
-
[ Paolo Bonzini <email address hidden> ]
* src/utils/ecryptfs- setup-private: update the Private.* selinux
contexts[ Dustin Kirkland ]
* src/utils/ecryptfs- setup-private:
- add -p to mkdir, address noise for a non-error
- must insert keys during testing phase, since we remove keys on
unmount now, LP: #725862
* src/utils/ecryptfs_ rewrap_ passphrase. c: confirm passphrases in
interactive mode, LP: #667331 - 68. By Dustin Kirkland
-
[ Jakob Unterwurzacher ]
* src/pam_ecryptfs/ pam_ecryptfs. c:
- check if this file exists and ask the user for the wrapping passphrase
if it does
- eliminate both ecryptfs_pam_wrapping_ independent_ set() and
ecryptfs_pam_automount_ set() and replace with a reusable
file_exists_ dotecryptfs( ) function [ Serge Hallyn and Dustin Kirkland ]
* src/utils/mount.ecryptfs_ private. c:
- support multiple, user configurable private directories by way of
a command line "alias" argument
- this "alias" references a configuration file by the name of:
$HOME/.ecryptfs/ alias.conf, which is in an fstab(5) format,
as well as $HOME/.ecryptfs/ alias.sig, in the same format as
Private.sig
- if no argument specified, the utility operates in legacy mode,
defaulting to "Private"
- rename variables, s/dev/src/ and s/mnt/dest/
- add a read_config() function
- add an alias char* to replace the #defined ECRYPTFS_PRIVATE_ DIR
- this is half of the fix to LP: #615657
* doc/manpage/mount.ecryptfs_ private. 1: document these changes
* src/libecryptfs/main.c, src/utils/ mount.ecryptfs_ private. c:
- allow umount.ecryptfs_ private to succeed when the key is no
longer in user keyring. - 67. By Dustin Kirkland
-
[ Dustin Kirkland ]
* src/utils/ecryptfs- recover- private: clean sigs of invalid characters
* src/utils/mount.ecryptfs_ private. c:
- fix bug LP: #313812, clear used keys on unmount
- add ecryptfs_unlink_ sigs to the mount opts, so that unmounts from
umount.ecryptfs behave similarly
- use ecryptfs_remove_ auth_tok_ from_keyring( ) on the sig and sig_fnek [ <email address hidden> ]
* src/utils/ecryptfs- migrate- home:
- support user databases outside of /etc/passwd, LP: #627506 - 66. By Dustin Kirkland
-
* src/desktop/
ecryptfs- record- passphrase: fix typo, LP: #524139
* debian/rules, debian/control:
- disable the gpg key module, as it's not yet functional
- clean up unneeded build-deps
- also, not using opencryptoki either
* doc/manpage/ecryptfs. 7: fix minor documentation bug, reported by
email by Jon 'maddog' Hall
* doc/manpage/ecryptfs- recover- private. 1, doc/manpage/ Makefile. am,
po/POTFILES.in, src/utils/ecryptfs- recover- private,
src/utils/Makefile. am: add a utility to simplify data recovery
of an encrypted private directory from a Live ISO, LP: #689969
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/precise/ecryptfs-utils