Created by James Westby on 2011-10-13 and last modified on 2012-04-18
Get this branch:
bzr branch lp:ubuntu/precise/ecryptfs-utils
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches

Recent revisions

82. By Colin Watson on 2012-04-18

src/utils/ecryptfs-setup-swap: Skip /dev/zram* swap devices
(LP: #979350).

81. By Kees Cook on 2012-02-21

Add debian/patches/automount-fork-exit.patch (LP: #938326).

80. By Dustin Kirkland  on 2012-02-16

[ Dustin Kirkland ]
  - added a new file to describe how to contribute to ecryptfs
* === added directory img/old, img/old/ecryptfs_14.png,
  img/old/ecryptfs_192.png, img/old/ecryptfs_64.png:
  - saving the old logos/branding for posterity
* debian/copyright, img/COPYING:
  - added CC-by-SA 3.0 license
  - use the text version
* img/ecryptfs_14.png, img/ecryptfs_192.png, img/ecryptfs_64.png:
  - added scaled copies of images used for Launchpad.net branding
* src/utils/ecryptfs-recover-private: LP: #847505
  - add an option to allow user to enter the mount passphrase,
    in case they've recorded that, but forgotten their login
* src/libecryptfs/sysfs.c: LP: #802197
  - default sysfs to /sys, if not found in /etc/mtab
  - it seems that reading /etc/mtab for this is outdated
  - ensure that ecryptfs works even if there is no sysfs entry
    in /etc/mtab
* src/key_mod/ecryptfs_key_mod_tspi.c: LP: #462225
  - fix TPM and string_to_uuid 64bits issue
  - thanks to Janos for the patch
* precise

[ Tyler Hicks ]
  - clarified how to contribute to the ecryptfs kernel module
* tests/lib/etl_funcs.sh:
  - created eCryptfs test library of bash functions for use in test
    cases and test harnesses
* test/etl_add_passphrase_key_to_keyring.c:
  - created a C helper program to allow bash scripts to interface to
    the libecryptfs function that adds passphrase-based keys to the
    kernel keyring
* tests/kernel/tests.rc, tests/userspace/tests.rc:
  - created a test case category files for test harnesses to source
    when running testcases of a certain category (destructive, safe,
* tests/run_tests.sh:
  - created a test harness to run eCryptfs test cases
* tests/kernel/miscdev-bad-count.sh,
  - created test case for miscdev issue reported to mailing list
* tests/kernel/lp-885744.sh:
  - created test case for pathconf bug
* tests/kernel/lp-926292.sh:
  - created test case for checking stale inode attrs after setxattr
* tests/new.sh:
  - created new test case template to copy from
* tests/userspace/verify-passphrase-sig.sh,
  - created test case, for make check, to test the creation of
    passphrase-based fekeks and signatures
* configure.ac, Makefile.am, tests/Makefile.am, tests/lib/Makefile.am,
  tests/kernel/Makefile.am, tests/userspace/Makefile.am:
  - updated and created autoconf/automake files to build the new tests
  - added make check target

[ Eddie Garcia ]
* img/*: LP: #907131
  - contributing a new set of logos and branding under the CC-by-SA3.0

[ Colin King ]
* tests/kernel/extend-file-random.sh,
  - Test to randomly extend file size, read/write + unlink
* tests/kernel/trunc-file.sh, tests/kernel/trunc-file/test.c:
  - Test to exercise file truncation
* tests/kernel/directory-concurrent.sh,
  - test for directory creation/deletion races with multiple processes
* tests/kernel/file-concurrent.sh,
  - test for file creation/truncation/unlink races with multiple
* tests/kernel/inotify.sh, tests/kernel/inotify/test.c:
  - test for proper inotify support
* tests/kernel/mmap-dir.sh, tests/kernel/mmap-dir/test.c:
  - test that directory files cannot be mmap'ed
* tests/kernel/read-dir.sh, tests/kernel/read-dir/test.c:
  - test that read() on directory files returns the right error
* tests/kernel/setattr-flush-dirty.sh:
  - test that the modified timestamp isn't clobbered in writeback
* tests/kernel/inode-race-stat.sh, tests/kernel/inode-race-stat/test.c:
  - test for inode initialization race condition

79. By Dustin Kirkland  on 2011-12-14

[ Serge Hallyn ]
* fix infinite loop on arm: fgetc returns an int, and -1 at end of
  options. Arm makes char unsigned. (LP: #884407)

[ Dustin Kirkland ]
* debian/compat, debian/control, debian/ecryptfs-utils.install,
  debian/libecryptfs0.install, debian/libecryptfs-dev.install,
  debian/lintian/ecryptfs-utils, debian/python-ecryptfs.install,
  debian/rules, debian/source/options, doc/ecryptfs-pam-doc.txt,
  doc/manpage/ecryptfs-setup-private.1, lintian/ecryptfs-utils, ===
  removed directory debian/lintian:
  - merge a bunch of packaging changes from Debian's Daniel Baumann
* scripts/release.sh:
  - minor release fixes

78. By Dustin Kirkland  on 2011-12-14

[ Dustin Kirkland ]
* scripts/release.sh:
  - fix release script
  - bump ubuntu release
* doc/manpage/ecryptfs-recover-private.1, src/utils/ecryptfs-migrate-
  home (properties changed: -x to +x), src/utils/ecryptfs-recover-
  - add a --rw option for ecryptfs-recover-private
* src/utils/ecryptfs-migrate-home: LP: #820416
  - show progress on rsync
* debian/ecryptfs-utils.ecryptfs-utils-restore.upstart,
  src/utils/ecryptfs-setup-private: LP: #883238
  - remove 2 upstart scripts, which attempted to "save" users who didn't
    login after migrating their home; instead, we now require the root
    user to enter user passwords at migration time
* debian/copyright, debian/ecryptfs-utils.ecryptfs-utils-
  restore.upstart, debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
  doc/manpage/ecryptfs.7, doc/manpage/ecryptfs-add-passphrase.1,
  doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
  insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
  mount-private.1, doc/manpage/ecryptfs-recover-private.1,
  doc/manpage/ecryptfs-rewrap-passphrase.1, doc/manpage/ecryptfs-
  rewrite-file.1, doc/manpage/ecryptfs-setup-private.1,
  doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
  doc/manpage/ecryptfs-umount-private.1, doc/manpage/ecryptfs-unwrap-
  passphrase.1, doc/manpage/ecryptfs-wrap-passphrase.1,
  doc/manpage/fr/ecryptfs-add-passphrase.1, doc/manpage/fr/ecryptfs-
  generate-tpm-key.1, doc/manpage/fr/ecryptfs-insert-wrapped-
  passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-mount-private.1,
  doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
  umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
  doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
  zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
  doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
  src/utils/ecryptfs-migrate-home, src/utils/ecryptfs-mount-private,
  src/utils/ecryptfs_rewrap_passphrase.c, src/utils/ecryptfs-rewrite-
  file, src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-
  swap, src/utils/ecryptfs-umount-private,
  - update some email addresses, moving <email address hidden> ->
    <email address hidden> (which I can still read)
* src/libecryptfs/key_management.c: LP: #715066
  - fix 2 places where we were handling
    ecryptfs_add_passphrase_key_to_keyring() inconsistently
  - if we're trying to add a key to the keyring, and it's already there,
    treat that as "success"
* debian/control:
  - ecryptfs-setup-swap is strongly recommended, which depends on
    cryptsetup; so promote cryptsetup from suggests -> recommends
* precise

[ Stephan Ritscher and Tyler Hicks ]
* src/libecryptfs/cmd_ln_parser.c: LP: #683535
  - fix passphrase_passwd_fd for pipes
  - handle memory allocation failures
  - free memory in error paths

[ Arfrever Frehtes Taifersar Arahesis ]
* configure.ac: LP: #893327
  - no need to check for python, if --disable-pywrap is passed

77. By Serge Hallyn on 2011-11-08

fix infinite loop on arm: fgetc returns an int, and -1 at end of
options. Arm makes char unsigned. (LP: #884407)

76. By Dustin Kirkland  on 2011-10-27

* src/utils/ecryptfs-verify, src/utils/Makefile.am:
  - add an ecryptfs-verify utility, LP: #845738
* src/testcases/write-read.sh:
  - added a write/read test utility
* doc/manpage/ecryptfs-mount-private.1, doc/manpage/ecryptfs-setup-
  private.1, doc/manpage/mount.ecryptfs_private.1,
  doc/manpage/umount.ecryptfs_private.1: LP: #882267
  - remove inaccurate documentation about being a member of the ecryptfs
* src/utils/ecryptfs-setup-private: LP: #882314
  - fix preseeded encrypted home Ubuntu installations (thanks Timo!)
* oneiric

75. By Dustin Kirkland  on 2011-09-01

* src/libecryptfs/key_management.c: LP: #725862
  - fix nasty bug affecting users who do *not* encrypt filenames;
    the first login works, but on logout, only one key gets
    cleaned out; subsequent logins do not insert the necessary key
    due to an early "goto out"; this fix needs to be SRU'd
* debian/rules: LP: #586281
  - fix perms on desktop mount file
* src/pam_ecryptfs/pam_ecryptfs.c: LP: #838471
  - rework syslogging to be less noisy and note pam_ecryptfs

74. By Dustin Kirkland  on 2011-08-31

[ Diego E. "Flameeyes" Pettenò ]
* configure.ac:
  - fix reliance on nss-config, which hinders cross-compilation

[ Marc Deslauriers ]
* src/utils/mount.ecryptfs_private.c:
* SECURITY UPDATE: wrong mtab ownership and permissions (LP: #830850)
  - debian/patches/CVE-2011-3145.patch: also set gid and umask before
    updating mtab in src/utils/mount.ecryptfs_private.c.
  - CVE-2011-3145

73. By Dustin Kirkland  on 2011-08-10

[ Marc Deslauriers ]
* SECURITY UPDATE: privilege escalation via mountpoint race conditions
  (LP: #732628)
  - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
    before checking permissions in src/utils/mount.ecryptfs_private.c.
  - CVE-2011-1831
  - CVE-2011-1832
* SECURITY UPDATE: race condition when checking source during mount
  (LP: #732628)
  - debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
    kernel option when mounting directory in
  - CVE-2011-1833
* SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
  - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
    file first and make sure it succeeds before replacing the real mtab
    in src/utils/mount.ecryptfs_private.c.
  - CVE-2011-1834
* SECURITY UPDATE: key poisoning via insecure temp directory handling
  (LP: #732628)
  - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
    user controlled directory in src/utils/ecryptfs-setup-private.
  - CVE-2011-1835
* SECURITY UPDATE: information disclosure via recovery mount in /tmp
  (LP: #732628)
  - debian/patches/CVE-2011-1836.patch: mount inside protected
    subdirectory in src/utils/ecryptfs-recover-private.
  - CVE-2011-1836
* SECURITY UPDATE: arbitrary file overwrite via lock counter race
  condition (LP: #732628)
  - debian/patches/CVE-2011-1837.patch: verify permissions with a file
    descriptor, and don't follow symlinks in
  - CVE-2011-1837

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.