lp:ubuntu/raring/ecryptfs-utils

Created by James Westby on 2012-10-20 and last modified on 2013-02-21
Get this branch:
bzr branch lp:ubuntu/raring/ecryptfs-utils
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Development

Recent revisions

92. By Nobuto Murata on 2013-02-20

* fix an empty update-notifier window (LP: #1107650)
  - needed part was dropped accidentally at 102-0ubuntu1

91. By Dustin Kirkland  on 2013-01-25

[ Tyler Hicks ]
* debian/rules:
  - Use dpkg-buildflags to inject distro compiler hardening flags into the
    build. This also fixes the hardening-no-fortify-functions lintian
    warnings.

[ Dustin Kirkland ]
* doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
  doc/manpage/ecryptfs-find.1, doc/manpage/ecryptfs-generate-tpm-
  key.1, doc/manpage/ecryptfs-insert-wrapped-passphrase-into-
  keyring.1, doc/manpage/ecryptfs-manager.8, doc/manpage/ecryptfs-
  migrate-home.8, doc/manpage/ecryptfs-mount-private.1,
  doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
  passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
  doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
  swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
  private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
  doc/manpage/ecryptfs-verify.1, doc/manpage/ecryptfs-wrap-
  passphrase.1, doc/manpage/Makefile.am, doc/manpage/mount.ecryptfs.8,
  doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
  doc/manpage/umount.ecryptfs.8,
  doc/manpage/umount.ecryptfs_private.1, src/desktop/ecryptfs-find =>
  src/utils/ecryptfs-find, src/desktop/Makefile.am,
  src/utils/Makefile.am:
  - add 3 new manpages, for ecryptfs-find, ecryptfs-verify, and
    ecryptfs-migrate-home
  - Add SEE ALSO section to manpages which were missing it
  - Mention "Debian and Ubuntu" in license location
  - move the ecryptfs-find utility to the proper location in src/utils
* src/utils/Makefile.am:
  - fix broken build
* debian/ecryptfs-utils.links:
  - link no longer needed for ecryptfs-find

[ Colin King ]
* === added directory tests/kernel/mmap-bmap, === added directory
  tests/kernel/xattr, tests/kernel/link.sh, tests/kernel/Makefile.am,
  tests/kernel/mknod.sh, tests/kernel/mmap-bmap.sh, tests/kernel/mmap-
  bmap/test.c, tests/kernel/tests.rc, tests/kernel/xattr.sh,
  tests/kernel/xattr/test.c:
  - ran the current eCryptfs tests on 3.8-rc4 with kernel gcov enabled
    and spotted a few trivial areas where it would be useful to up the
    test coverage on the code
  - so here are a few very simple additional tests to exercise eCryptfs
    a little further

90. By Dustin Kirkland  on 2013-01-22

[ Dustin Kirkland ]
* debian/control:
  - bump standards, no change
* precise

[ Tyler Hicks ]
* autogen.sh, scripts/release.sh, Makefile.am:
  - Break out the autoreconf and intltoolize commands from release.sh into
    an executable autogen.sh
  - Use the --copy option when invoking intltoolize
  - Include the new autogen.sh script in the release tarball
* debian/rules, debian/control:
  - Use dh-autoreconf so that upstream sources can easily be used to build
    packages for all the stable Ubuntu releases in the ecryptfs-utils daily
    build PPA
  - Override the dh_autoreconf target by running the autogen.sh script
  - Drop Build-Depends on autotools-dev since dh-autoreconf is a superset of
    autotools-dev
  - Drop Build-Depends on autoconf, automake, and libtool since
    dh-autoreconf depends on all of these packages
* m4/ac_python_devel.m4:
  - Fix FTBFS in Raring Ringtail due to multiarch Python. Be sure to include
    platform specific Python include directions in SWIG_PYTHON_CPPFLAGS.
* src/utils/mount.ecryptfs_private.c:
  - Fix conditionals when checking whether to remove authentication tokens
    from the kernel keyring upon umount. This conditional was incorrectly
    modified in ecryptfs-utils-101, yet the authentication tokens still seem
    to be removed from the kernel keyring so it isn't clear if there was
    actually a user-facing regression.
  - Pass the FEKEK sig, rather than the FNEK sig, to
    ecryptfs_private_is_mounted()
  - Restore behavior of not printing error messages to syslog when
    unmounting and keys cannot be found in the kernel keyring.
  - Restore behavior of printing a useful error message about
    ecryptfs-mount-private when mounting and keys cannot be found in the
    kernel keyring
  - Fix memory leak and clean up free()'s in an error path
  - Use pointer assignment tests, rather than strlen(), to determine which
    key signatures were fetched
* src/daemon/main.c, src/include/ecryptfs.h,
  src/libecryptfs/{Makefile.am,messaging.c,miscdev.c,netlink.c,sysfs.c},
  doc/manpage/ecryptfsd.8, doc/design_doc/ecryptfs_design_doc_v0_2.tex:
  - Remove netlink messaging interface support
  - Netlink messaging support was superceded by the miscdev interface
    (/dev/ecryptfs) in upstream kernel version 2.6.26 in July, 2008
  - Netlink messaging support was completely removed from the upstream
    kernel starting with version 2.6.32 in December, 2009
* src/jprobes/*, scripts/delete-cruft.sh:
  - Remove all jprobes code, as I don't use jprobes to debug eCryptfs kernel
    issues and I don't like the idea of maintaining these jprobes outside of
    the kernel tree
* src/escrow/*:
  - Remove all escrow code, as it isn't used or maintained
* tests/kernel/llseek.sh, tests/kernel/llseek/test.c,
  tests/userspace/wrap-unwrap.sh, tests/userspace/wrap-unwrap/test.c:
  - Migrate some old testcases over to the modern test framework
* tests/lib/etl_funcs.sh:
  - Update etl_create_test_dir() to allow a parent directory to be specified
    when creating the directory
* src/testcases:
  - Delete old testcases that were either too basic, covered by more
    extensive tests in the modern test framework, or just didn't work

[ Nobuto MURATA ]
* src/desktop/ecryptfs-record-passphrase:

89. By Dimitri John Ledkov on 2012-12-24

Fix FTBFS: multiarched python2.7 paths.

88. By Nobuto Murata on 2012-12-06

* debian/patches/record-passphrase-dialogue-translatable.patch:
  - make "Record your encryption passphrase" dialogue translatable
    (LP: #982924)
  - to workaround lp bug 1075304, removing line breaks(.) in the
    dialogue

87. By Dustin Kirkland  on 2012-10-25

[ Eric Lammerts ]
* src/libecryptfs/sysfs.c: LP: #1007880
  - Handle NULL mnt pointer when sysfs is not mounted

[ Tyler Hicks ]
* src/utils/ecryptfs-migrate-home: LP: #1026180
  - Correct minor misspelling
* src/utils/ecryptfs-recover-private: LP: #1004082
  - Fix option parsing when --rw is specified
* src/utils/ecryptfs-recover-private: LP: #1028923
  - Simplify success message to prevent incorrectly reporting that a
    read-only mount was performed when the --rw option is specified
* tests/lib/etl_func.sh:
  - Add test library function to return a lower path from an upper path,
    based on inode numbers
* tests/kernel/mmap-close.sh, tests/kernel/mmap-close/test.c:
  - Add regression test for open->mmap()->close()->dirty memory->munmap()
    pattern
* tests/kernel/lp-561129.sh:
  - Add test for checking that a pre-existing target inode is properly
    evicted after a rename
* tests/README:
  - Add documentation on the steps to take when adding new test cases

[ Colin King ]
* tests/kernel/lp-911507.sh:
  - Add test case for initializing empty lower files during open()
* tests/kernel/lp-872905.sh:
  - Add test case to check for proper unlinking of lower files when
    lower file initialization fails
* src/key_mod/ecryptfs_key_mod_openssl.c,
  src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
  src/libecryptfs/key_management.c,
  src/utils/mount.ecryptfs_private.c, src/utils/umount.ecryptfs.c:
  - address some issues raised by smatch static analysis
  - fix some memory leaks with frees
  - fix some pointer refs and derefs
  - fix some comment typos

[ Dustin Kirkland ]
* src/libecryptfs/key_management.c:
  - silence pam error message when errno == EACCES
    + "Error attempting to parse .ecryptfsrc file; rc = [-13]"
* src/utils/mount.ecryptfs_private.c: LP: #1052038
  - fix race condition, which typically manifests itself with a user
    saying that their home directory is not accessible, or that their
    filenames are not decrypted
  - the root of the problem is that we were reading the signature file,
    ~/.ecryptfs/Private.sig, twice; in some cases, the first one succeeds,
    so the file encryption signature is read and key is loaded, but then
    some other process (usually from PAM, perhaps a cron job or a
    subsequent login) mounts the home directory before the filename
    encryption key is loaded; thus, $HOME is mounted but filenames are
    not decrypted, so the second read of ~/.ecryptfs/Private.sig fails
    as that file is not found
  - the solution is to rework the internal fetch_sig() function and read
    one or both signatures within a single open/read/close operation of
    the file
  - free memory used by char **sig on failure
* debian/copyright:
  - fix lintian warning
* precise

86. By Dustin Kirkland  on 2012-08-02

[ Tyler Hicks ]
* src/pam_ecryptfs/pam_ecryptfs.c, src/libecryptfs/key_management.c:
    LP: #1024476
  - fix regression introduced in ecryptfs-utils-99 when Encrypted
    Home/Private is in use and the eCryptfs kernel code is compiled as a
    module
  - drop check for kernel filename encryption support in pam_ecryptfs, as
    appropriate privileges to load the eCryptfs kernel module may not be
    available and filename encryption has been supported since 2.6.29
  - always add filename encryption key to the kernel keyring from pam mount

[ Colin King ]
* tests/kernel/inode-race-stat/test.c:
  - limit number of forks based on fd limits
* tests/kernel/enospc.sh, tests/kernel/enospc/test.c,
  tests/kernel/Makefile.am, tests/kernel/tests.rc:
  - add test case for ENOSPC

[ Tim Harder ]
* m4/ac_python_devel.m4: LP: #1029217
  - properly save and restore CPPFLAGS and LIBS when python support is
    enabled

85. By Dustin Kirkland  on 2012-07-13

[ Dustin Kirkland ]
* debian/ecryptfs-utils.postinst: LP: #936093
  - ensure desktop file is executable
* precise

[ Wesley Wiedenmeier ]
* src/utils/mount.ecryptfs.c: LP: #329264
  - remove old hack, that worked around a temporary kernel regression;
    ensure that all mount memory is mlocked

[ Sebastian Krahmer ]
* src/pam_ecryptfs/pam_ecryptfs.c: LP: #732614
  - drop group privileges in the same places that user privileges are
    dropped
  - check return status of setresuid() calls and return if they fail
  - drop privileges before checking for the existence of
    ~/.ecryptfs/auto-mount to prevent possible file existence leakage
    by a symlink to a path that typically would not be searchable by
    the user
  - drop privileges before reading salt from the rc file to prevent the
    leakage of root's salt and, more importantly, using the incorrect salt
  - discovered, independently, by Vasiliy Kulikov and Sebastian Krahmer
* src/pam_ecryptfs/pam_ecryptfs.c: LP: #1020904
  - after dropping privileges, clear the environment before executing the
    private eCryptfs mount helper
  - discovered by Sebastian Krahmer
* src/utils/mount.ecryptfs_private.c: LP: #1020904
  - do not allow private eCryptfs mount aliases to contain ".." characters
    as a preventative measure against a crafted file path being used as an
    alias
  - force the MS_NOSUID mount flag to protect against user controlled lower
    filesystems, such as an auto mounted USB drive, that may contain a
    setuid-root binary
    + CVE-2012-3409
  - force the MS_NODEV mount flag
  - after dropping privileges, clear the environment before executing umount
  - discovered by Sebastian Krahmer

[ Tyler Hicks ]
* src/libecryptfs/key_management.c: LP: #732614
  - zero statically declared buffers to prevent the leakage of stack
    contents in the case of a short file read
  - discovered by Vasiliy Kulikov
* src/libecryptfs/module_mgr.c, src/pam_ecryptfs/pam_ecryptfs.c:
  - fix compiler warnings

84. By Dustin Kirkland  on 2012-06-24

[ Dustin Kirkland ]
* debian/ecryptfs-utils.prerm:
  - drop the pre-removal ERRORs down to WARNINGs
  - these have caused a ton of trouble; whatever is causing ecryptfs-utils
    to be marked for removal should be fixed; but ecryptfs exiting 1 seems
    to be causing more trouble than it's worth
  - LP: #871021, #812270, #988960, #990630, #995381, #1010961
* doc/ecryptfs-faq.html:
  - update the frequently asked questions, which haven't seen much
    attention in a while now
  - drop a few references to sourceforge
* doc/ecryptfs-pam-doc.txt, doc/manpage/fr/ecryptfs-add-passphrase.1,
  doc/manpage/fr/ecryptfs-generate-tpm-key.1, doc/manpage/fr/ecryptfs-
  insert-wrapped-passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-
  mount-private.1, doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
  doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
  umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
  doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
  zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
  doc/sourceforge_webpage/ecryptfs-article.pdf,
  doc/sourceforge_webpage/ecryptfs_design_doc_v0_1.pdf,
  doc/sourceforge_webpage/ecryptfs-faq.html,
  doc/sourceforge_webpage/ecryptfs-key-diagram-356.png,
  doc/sourceforge_webpage/ecryptfs-key-diagram-640.png,
  doc/sourceforge_webpage/ecryptfs-pageuptodate-call-graph.png,
  doc/sourceforge_webpage/ecryptfs-pam-doc.txt,
  doc/sourceforge_webpage/ecryptfs.pdf,
  doc/sourceforge_webpage/index.html, doc/sourceforge_webpage/README,
  === removed directory doc/manpage/fr, === removed directory
  doc/sourceforge_webpage, rpm/ecryptfs-utils.spec:
  - remove some deprecated documentation
  - fish it out of bzr, if we ever need it again, but let's
    quit publishing it in our release tarballs
* precise

83. By Dustin Kirkland  on 2012-06-15

[ Kees Cook ]
* src/pam_ecryptfs/pam_ecryptfs.c: LP: #938326
  - exit, rather than return to prevent duplicate processes

[ Andreas Raster ]
* src/desktop/ecryptfs-find:
  - $mounts was quoted once too often

[ George Wilson ]
* src/key_mod/ecryptfs_key_mod_openssl.c,
  src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
  src/key_mod/ecryptfs_key_mod_tspi.c: LP: #937331
  - IBM would like to grant a license exception for key modules that
    require linking to OpenSSL. The change should make the modules
    shippable by Linux distributions

[ Dustin Kirkland ]
* debian/copyright:
  - note the GPLv2 SSL exception granted by IBM for the key modules
* debian/control, debian/copyright, doc/manpage/ecryptfs.7,
  doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
  doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
  insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
  manager.8, doc/manpage/ecryptfs-mount-private.1,
  doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
  passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
  doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
  swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
  private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
  doc/manpage/ecryptfs-wrap-passphrase.1,
  doc/manpage/mount.ecryptfs.8, doc/manpage/mount.ecryptfs_private.1,
  doc/manpage/pam_ecryptfs.8, doc/manpage/umount.ecryptfs.8,
  doc/manpage/umount.ecryptfs_private.1, README,
  src/utils/mount.ecryptfs.c:
  - use the new ecryptfs.org website where appropriate
* debian/control:
  - update to suggest zescrow-client
* precise

[ Sergio Peña ]
* src/libecryptfs/cipher_list.c: LP: #922821
  - add the new name of the blowfish cipher (linux >= 3.2)
* src/include/ecryptfs.h, src/libecryptfs/main.c,
  src/utils/mount.ecryptfs.c: LP: #917509
  - use execl() to mount ecryptfs
  - this allows us to support any arbitrary mount options in
    /etc/fstab

[ Tyler Hicks ]
* doc/manpage/ecryptfs.7:
  - Remove the note saying that the passphrase and openssl key modules are
    available by default. That's true upstream but not always true in distro
    builds.
* tests/run_tests.sh:
  - Make upper and lower mount point arguments optional by automatically
    creating directories in /tmp by default.
  - Make it possible to run only userspace tests without having to specify
    unused mount information
  - Accept a comma-separated list of lower filesystems to test on and loop
    through all kernel tests for each lower filesystem
  - Accept a comma-separated list of tests to run
* tests/lib/etl_funcs.sh:
  - Unset $ETL_DISK just before etl_remove_disk() successfully returns
* tests/userspace/Makefile.am:
  - Also build 'make check' tests when building with --enable-tests
* include/ecryptfs.h, libecryptfs/Makefile.am,
  libecryptfs/cipher_list.c, libecryptfs/module_mgr.c,
  utils/io.h: LP: #994813
  - remove overly complicated implementation to detect what ciphers
    are supported by the currently running kernel's crypto api
  - prompt for the entire supported cipher list, if the user selects a
    cipher that their kernel doesn't support, the mount will fail
    and the kernel will write an error message to the syslog
* src/libecryptfs/module_mgr.c:
  - Use correct blowfish block size when displaying supported ciphers to
    the user
* tests/kernel/lp-1009207.sh, tests/kernel/Makefile.am,
  tests/kernel/tests.rc:
  - Add simple test case for incorrect handling of umask and default POSIX
    ACL masks
* tests/kernel/lp-994247.sh, tests/kernel/lp-994247/test.c,
  tests/kernel/Makefile.am, tests/kernel/tests.rc:
  - Add test case for incorrect handling of open /dev/ecryptfs file
    descriptors that are passed or inherited by other processes

[ Colin King ]
* tests/lib/etl_funcs.sh:
  - etl_lumount() should use DST rather than SRC dir so it can run on Lucid
  - use file system appropriate mkfs force flag
  - cater for correct ext2 default mount flags
* tests/kernel/lp-509180.sh, tests/kernel/lp-509180/test.c:
  - test for trailing garbage at end of files
* tests/kernel/lp-524919.sh, tests/kernel/lp-524919/test.c:
  - test case for checking lstat/readlink size
* tests/kernel/lp-870326.sh, tests/kernel/lp-870326/test.c:
  - test case for open(), mmap(), close(), modify mmap'd region
* tests/kernel/lp-469664.sh:
  - test case for lsattr
* tests/kernel/lp-613873.sh:
  - test case for stat modify time
* tests/kernel/lp-745836.sh:
  - test case for clearing ECRYPTFS_NEW_FILE flag during truncate
* tests/lib/etl_funcs.sh, tests/kernel/extend-file-random.sh,
  tests/kernel/trunc-file.sh (LP: #1007159):
  - Add test library function for estimating available space in lower fs
  - Use new library function in tests that need to create large files

[ Colin Watson ]
* src/utils/ecryptfs-setup-swap: Skip /dev/zram* swap devices
  LP: #979350

[ Serge Hallyn ]
* src/utils/mount.ecryptfs_private.c:
  - EoL fixes

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers