Ubuntu
ecryptfs-utils package

lp:ubuntu/utopic-security/ecryptfs-utils

  1. Utopic (14.10)
  2. utopic-security
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/utopic-security/ecryptfs-utils
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

45. By Tyler Hicks

* SECURITY UPDATE: Mount passphrase wrapped with a default salt value
  - debian/patches/CVE-2014-9687.patch: Generate a random salt when wrapping
    the mount passphrase. If a user has a mount passphrase that was wrapped
    using the default salt, their mount passphrase will be rewrapped using a
    random salt when they log in with their password.
  - debian/patches/CVE-2014-9687.patch: Create a temporary file when
    creating a new wrapped-passphrase file and copy it to its final
    destination after the file has been fully synced to disk (LP: #1020902)
  - debian/rules: Set the executable bit on the
    v1-to-v2-wrapped-passphrase.sh test script that was created by
    wrapping-passphrase-salt.patch
  - CVE-2014-9687

44. By Nobuto Murata

[ Colin King ]
* src/libecryptfs/ecryptfs-stat.c, tests/kernel/extend-file-
  random/test.c, tests/kernel/inode-race-stat/test.c,
  tests/kernel/trunc-file/test.c:
  - Fixed some 32 bit build warnings
* src/libecryptfs/decision_graph.c, src/libecryptfs/key_management.c,
  src/libecryptfs/main.c, src/libecryptfs/module_mgr.c, src/utils/io.c,
  src/utils/mount.ecryptfs_private.c, tests/kernel/inotify/test.c,
  tests/kernel/trunc-file/test.c, tests/userspace/wrap-unwrap/test.c:
  - Fixed a pile of minor bugs (memory leaks, unclosed file descriptors,
    etc.) mostly in error paths
* src/key_mod/ecryptfs_key_mod_passphrase.c, src/libecryptfs/main.c,
  src/pam_ecryptfs/pam_ecryptfs.c:
  - more Coverity fixes, memory leak, error checking, etc.

[ Nobuto MURATA ]
* fix an empty update-notifier window (LP: #1107650)
  - changes made in Rev.758 was incomplete

[ Tyler Hicks ]
* doc/manpage/ecryptfs.7:
  - adjust man page text to avoid confusion about whether the interactive
    mount helper takes a capital 'N' for the answer to y/n questions
    (LP: #1130460)
* src/utils/ecryptfs_rewrap_passphrase.c:
  - Handle errors when interactively reading the new wrapping passphrase
    and the confirmation from stdin. Fixes a segfault (invalid memory read)
    in ecryptfs-rewrap-passphrase if there was an error while reading either
    of these passphrases.
* configure.ac:
  - Set AM_CPPFLAGS to always include config.h as the first include file.
    Some .c files correctly included config.h before anything else. The
    majority of .c files got this wrong by including it after other header
    files, including it multiple times, or not including it at all.
    Including it in the AM_CPPFLAGS should solve these problems and keep
    future mistakes from happening in new source files.
  - Enable large file support (LFS) through the use of the AC_SYS_LARGEFILE
    autoconf macro. ecryptfs-utils has been well tested with LFS enabled
    because ecryptfs-utils is being built with
    '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' in Debian-based distros.
    This is mainly needed for some of the in-tree regression tests but
    ecryptfs-utils, in general, should be built with LFS enabled.
* debian/rules:
  - Don't append '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' to the CFLAGS
    now that the upstream build enables LFS
* tests/userspace/lfs.sh, tests/userspace/lfs/test.c:
  - Add a test to verify that LFS is enabled. This test is run under the
    make check target.
* tests/kernel/enospc/test.c:
  - Fix test failures on 32 bit architectures due to large file sizes
    overflowing data types

[ Dustin Kirkland ]
* src/utils/ecryptfs-setup-swap: LP: #1172014
  - write crypttab entry using UUID
* src/utils/ecryptfs-recover-private: LP: #1028532
  - error out, if we fail to mount the private data correctly

[ Colin King and Dustin Kirkland ]
* configure.ac, src/daemon/main.c, src/libecryptfs/cmd_ln_parser.c,
  src/libecryptfs/decision_graph.c, src/utils/mount.ecryptfs.c,
  tests/kernel/trunc-file/test.c:
  - remove some dead code, fix some minor issues raised by Coverity

43. By Dustin Kirkland 

[ Dustin Kirkland ]
Userspace fixes for LP: #345544, CVE-2009-0787
* src/utils/ecryptfs-rewrite-file: new script, to rewrite a file,
  forcing it to be re-encrypted when written to disk
* doc/manpage/ecryptfs-rewrite-file.1: documentation added

Unrelated fixes in this release
* src/utils/ecryptfs-mount-private, src/utils/ecryptfs-setup-private,
  src/utils/ecryptfs-setup-swap: use head/line for prompting and reading
  input

[ Michal Hlavinka ]
* ecryptfs-setup-private: don't fail with syntax error when kernel
  module not loaded
* *.desktop: make desktop files standards compliant
* umount.ecryptfs: don't sigsegv when arguments are missing

42. By Dustin Kirkland 

[ Dustin Kirkland ]
* src/utils/ecryptfs-[u]mount-private: print message about cd $PWD,
  LP: #332331
* doc/manpage/*: manpage updates
* debian/ecryptfs-utils.prerm: prevent removal of ecryptfs-utils
  package, if in use, LP: #331085
* src/utils/ecryptfs-setup-private:
  - allow for LDAP-based logins, LP: #317307
  - add --noautomount, --noautoumount options, LP: #301759

[ Tyler Hicks ]
* src/libecryptfs/cipher_list.c: ignore unknown ciphers, LP: #335632
* doc/manpage/ecryptfs.7: add key sig mount options info, LP: #329491
* src/utils/mount.ecryptfs.c: scrub unknown option

[ James Dupin ]
* doc/manpage/fr/*: initial cut at french manpages

[ Michal Hlavinka ]
* src/libecryptfs/module_mgr.c: fix mount parameter handling on
  interactive mounting, LP: #331948

41. By Dustin Kirkland 

debian/ecryptfs-utils.prerm: perform some cursory checks, to ensure that
there are no obvious, current users of ecryptfs before allowing package
removal, LP: #331085

40. By Dustin Kirkland 

Upstream changes

[ Dustin Kirkland ]
* src/utils/ecryptfs-setup-swap: a first cut at a script that helps setup
  encrypted swap
* debian/control: suggest cryptsetup

[ Michal Hlavinka ]
* improve interactive mode of mount.ecryptfs

39. By Dustin Kirkland 

* New upstream release, dropped all patches (included upstream)

[ Michal Hlavinka ]
* Auto module loading improvements
* Fix nss passphrase (un)wrapping
* Fix error handling when wrapping passphrase is too long
* Use %m instead of strerror(errno) everywhere
* Make the code compile with -Werror

[ Tyler Hicks ]
* umount.ecryptfs wrapper, clears keys

[ Dustin Kirkland ]
* Add a trailing newline to passphrase printing
* Hack around glibc/kernel mlock limit issue, LP: #329176

38. By Dustin Kirkland 

* debian/patches/10-remove-bashism.dpatch: fix installer bug, LP: #326184
* debian/control: Added libnss3-1d dependency (trying to cut over from
  openssl linkage)

37. By Dustin Kirkland 

* New upstream release, dropped all patches (included upstream)
* This release includes support for filename encryption (LP: #264977)
* This release promotes keyutils from a 'recommends' to a 'depends,
  for access to the keyctl command, which is used by the helper scripts
  to clear the keyring on unmount (LP: #313812)

36. By Dustin Kirkland 

debian/patches/05-mount_opts.dpatch: Clean up mount options, LP: #277723

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/vivid/ecryptfs-utils
This branch contains Public information 
Everyone can see this information.

Subscribers