Created by Ubuntu Package Importer on 2015-03-11 and last modified on 2015-07-15
Get this branch:
bzr branch lp:ubuntu/vivid-proposed/ecryptfs-utils
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

48. By Martin Pitt on 2015-07-09

* Add setup-swap-check-links.patch: When commenting out existing swap, also
  consider device symlinks like /dev/mapper/ubuntu--vg-swap_1 or
  /dev/disks/by-uuid/ into account. Fixes broken cryptswap under LVM and
  manual setups. (LP: #1453738)
* debian/ecryptfs-utils.postinst: On upgrade, uncomment underlying
  unencrypted swap partitions that are referred to by a device link when
  crypttab and fstab have a "cryptswap*" device referring to them.

47. By Martin Pitt on 2015-04-24

* Add setup-swap-mark-gpt-noauto.patch: In ecryptfs-setup-swap, mark the
  "fake" underlying unencrypted swap partition as no-auto Without that, the
  swap partition gets auto-activated under systemd as it cannot be told
  apart from a real unencrypted swap partition.
* debian/ecryptfs-utils.postinst: Fix existing GPT installations with
  cryptswap1 and an offset= for the above issue. (LP: #1447282)

46. By Dustin Kirkland  on 2015-03-26

[ Dustin Kirkland ]
* scripts/release.sh:
  - a few more release script improvements, build the source
    package for the Ubuntu development distro
* debian/control:
  - build depend on distro-info, which we use in our release script
* vivid

[ Tyler Hicks ]
* src/libecryptfs/key_management.c:
  - Fix a regression when reading version 1 wrapped passphrase files. A
    return code indicating success was always returned even when an error
    was encountered. The impact is low since the error situation is still
    caught when validating either the wrapping password's signature or the
    wrapped passphrase's signature. Thanks to László Böszörményi for
    catching this mistake.
  - Reject empty passphrases passed into ecryptfs_wrap_passphrase()
* src/libecryptfs/main.c:
  - Reject empty wrapping passphrases passed into generate_passphrase_sig()

45. By Dustin Kirkland  on 2015-03-11

[ Dustin Kirkland and Martin Pitt ]
* debian/ecryptfs-utils.postinst: LP: #953875
  - detect and clean up after nonexisting cryptswap devices

[ Tyler Hicks ]
* tests/userspace/Makefile.am: Fix the 'make check' failure present in the
  ecryptfs-utils-105 release tarball. The failure was due to the automake
  file not specifying that some data files should be distributed as part
  of the v1-to-v2-wrapped-passphrase test, causing the test to fail due to
  the missing files.

[ Dustin Kirkland ]
* scripts/release.sh:
  - ensure that we try a binary build as part of the release process
  - make sure we're in the original working directory when we release
  - remove the -x option, too noisy
* vivid
* vivid
* vivid

44. By Dustin Kirkland  on 2015-03-11

[ Dustin Kirkland ]
* doc/manpage/ecryptfs.7: LP: #1267640
  - fix inconsistency in man page for passphrase_passwd_file format
* doc/manpage/ecryptfs-setup-private.1, src/utils/ecryptfs-setup-
  private, src/utils/ecryptfs-setup-swap: LP: #1420424
  - use /dev/random rather than /dev/urandom for long lived keys
* src/utils/ecryptfs-setup-private:
  - use /dev/urandom for our testing, as we read a lot of info
* src/utils/ecryptfs-setup-swap: LP: #953875, #1086140
  - fix a whitespace bug in a grep, that might cause us to not
    comment out the old swap space in /etc/fstab
  - offset the start of the encrypted swap space by 1KB, which
    ensures that we don't overwrite the UUID label on the header
    of the partition
  - use the aes-xts block cipher, and plain64 initialization vector,
    which are current best practice here
  - fixed a grammar nitpick

[ Colin King ]
* src/libecryptfs/key_management.c, src/utils/mount.ecryptfs.c:
  - A couple of minor fixes: Fix a memory leak and handle out of memory
    error, as found by using cppcheck.
* src/utils/mount.ecryptfs.c
  - fix potential double free on yesno if get_string_stdin exits early
    without allocating a new buffer and we free yesno on the exit clean
    up path.
* src/libecryptfs/cmd_ln_parser.c
  - remove redundant if / goto statement that does nothing.

[ Anders Kaseorg ]
* src/pam_ecryptfs/pam_ecryptfs.c: exit (not return) from forked child on
  error (LP: #1323421)

[ Tyler Hicks ]
* Introduce the version 2 wrapped-passphrase file format. It adds the
  ability to combine a randomly generated salt with the wrapping password
  (typically, a user's login password) prior to performing key
  strengthening. The version 2 file format is considered to be a
  intermediate step in strengthening the wrapped-passphrase files of
  existing encrypted home/private users. Support for reading/writing version
  2 wrapped-passphrase files and transparent migration, through
  pam_ecryptfs, from version 1 to version 2 files is considered safe enough
  to backport to stable distro releases. The libecryptfs ABI around
  wrapped-passphrase file handling is not broken.
  - CVE-2014-9687
* Run wrap-unwrap.sh test as part of the make check target.
* Add a new test, called v1-to-v2-wrapped-passphrase.sh, which is suitable
  for the make check target and verifies v1 to v2 wrapped-passphrase file
* Create a temporary file when creating a new wrapped-passphrase file and
  copy it to its final destination after the file has been fully synced to
  disk (LP: #1020902)

43. By Dustin Kirkland  on 2009-03-20

[ Dustin Kirkland ]
Userspace fixes for LP: #345544, CVE-2009-0787
* src/utils/ecryptfs-rewrite-file: new script, to rewrite a file,
  forcing it to be re-encrypted when written to disk
* doc/manpage/ecryptfs-rewrite-file.1: documentation added

Unrelated fixes in this release
* src/utils/ecryptfs-mount-private, src/utils/ecryptfs-setup-private,
  src/utils/ecryptfs-setup-swap: use head/line for prompting and reading

[ Michal Hlavinka ]
* ecryptfs-setup-private: don't fail with syntax error when kernel
  module not loaded
* *.desktop: make desktop files standards compliant
* umount.ecryptfs: don't sigsegv when arguments are missing

42. By Dustin Kirkland  on 2009-03-18

[ Dustin Kirkland ]
* src/utils/ecryptfs-[u]mount-private: print message about cd $PWD,
  LP: #332331
* doc/manpage/*: manpage updates
* debian/ecryptfs-utils.prerm: prevent removal of ecryptfs-utils
  package, if in use, LP: #331085
* src/utils/ecryptfs-setup-private:
  - allow for LDAP-based logins, LP: #317307
  - add --noautomount, --noautoumount options, LP: #301759

[ Tyler Hicks ]
* src/libecryptfs/cipher_list.c: ignore unknown ciphers, LP: #335632
* doc/manpage/ecryptfs.7: add key sig mount options info, LP: #329491
* src/utils/mount.ecryptfs.c: scrub unknown option

[ James Dupin ]
* doc/manpage/fr/*: initial cut at french manpages

[ Michal Hlavinka ]
* src/libecryptfs/module_mgr.c: fix mount parameter handling on
  interactive mounting, LP: #331948

41. By Dustin Kirkland  on 2009-02-23

debian/ecryptfs-utils.prerm: perform some cursory checks, to ensure that
there are no obvious, current users of ecryptfs before allowing package
removal, LP: #331085

40. By Dustin Kirkland  on 2009-02-18

Upstream changes

[ Dustin Kirkland ]
* src/utils/ecryptfs-setup-swap: a first cut at a script that helps setup
  encrypted swap
* debian/control: suggest cryptsetup

[ Michal Hlavinka ]
* improve interactive mode of mount.ecryptfs

39. By Dustin Kirkland  on 2009-02-13

* New upstream release, dropped all patches (included upstream)

[ Michal Hlavinka ]
* Auto module loading improvements
* Fix nss passphrase (un)wrapping
* Fix error handling when wrapping passphrase is too long
* Use %m instead of strerror(errno) everywhere
* Make the code compile with -Werror

[ Tyler Hicks ]
* umount.ecryptfs wrapper, clears keys

[ Dustin Kirkland ]
* Add a trailing newline to passphrase printing
* Hack around glibc/kernel mlock limit issue, LP: #329176

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.