-
ecryptfs-utils (96-0ubuntu3.5) precise-security; urgency=medium
* SECURITY UPDATE: Don't allow mount.ecryptfs_private to be used to mount on
top of pseudo filesystem such as procfs
- debian/patches/CVE-2016-1572.patch: Check the filesystem type of the
mount destination against a whitelist of approved types.
- CVE-2016-1572
* debian/patches/CVE-2014-9687.patch: Update patch to return an error when a
version 1 wrapped passphrase file could not be read.
-- Tyler Hicks <email address hidden> Fri, 15 Jan 2016 17:49:10 -0600
-
ecryptfs-utils (96-0ubuntu3.4) precise-security; urgency=medium
* SECURITY UPDATE: Mount passphrase wrapped with a default salt value
- debian/patches/CVE-2014-9687.patch: Generate a random salt when wrapping
the mount passphrase. If a user has a mount passphrase that was wrapped
using the default salt, their mount passphrase will be rewrapped using a
random salt when they log in with their password.
- debian/patches/CVE-2014-9687.patch: Create a temporary file when
creating a new wrapped-passphrase file and copy it to its final
destination after the file has been fully synced to disk (LP: #1020902)
- debian/rules: Set the executable bit on the wrap-unwrap.sh and
v1-to-v2-wrapped-passphrase.sh test scripts that were created by
wrapping-passphrase-salt.patch
- CVE-2014-9687
-- Tyler Hicks <email address hidden> Wed, 04 Mar 2015 16:38:14 -0600
-
ecryptfs-utils (96-0ubuntu3.1) precise-proposed; urgency=low
* Fix encrypted home/private race condition that could result in encrypted
filenames not being decrypted, despite the directory being mounted
correctly otherwise. (LP: #1052038)
- debian/patches/fix-private-mount-race.patch: Fix race condition by only
opening the signature file once, rather than opening, reading, and
closing it for each key signature.
-- Tyler Hicks <email address hidden> Tue, 04 Dec 2012 14:12:55 -0600
-
ecryptfs-utils (96-0ubuntu3) precise; urgency=low
* src/utils/ecryptfs-setup-swap: Skip /dev/zram* swap devices
(LP: #979350).
-- Colin Watson <email address hidden> Wed, 18 Apr 2012 15:52:45 +0100
-
ecryptfs-utils (96-0ubuntu2) precise; urgency=low
* Add debian/patches/automount-fork-exit.patch (LP: #938326).
-- Kees Cook <email address hidden> Tue, 21 Feb 2012 17:49:54 -0800
-
ecryptfs-utils (96-0ubuntu1) precise; urgency=low
[ Dustin Kirkland ]
* CONTRIBUTING:
- added a new file to describe how to contribute to ecryptfs
* === added directory img/old, img/old/ecryptfs_14.png,
img/old/ecryptfs_192.png, img/old/ecryptfs_64.png:
- saving the old logos/branding for posterity
* debian/copyright, img/COPYING:
- added CC-by-SA 3.0 license
- use the text version
* img/ecryptfs_14.png, img/ecryptfs_192.png, img/ecryptfs_64.png:
- added scaled copies of images used for Launchpad.net branding
* src/utils/ecryptfs-recover-private: LP: #847505
- add an option to allow user to enter the mount passphrase,
in case they've recorded that, but forgotten their login
passphrase
* src/libecryptfs/sysfs.c: LP: #802197
- default sysfs to /sys, if not found in /etc/mtab
- it seems that reading /etc/mtab for this is outdated
- ensure that ecryptfs works even if there is no sysfs entry
in /etc/mtab
* src/key_mod/ecryptfs_key_mod_tspi.c: LP: #462225
- fix TPM and string_to_uuid 64bits issue
- thanks to Janos for the patch
* precise
[ Tyler Hicks ]
* CONTRIBUTING:
- clarified how to contribute to the ecryptfs kernel module
* tests/lib/etl_funcs.sh:
- created eCryptfs test library of bash functions for use in test
cases and test harnesses
* test/etl_add_passphrase_key_to_keyring.c:
- created a C helper program to allow bash scripts to interface to
the libecryptfs function that adds passphrase-based keys to the
kernel keyring
* tests/kernel/tests.rc, tests/userspace/tests.rc:
- created a test case category files for test harnesses to source
when running testcases of a certain category (destructive, safe,
etc.)
* tests/run_tests.sh:
- created a test harness to run eCryptfs test cases
* tests/kernel/miscdev-bad-count.sh,
tests/kernel/miscdev-bad-count/test.c:
- created test case for miscdev issue reported to mailing list
* tests/kernel/lp-885744.sh:
- created test case for pathconf bug
* tests/kernel/lp-926292.sh:
- created test case for checking stale inode attrs after setxattr
* tests/new.sh:
- created new test case template to copy from
* tests/userspace/verify-passphrase-sig.sh,
tests/userspace/verify-passphrase-sig/test.c:
- created test case, for make check, to test the creation of
passphrase-based fekeks and signatures
* configure.ac, Makefile.am, tests/Makefile.am, tests/lib/Makefile.am,
tests/kernel/Makefile.am, tests/userspace/Makefile.am:
- updated and created autoconf/automake files to build the new tests
directory
- added make check target
[ Eddie Garcia ]
* img/*: LP: #907131
- contributing a new set of logos and branding under the CC-by-SA3.0
license
[ Colin King ]
* tests/kernel/extend-file-random.sh,
tests/kernel/extend-file-random/test.c:
- Test to randomly extend file size, read/write + unlink
* tests/kernel/trunc-file.sh, tests/kernel/trunc-file/test.c:
- Test to exercise file truncation
* tests/kernel/directory-concurrent.sh,
tests/kernel/directory-concurrent/test.c:
- test for directory creation/deletion races with multiple processes
* tests/kernel/file-concurrent.sh,
tests/kernel/file-concurrent/test.c:
- test for file creation/truncation/unlink races with multiple
processes
* tests/kernel/inotify.sh, tests/kernel/inotify/test.c:
- test for proper inotify support
* tests/kernel/mmap-dir.sh, tests/kernel/mmap-dir/test.c:
- test that directory files cannot be mmap'ed
* tests/kernel/read-dir.sh, tests/kernel/read-dir/test.c:
- test that read() on directory files returns the right error
* tests/kernel/setattr-flush-dirty.sh:
- test that the modified timestamp isn't clobbered in writeback
* tests/kernel/inode-race-stat.sh, tests/kernel/inode-race-stat/test.c:
- test for inode initialization race condition
-- Dustin Kirkland <email address hidden> Thu, 16 Feb 2012 14:22:09 -0600
-
ecryptfs-utils (95-0ubuntu1) precise; urgency=low
[ Serge Hallyn ]
* fix infinite loop on arm: fgetc returns an int, and -1 at end of
options. Arm makes char unsigned. (LP: #884407)
[ Dustin Kirkland ]
* debian/compat, debian/control, debian/ecryptfs-utils.install,
debian/ecryptfs-utils.lintian-overrides,
debian/libecryptfs0.install, debian/libecryptfs-dev.install,
debian/lintian/ecryptfs-utils, debian/python-ecryptfs.install,
debian/rules, debian/source/options, doc/ecryptfs-pam-doc.txt,
doc/manpage/ecryptfs-setup-private.1, lintian/ecryptfs-utils, ===
removed directory debian/lintian:
- merge a bunch of packaging changes from Debian's Daniel Baumann
* scripts/release.sh:
- minor release fixes
-- Dustin Kirkland <email address hidden> Wed, 14 Dec 2011 14:22:33 -0600
-
ecryptfs-utils (94-0ubuntu1) precise; urgency=low
[ Dustin Kirkland ]
* scripts/release.sh:
- fix release script
- bump ubuntu release
* doc/manpage/ecryptfs-recover-private.1, src/utils/ecryptfs-migrate-
home (properties changed: -x to +x), src/utils/ecryptfs-recover-
private:
- add a --rw option for ecryptfs-recover-private
* src/utils/ecryptfs-migrate-home: LP: #820416
- show progress on rsync
* debian/ecryptfs-utils.ecryptfs-utils-restore.upstart,
debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
src/utils/ecryptfs-migrate-home,
src/utils/ecryptfs-setup-private: LP: #883238
- remove 2 upstart scripts, which attempted to "save" users who didn't
login after migrating their home; instead, we now require the root
user to enter user passwords at migration time
* debian/copyright, debian/ecryptfs-utils.ecryptfs-utils-
restore.upstart, debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
doc/manpage/ecryptfs.7, doc/manpage/ecryptfs-add-passphrase.1,
doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
mount-private.1, doc/manpage/ecryptfs-recover-private.1,
doc/manpage/ecryptfs-rewrap-passphrase.1, doc/manpage/ecryptfs-
rewrite-file.1, doc/manpage/ecryptfs-setup-private.1,
doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
doc/manpage/ecryptfs-umount-private.1, doc/manpage/ecryptfs-unwrap-
passphrase.1, doc/manpage/ecryptfs-wrap-passphrase.1,
doc/manpage/fr/ecryptfs-add-passphrase.1, doc/manpage/fr/ecryptfs-
generate-tpm-key.1, doc/manpage/fr/ecryptfs-insert-wrapped-
passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-mount-private.1,
doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
doc/manpage/umount.ecryptfs.8,
doc/manpage/umount.ecryptfs_private.1,
src/pam_ecryptfs/pam_ecryptfs.c,
src/utils/ecryptfs_add_passphrase.c,
src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
src/utils/ecryptfs-migrate-home, src/utils/ecryptfs-mount-private,
src/utils/ecryptfs-recover-private,
src/utils/ecryptfs_rewrap_passphrase.c, src/utils/ecryptfs-rewrite-
file, src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-
swap, src/utils/ecryptfs-umount-private,
src/utils/ecryptfs_unwrap_passphrase.c,
src/utils/ecryptfs_wrap_passphrase.c:
- update some email addresses, moving <email address hidden> ->
<email address hidden> (which I can still read)
* src/libecryptfs/key_management.c: LP: #715066
- fix 2 places where we were handling
ecryptfs_add_passphrase_key_to_keyring() inconsistently
- if we're trying to add a key to the keyring, and it's already there,
treat that as "success"
* debian/control:
- ecryptfs-setup-swap is strongly recommended, which depends on
cryptsetup; so promote cryptsetup from suggests -> recommends
* precise
[ Stephan Ritscher and Tyler Hicks ]
* src/libecryptfs/cmd_ln_parser.c: LP: #683535
- fix passphrase_passwd_fd for pipes
- handle memory allocation failures
- free memory in error paths
[ Arfrever Frehtes Taifersar Arahesis ]
* configure.ac: LP: #893327
- no need to check for python, if --disable-pywrap is passed
-- Dustin Kirkland <email address hidden> Wed, 14 Dec 2011 11:49:10 -0600
-
ecryptfs-utils (93-0ubuntu2) precise; urgency=low
* fix infinite loop on arm: fgetc returns an int, and -1 at end of
options. Arm makes char unsigned. (LP: #884407)
-- Serge Hallyn <email address hidden> Tue, 08 Nov 2011 10:47:03 -0600
-
ecryptfs-utils (93-0ubuntu1) precise; urgency=low
* src/utils/ecryptfs-verify, src/utils/Makefile.am:
- add an ecryptfs-verify utility, LP: #845738
* src/testcases/write-read.sh:
- added a write/read test utility
* doc/manpage/ecryptfs-mount-private.1, doc/manpage/ecryptfs-setup-
private.1, doc/manpage/mount.ecryptfs_private.1,
doc/manpage/umount.ecryptfs_private.1: LP: #882267
- remove inaccurate documentation about being a member of the ecryptfs
group
* src/utils/ecryptfs-setup-private: LP: #882314
- fix preseeded encrypted home Ubuntu installations (thanks Timo!)
* oneiric
-- Dustin Kirkland <email address hidden> Thu, 27 Oct 2011 10:55:04 -0500
-
ecryptfs-utils (92-0ubuntu1) oneiric; urgency=low
* src/libecryptfs/key_management.c: LP: #725862
- fix nasty bug affecting users who do *not* encrypt filenames;
the first login works, but on logout, only one key gets
cleaned out; subsequent logins do not insert the necessary key
due to an early "goto out"; this fix needs to be SRU'd
* debian/rules: LP: #586281
- fix perms on desktop mount file
* src/pam_ecryptfs/pam_ecryptfs.c: LP: #838471
- rework syslogging to be less noisy and note pam_ecryptfs
-- Dustin Kirkland <email address hidden> Thu, 01 Sep 2011 16:25:03 -0500