-
ecryptfs-utils (81-0ubuntu3.1) karmic-proposed; urgency=low
* Cherry-pick upstream commit bzr r520
* src/utils/mount.ecryptfs_private.c:
- fix bug LP: #313812, clear used keys on unmount
- add ecryptfs_unlink_sigs to the mount opts, so that unmounts from
umount.ecryptfs behave similarly
- use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek
-- Dustin Kirkland <email address hidden> Fri, 11 Feb 2011 17:19:37 -0600
-
ecryptfs-utils (81-0ubuntu3) karmic; urgency=low
* src/utils/ecryptfs-setup-private, debian/control: LP: #456565
- fix typo, s/getext/gettext
- depend on gettext-base
-- Dustin Kirkland <email address hidden> Tue, 20 Oct 2009 13:42:43 -0500
-
ecryptfs-utils (81-0ubuntu2) karmic; urgency=low
* src/utils/ecryptfs-setup-private: fix bug where setup-private
incorrectly assumed that the home/private dir ownerships should
be owned by USER:USER; instead, default to USER:GROUP, where
GROUP is the USER's primary group by default, cherry-pick upstream
r463, LP: #445301
-- Dustin Kirkland <email address hidden> Wed, 14 Oct 2009 14:20:42 -0500
-
ecryptfs-utils (81-0ubuntu1) karmic; urgency=low
[ Michael Terry ]
* src/utils/ecryptfs-setup=swap: clean up some error message reporting,
LP: #430891, #430890
[ Dustin Kirkland ]
* doc/manpage/ecryptfs.7: note the 64-char passphrase limit, LP: #386504
* src/utils/ecryptfs-setup-private: minor documentation change
-- Dustin Kirkland <email address hidden> Fri, 18 Sep 2009 18:59:00 -0500
-
ecryptfs-utils (80-0ubuntu1) karmic; urgency=low
* Merge from upstream
-- Dustin Kirkland <email address hidden> Wed, 19 Aug 2009 11:31:15 -0500
-
ecryptfs-utils (79-0ubuntu1) karmic; urgency=low
* Merged upstream release
-- Dustin Kirkland <email address hidden> Mon, 17 Aug 2009 11:57:15 -0500
-
ecryptfs-utils (78-0ubuntu1) karmic; urgency=low
[ James Westby ]
* src/libecryptfs/main.c flockfile the filehandle after checking that
we were able to successfully open it (LP: #403011)
* debian/libecryptfs0.shlibs: bump shlibs dep to 77 since we added new
symbols there
-- Dustin Kirkland <email address hidden> Wed, 22 Jul 2009 11:17:41 -0500
-
ecryptfs-utils (77-0ubuntu2) karmic; urgency=low
* flockfile the filehandle after checking that we were able to successfully
open if (LP: #403011)
-- James Westby <email address hidden> Wed, 22 Jul 2009 13:35:11 +0100
-
ecryptfs-utils (77-0ubuntu1) karmic; urgency=low
[ Dustin Kirkland ]
* src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c:
revert the zombie code removal from pam_ecryptfs as it seems this
bit is still needed; fix the source of the problem introduced in
commit r407; check for non-zero return codes; this problem would
manifest itself as a) unable to unlock screensaver, b) unable to
switch users, c) unable to mount home folder on initial login;
LP: #402222, #402029
* src/utils/ecryptfs-umount-private: use for loop to loop over key
ids on removal
* src/utils/mount.ecryptfs_private.c: return non-zero on unmount failure
due to open sessions; handle this in ecryptfs-umount-private too; make
the flock() blocking; use /dev/shm for counter; add an iterator to the
counter file to prevent users from DoS'ing one another from accessing
their encrypted directories, LP: #402745
* debian/ecryptfs-utils.postinst: move /tmp counters to /dev/shm
* configure.ac: link against pam, silence shlib warning
* src/include/ecryptfs.h, src/libecryptfs/main.c,
src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
src/utils/mount.ecryptfs_private.c: move two functions from
mount.ecryptfs_private to libecryptfs, namely is_mounted() and
fetch_private_mnt(); use these in both pam_ecryptfs and
mount.ecryptfs_private; also move PRIVATE to ECRYPTFS_PRIVATE in
the ecryptfs.h headers; this will allow us to short-circuit some of the
costly key-loading code on pam_auth if the private dir is already
mounted, speeding up some subsequent authentications significantly,
LP: #402748
* doc/ecryptfs-mount-private.txt: removed the "$" to make copy-n-paste
more user friendly
* src/utils/ecryptfs-setup-private: when encrypting home, put the
.ecryptfs and .Private data in /home/.ecryptfs rather than /var/lib,
as users are forgetting to backup /var/lib, and are often putting
/home on a separate partition; furthermore, this gives users a place
to access their encrypted data for backup, rather than hiding the
data below $HOME, LP: #371719
[ Tyler Hicks ]
* src/libecryptfs/cipher_list.c, src/libecryptfs/module_mgr.c:
add blowfish/56-bytes to the list of ciphers we officially support,
LP: #402790
-- Dustin Kirkland <email address hidden> Wed, 22 Jul 2009 00:01:56 -0500
-
ecryptfs-utils (76-0ubuntu2) karmic; urgency=low
* src/pam_ecryptfs/pam_ecryptfs.c: remove deprecated zombie code,
LP: #401770
-- Dustin Kirkland <email address hidden> Mon, 20 Jul 2009 12:07:50 -0500
-
ecryptfs-utils (76-0ubuntu1) karmic; urgency=low
[ Dustin Kirkland ]
* src/utils/ecryptfs-setup-swap: switch from vol_id to blkid,
LP: #376486
* debian/ecryptfs-utils.postinst, src/utils/ecryptfs-setup-private:
don't echo mount passphrase if running in bootstrap mode; prune
potential leakages from install log, LP: #383650
* SECURITY UPDATE: mount passphrase recorded in install log (LP: #383650).
- debian/ecryptfs-utils.postinst: prune private information from
installer log
- src/utils/ecryptfs-setup-private: don't echo passphrase if running in
bootstrap mode
- CVE-2009-1296
* src/utils/ecryptfs-setup-private: make some of the lanuage more readable,
(thanks, anrxc)
* README, configure.ac, debian/control, debian/rules,
doc/sourceforge_webpage/README, src/libecryptfs-swig/libecryptfs.py,
src/libecryptfs-swig/libecryptfs_wrap.c,
src/libecryptfs/key_management.c, src/libecryptfs/libecryptfs.pc.in,
src/libecryptfs/main.c, src/pam_ecryptfs/Makefile.am,
src/utils/manager.c, src/utils/mount.ecryptfs.c: move build from gcrypt
to nss (this change has been pending for some time)
* src/utils/ecryptfs-dot-private: dropped, was too hacky
* ecryptfs-mount-private.1, ecryptfs-setup-private.1: align the
documentation and implementation of the wrapping-independent feature,
LP: #383746
* src/utils/ecryptfs-umount-private: use keyctl list @u, since keyctl show
stopped working, LP: #400484, #395082
* src/utils/mount.ecryptfs_private.c: fix counter file locking; solves
a longstanding bug about "random" umount caused by cronjobs, LP: #358573
[ Michal Hlavinka (edits by Dustin Kirkland) ]
* doc/manpage/ecryptfs-mount-private.1,
doc/manpage/ecryptfs-rewrite-file.1,
doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs.7,
doc/manpage/mount.ecryptfs_private.1,
doc/manpage/umount.ecryptfs_private.1: documentation updated to note
possible ecryptfs group membership requirements; Fix ecrypfs.7 man
page and key_mod_openssl's error message; fix typo
* src/libecryptfs/decision_graph.c: put a finite limit (5 tries) on
interactive input; fix memory leaks when asking questions
* src/libecryptfs/module_mgr.c: Don't error out with EINVAL when
verbosity=0 and some options are missing.
* src/utils/umount.ecryptfs.c: no error for missing key when removing it
* src/libecryptfs-swig/libecryptfs.i: fix compile werror, cast char*
* src/utils/ecryptfs_add_passphrase.c: fix/test/use return codes;
return nonzero for --fnek when not supported but used
* src/include/ecryptfs.h, src/key_mod/ecryptfs_key_mod_openssl.c,
src/libecryptfs/module_mgr.c: refuse mounting with too small rsa
key (key_mod_openssl)
* src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c: fix return
codes
* src/utils/ecryptfs-rewrite-file: polish output
* src/libecryptfs/key_management.c: inform about full keyring; insert fnek
sig into keyring if fnek support check fails; don't fail if key already
exists in keyring
* src/utils/ecryptfs-setup-private: if the ecryptfs group exists, restrict
ecryptfs-setup-private to members of this group
* src/pam_ecryptfs/pam_ecryptfs.c: dynamically load ecryptfs module by
checking ecryptfs version
* src/libecryptfs/decision_graph.c, src/utils/io.c,
src/utils/mount.ecryptfs.c: fix EOF handling, LP: #371587
* src/desktop/Makefile.am: make desktop files trusted, LP: #371426
[ Dustin Kirkland and Daniel Baumann ]
* debian/control, debian/copyright, debian/ecryptfs-utils.dirs,
debian/ecryptfs-utils.install, debian/ecryptfs-utils.postinst,
debian/rules, ecryptfs-utils.pam-auth-update: sync Ubuntu's
packaging with Debian; drop dpatch, drop libssl build dep, clean
up extraneous debhelper bits, match cflags; remaining diff is only
ecryptfs-utils.prerm
[ Arfrever Frehtes Taifersar Arahesis ]
* key_mod/ecryptfs_key_mod_gpg.c,
key_mod/ecryptfs_key_mod_pkcs11_helper.c,
libecryptfs/key_management.c, utils/ecryptfs_unwrap_passphrase.c:
Fix warnings, initialize a few variables, drop unused ones
[ David Hicks ]
* src/lib/key_management.c: fix stray semicolon that prevents .ecryptfsrc
files from working properly, LP: #372709
[ Michael Rooney ]
* src/python/ecryptfsapi.py: added python api
-- Dustin Kirkland <email address hidden> Fri, 17 Jul 2009 18:33:44 -0500
-
ecryptfs-utils (75-0ubuntu2) karmic; urgency=low
* SECURITY UPDATE: mount passphrase recorded in install log (LP: #383650).
- debian/ecryptfs-utils.postinst: prune private information from
installer log
- src/utils/ecryptfs-setup-private: don't echo passphrase if running in
bootstrap mode
- CVE-2009-1296
-- Dustin Kirkland <email address hidden> Fri, 05 Jun 2009 09:39:13 -0500
-
ecryptfs-utils (75-0ubuntu1) karmic; urgency=low
[ Dustin Kirkland ]
* debian/rules: drop hackery that moves stuff /usr/share/ecryptfs-utils
* src/utils/mount.ecryptfs_private.c: update inline documentation
* debian/changelog, src/libecryptfs/cmd_ln_parser.c,
src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c,
src/utils/ecryptfs_add_passphrase.c,
src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
src/utils/ecryptfs_rewrap_passphrase.c,
src/utils/ecryptfs_unwrap_passphrase.c,
src/utils/ecryptfs_wrap_passphrase.c: silence some useless logging,
LP: #313330
* include/ecryptfs.h, libecryptfs/key_management.c,
utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
utils/ecryptfs_unwrap_passphrase.c: if the file to unwrap is
unspecified, try to use the default ~/.ecryptfs/wrapped-passphrase
before bailing out, LP: #359997
* src/utils/ecryptfs-setup-private: unix_chkpwd is not always present
(eg, gentoo), LP: #332341
[ Tyler Hicks ]
* doc/manpage/ecryptfs.7: ecryptfs_encrypted_view option desription
was wrong LP: #328761
[ Michal Hlavinka ]
* decision_graph.c: fix uninitialized return code
* mount.ecryptfs.c: don't pass verbosity option to kernel
[ anrxc & Dustin Kirkland ]
* doc/Makefile.am, src/desktop/Makefile.am: fix automake installation from
/usr/share to /usr/share/ecryptfs-utils
[ Daniel Baumann & Dustin Kirkland ]
* debian/rules, debian/control: sync differences between Debian & Ubuntu's
packaging
[ Arfrever Frehtes Taifersar Arahesis ]
* src/key_mod/ecryptfs_key_mod_gpg.c,
src/key_mod/ecryptfs_key_mod_pkcs11_helper.c: fix implicit declations
[ Frédéric Guihéry ]
* key_mod/ecryptfs_key_mod_tspi.c, utils/ecryptfs_generate_tpm_key.c:
the SRK password should be set to 20 bytes of NULL (wellknown
password), in order for different tools to request key protection
with the Storage Root Key
-- Dustin Kirkland <email address hidden> Sat, 02 May 2009 11:44:56 -0500
-
ecryptfs-utils (73-0ubuntu6) jaunty; urgency=low
Fix for LP: #357354, (Upstream revision 375)
* change "ecryptfs-remind-passphrase" to "ecryptfs-record-passphrase",
which is far more accurate to what's actually being done
-- Dustin Kirkland <email address hidden> Tue, 07 Apr 2009 15:35:45 -0700