--- ecryptfs-utils-68.orig/src/utils/ecryptfs-setup-private +++ ecryptfs-utils-68/src/utils/ecryptfs-setup-private @@ -326,7 +326,7 @@ # ramdisk, to keep it from leaking to the hard-drive. temp=`mktemp /dev/shm/.ecryptfs-XXXXXX` printf "%s" "$MOUNTPASS" > "$temp" - mv "$temp" "/dev/shm/.ecryptfs-$USER" + mv -f -T "$temp" "/dev/shm/.ecryptfs-$USER" || error "Could not create passphrase file" else printf "%s\n%s" "$MOUNTPASS" "$LOGINPASS" | ecryptfs-wrap-passphrase "$HOME/.ecryptfs/wrapped-passphrase" - || error "Could not wrap passphrase" fi --- ecryptfs-utils-68.orig/src/utils/mount.ecryptfs_private.c +++ ecryptfs-utils-68/src/utils/mount.ecryptfs_private.c @@ -31,6 +31,7 @@ #include #include #include +#include #include #include #include @@ -178,6 +179,47 @@ return mnt; } +int check_ownership_mnt(int uid, char **mnt) { +/* Check ownership of mount point, chdir into it, and + * canonicalize the path for use in mtab updating. + * Return 0 if everything is in order, 1 on error. + */ + struct stat s; + char *cwd; + + /* From here on, we'll refer to "." as our mountpoint, to avoid + * races. + */ + if (chdir(*mnt) != 0) { + fputs("Cannot chdir into mountpoint.\n", stderr); + return 1; + } + if (stat(".", &s) != 0) { + fputs("Cannot examine mountpoint.\n", stderr); + return 1; + } + if (!S_ISDIR(s.st_mode)) { + fputs("Mountpoint is not a directory.\n", stderr); + return 1; + } + if (s.st_uid != uid) { + fputs("You do not own that mountpoint.\n", stderr); + return 1; + } + + /* Canonicalize our pathname based on the current directory to + * avoid races. + */ + cwd = getcwd(NULL, 0); + if (!cwd) { + fputs("Failed to get current directory\n", stderr); + return 1; + } + *mnt = cwd; + return 0; +} + + int check_ownerships(int uid, char *path) { /* Check ownership of device and mount point. * Return 0 if everything is in order, 1 on error. @@ -254,31 +296,82 @@ /* Update /etc/mtab with new mount entry. * Return 0 on success, 1 on failure. */ - FILE *fh; - struct mntent m; - fh = setmntent("/etc/mtab", "a"); - if (fh == NULL) { + int fd; + FILE *old_mtab, *new_mtab; + struct mntent *old_ent, new_ent; + mode_t old_umask; + + /* Make an attempt to play nice with other mount helpers + * by creating an /etc/mtab~ lock file. Of course this + * only works if those other helpers actually check for + * this. + */ + old_umask = umask(033); + fd = open("/etc/mtab~", O_RDONLY | O_CREAT | O_EXCL, 0644); + if (fd < 0) { + perror("open"); + return 1; + } + close(fd); + + old_mtab = setmntent("/etc/mtab", "r"); + if (old_mtab == NULL) { perror("setmntent"); - /* Unmount if mtab cannot be updated */ - umount(mnt); return 1; } - m.mnt_fsname = dev; - m.mnt_dir = mnt; - m.mnt_type = FSTYPE; - m.mnt_opts = opt; - m.mnt_freq = 0; - m.mnt_passno = 0; - flockfile(fh); - if (addmntent(fh, &m) != 0) { + + new_mtab = setmntent("/etc/mtab.tmp", "w"); + if (new_mtab == NULL) { + perror("setmntent"); + goto fail_early; + } + + while (old_ent = getmntent(old_mtab)) { + if (addmntent(new_mtab, old_ent) != 0) { + perror("addmntent"); + goto fail; + } + } + endmntent(old_mtab); + + new_ent.mnt_fsname = dev; + new_ent.mnt_dir = mnt; + new_ent.mnt_type = FSTYPE; + new_ent.mnt_opts = opt; + new_ent.mnt_freq = 0; + new_ent.mnt_passno = 0; + + if (addmntent(new_mtab, &new_ent) != 0) { perror("addmntent"); - endmntent(fh); - /* Unmount if mtab cannot be updated */ - umount(mnt); - return 1; + goto fail; } - endmntent(fh); + + if (fchmod(fileno(new_mtab), S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) < 0) { + perror("fchmod"); + goto fail; + } + endmntent(new_mtab); + + if (rename("/etc/mtab.tmp", "/etc/mtab") < 0) { + perror("rename"); + goto fail_late; + } + + unlink("/etc/mtab~"); + + umask(old_umask); + return 0; + +fail: + endmntent(new_mtab); +fail_late: + unlink("/etc/mtab.tmp"); +fail_early: + endmntent(old_mtab); + unlink("/etc/mtab~"); + umask(old_umask); + return 1; } FILE *lock_counter(char *u) { @@ -395,7 +488,7 @@ * c) updating /etc/mtab */ int main(int argc, char *argv[]) { - int uid, mounting; + int uid, gid, mounting; int force = 0; struct passwd *pwd; char *dev, *mnt, *opt; @@ -403,6 +496,7 @@ FILE *fh_counter = NULL; uid = getuid(); + gid = getgid(); /* Non-privileged effective uid is sufficient for all but the code * that mounts, unmounts, and updates /etc/mtab. * Run at a lower privilege until we need it. @@ -468,8 +562,9 @@ goto fail; } - /* Check ownership of mnt */ - if (check_ownerships(uid, mnt) != 0) { + /* Check ownership of the mountpoint. From here on, mnt refers + * to a canonicalized path, and the mountpoint is the cwd. */ + if (check_ownership_mnt(uid, &mnt) != 0) { goto fail; } @@ -497,9 +592,17 @@ * the real uid to be that of the user. * And we need the effective uid to be root in order to mount. */ - setreuid(-1, 0); + if (setreuid(-1, 0) < 0) { + perror("setreuid"); + goto fail; + } + if (setregid(-1, 0) < 0) { + perror("setregid"); + goto fail; + } + /* Perform mount */ - if (mount(dev, mnt, FSTYPE, 0, opt) == 0) { + if (mount(dev, ".", FSTYPE, 0, opt) == 0) { if (update_mtab(dev, mnt, opt) != 0) { goto fail; } @@ -511,9 +614,13 @@ if (setreuid(uid, uid) < 0) { perror("setreuid"); } + if (setregid(gid, gid) < 0) { + perror("setregid"); + } goto fail; } } else { + int rc = 0; /* Decrement counter, exiting if >0, and non-forced unmount */ if (force == 1) { zero(fh_counter); @@ -531,7 +638,13 @@ * Do not use the umount.ecryptfs helper (-i). */ setresuid(0,0,0); - execl("/bin/umount", "umount", "-i", "-l", mnt, NULL); + setresgid(0,0,0); + + /* Since we're doing a lazy unmount anyway, just unmount the current + * directory. This avoids a lot of complexity in dealing with race + * conditions, and guarantees that we're only unmounting a filesystem + * that we own. */ + execl("/bin/umount", "umount", "-i", "-l", ".", NULL); perror("execl unmount failed"); goto fail; } --- ecryptfs-utils-68.orig/debian/ecryptfs-utils.postinst +++ ecryptfs-utils-68/debian/ecryptfs-utils.postinst @@ -0,0 +1,31 @@ +#!/bin/sh + +set -e + +case "${1}" in + configure) + # Basically, if a user chooses to encrypt their entire home + # directory, we're going to need someplace to put their + # ~/.ecryptfs directory that's available prior to mounting their + # home directory. Classic chicken/egg bootstrapping. + + if [ ! -d /var/lib/ecryptfs ] + then + mkdir -p /var/lib/ecryptfs + chmod 1777 /var/lib/ecryptfs + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + ;; + + *) + echo "postinst called with unknown argument \`{$1}'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 --- ecryptfs-utils-68.orig/debian/ecryptfs-utils.install +++ ecryptfs-utils-68/debian/ecryptfs-utils.install @@ -0,0 +1,6 @@ +/lib/security +/sbin +/usr/bin +/usr/lib/ecryptfs +/usr/share/doc +/usr/share/man --- ecryptfs-utils-68.orig/debian/compat +++ ecryptfs-utils-68/debian/compat @@ -0,0 +1 @@ +7 --- ecryptfs-utils-68.orig/debian/copyright +++ ecryptfs-utils-68/debian/copyright @@ -0,0 +1,66 @@ +Authors: + Phillip Hellewell + Michael A. Halcrow + Dustin Kirkland +Download: https://launchpad.net/ecryptfs/trunk + +Files: * +Copyright: 2004-2008 International Business Machines Corp. +License: GPL-2+ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + . + On Debian systems, the complete text of the GNU General Public License + can be found in /usr/share/common-licenses/GPL-2 file. + +Files: doc/manpage/ecryptfs-manager.8, doc/manpage/ecryptfsd.8, + doc/manpage/mount.ecryptfs.8): +Copyright: (C) 2008 William Lima +License: GPL-2+ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + . + On Debian systems, the complete text of the GNU General Public License + can be found in /usr/share/common-licenses/GPL-2 file. + +Files: debian/* +Copyright: (C) 2007-2008 Daniel Baumann +License: GPL-2+ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + . + On Debian systems, the complete text of the GNU General Public License + can be found in /usr/share/common-licenses/GPL-2 file. --- ecryptfs-utils-68.orig/debian/changelog +++ ecryptfs-utils-68/debian/changelog @@ -0,0 +1,334 @@ +ecryptfs-utils (68-1+lenny1) oldstable-security; urgency=low + + * Non-maintainer upload by the security team. + * Various security fixes in src/utils/mount.ecryptfs_private.c: + - chdir into mountpoint before checking permissions in (CVE-2011-1831, + CVE-2011-1832) + - modify mtab via a temp file first and make sure it succeeds before + replacing the real mtab (CVE-2011-1834) + - make sure we don't copy into a user controlled directory (CVE-2011-1835) + - also set gid and umask before updating mtab (CVE-2011-3145) + + -- Jonathan Wiltshire Fri, 06 Jan 2012 20:36:51 +0000 + +ecryptfs-utils (68-1) unstable; urgency=high + + * Merging upstream version 68: + - Contains upstream changelog (Closes: #507942). + - Fixes syntax error in ecryptfs-setup-private (Closes: #509339). + * Updating rules to install changelog. + + -- Daniel Baumann Tue, 23 Dec 2008 08:04:00 +0100 + +ecryptfs-utils (67-1) unstable; urgency=low + + * Merging upstream version 67. + + -- Daniel Baumann Wed, 3 Dec 2008 09:54:00 +0100 + +ecryptfs-utils (66-2) unstable; urgency=low + + * Removing auth-client-config support, no longer used. + * Adding ecryptfs-utils recommends to keyutils. + * Building without ssl, ecryptfs_key_mod_openssl.c has incompatible + license (GPL-2+). + * Building without pkcs11 helper, ecryptfs_key_mod_pkcs11_helper.c + links against openssl and has incompatible license (GPL-2+). + * Building without pkcs11 helper, ecryptfs_key_mod_tspi.c links + against openssl and has incompatible license (GPL-2+). + + -- Daniel Baumann Tue, 18 Nov 2008 20:02:00 +0100 + +ecryptfs-utils (66-1) unstable; urgency=low + + * Manually adding second line of the commit message when merging + upstream version 65 to changelog. + * Merging upstream version 66. + * Adding ecryptfs-utils.postinst to create /var/lib/ecryptfs on + package installation time. + + -- Daniel Baumann Tue, 18 Nov 2008 12:39:00 +0100 + +ecryptfs-utils (65-1) unstable; urgency=low + + * Merging upstream version 65: + - Adds --wrapping option to ecryptfs-setup-private command to use an + independent wrapping passphrase, different from the login passphrase + (Closes: #505008). + * Removing pam-doc.dpatch, went upstream. + * Adding build-depends to swig. + * Adding build-depends to python-dev. + * Including python bindings in libecryptfs0. + + -- Daniel Baumann Sat, 15 Nov 2008 07:49:00 +0100 + +ecryptfs-utils (64-3) unstable; urgency=low + + * Replacing obsolete dh_clean -k with dh_prep. + * Adding patch from Osamu Aoki to update + ecryptfs-pam-doc.txt contents with s/Confidential/Private/ + (Closes: #504934). + * Updating homepage and download location in control and copyright + (Closes: #504930). + * Updating author information in copyright. + * Installing desktop shortcut and readme to /usr/share/ecryptfs-utils. + Together with the fixes of upstream version 64, this interactively prompts + for passwords now (Closes: #504370). + + -- Daniel Baumann Sat, 8 Nov 2008 07:01:00 +0100 + +ecryptfs-utils (64-2) unstable; urgency=low + + * Adding build-depends to python (Closes: #504719). + + -- Daniel Baumann Thu, 6 Nov 2008 17:45:00 +0100 + +ecryptfs-utils (64-1) unstable; urgency=low + + * Removing sbin-path.dpatch, not needed anymore. + * Building with --enable-static, was default previously. + + -- Daniel Baumann Wed, 5 Nov 2008 20:45:00 +0100 + +ecryptfs-utils (63-1) unstable; urgency=low + + * Merging upstream version 63. + + -- Daniel Baumann Fri, 24 Oct 2008 06:42:00 +0200 + +ecryptfs-utils (61-1) unstable; urgency=low + + * Using patch-stamp rather than patch in rules file. + * Merging upstream version 61. + * Rediffing sbin-path.dpatch. + + -- Daniel Baumann Thu, 23 Oct 2008 19:42:00 +0200 + +ecryptfs-utils (58-2) unstable; urgency=low + + * Adding patch from situert to call ecryptfs + helper scripts in /sbin with full path to avoid problem if /sbin is + not in PATH (Closes: #498543). + + -- Daniel Baumann Thu, 11 Sep 2008 08:11:00 +0200 + +ecryptfs-utils (58-1) unstable; urgency=low + + * Merging upstream version 58. + + -- Daniel Baumann Tue, 9 Sep 2008 07:08:00 +0200 + +ecryptfs-utils (57-1) unstable; urgency=low + + * Updating vcs fields in control file. + * Merging upstream version 57. + + -- Daniel Baumann Mon, 8 Sep 2008 13:44:00 +0200 + +ecryptfs-utils (56-1) unstable; urgency=low + + * Setting permissions for ecryptfs.acc when installing it in rules. + * Merging upstream version 56. + + -- Daniel Baumann Mon, 25 Aug 2008 01:25:00 +0200 + +ecryptfs-utils (55-1) unstable; urgency=low + + * Merging upstream version 55. + + -- Daniel Baumann Mon, 25 Aug 2008 01:19:00 +0200 + +ecryptfs-utils (53-2) unstable; urgency=low + + * Adding auth-client-config support, thanks to Dustin Kirkland + . + + -- Daniel Baumann Tue, 5 Aug 2008 23:59:00 +0200 + +ecryptfs-utils (53-1) unstable; urgency=low + + * Updating to install newly added manpages. + * Removing 01-manpage.dpatch, not required anymore. + * Merging upstream version 53. + + -- Daniel Baumann Sun, 3 Aug 2008 00:11:00 +0200 + +ecryptfs-utils (52-1) unstable; urgency=low + + * Merging upstream version 52. + + -- Daniel Baumann Fri, 1 Aug 2008 03:50:00 +0200 + +ecryptfs-utils (51-1) unstable; urgency=low + + * Merging upstream version 51. + + -- Daniel Baumann Fri, 1 Aug 2008 01:22:00 +0200 + +ecryptfs-utils (50-4) unstable; urgency=medium + + * Adding /usr/lib/libecryptfs.so.0.0 symlink. + * Moving /lib/security/pam_ecryptfs.so and /usr/lib/ecryptfs/*.so from + libecryptfs0 to ecryptfs-utils. + + -- Daniel Baumann Wed, 16 Jul 2008 20:34:00 +0200 + +ecryptfs-utils (50-3) unstable; urgency=low + + * Adding missing build-depends to pkg-config (Closes: #490415). + + -- Daniel Baumann Sat, 12 Jul 2008 11:12:00 +0200 + +ecryptfs-utils (50-2) unstable; urgency=low + + * Removing currently unused libgtk2.0-dev from build-depends (Closes:#490233). + * Building ecryptfs-utils with TPM support on all supported Debian + architectures, except s390. + * Installing /sbin/mount.ecryptfs_private with suid root. + + -- Daniel Baumann Thu, 10 Jul 2008 23:48:00 +0200 + +ecryptfs-utils (50-1) unstable; urgency=low + + * Merging upstream version 50. + + -- Daniel Baumann Sun, 29 Jun 2008 22:19:00 +0200 + +ecryptfs-utils (49-1) unstable; urgency=low + + * Merging upstream version 49. + + -- Daniel Baumann Sun, 29 Jun 2008 22:09:00 +0200 + +ecryptfs-utils (48-1) unstable; urgency=medium + + * Updating debhelper shlibs file. + * Updating rules fileto reflect upstreams removal of documentation. + * Merging upstream version 48. + + -- Daniel Baumann Mon, 16 Jun 2008 21:35:00 +0200 + +ecryptfs-utils (47-1) unstable; urgency=low + + * Merging upstream version 47. + + -- Daniel Baumann Mon, 16 Jun 2008 20:39:00 +0200 + +ecryptfs-utils (46-1) unstable; urgency=low + + * Removing superfluous empty line from rules file. + * Removing trailing slash in install debhelper file. + * Merging upstream version 46. + * Updating to standards 3.8.0. + + -- Daniel Baumann Tue, 10 Jun 2008 08:06:00 +0200 + +ecryptfs-utils (45-1) unstable; urgency=low + + * Merging upstream version 45. + + -- Daniel Baumann Fri, 16 May 2008 08:22:00 +0200 + +ecryptfs-utils (44-1) unstable; urgency=low + + * Reordering rules file. + * Updating debhelper shlibs file. + * Rewriting copyright file in machine-interpretable format. + * Adding vcs fields in control file. + * Upgrading package to debhelper 7. + * Merging upstream version 44. + + -- Daniel Baumann Sat, 3 May 2008 12:17:00 +0200 + +ecryptfs-utils (43-1) unstable; urgency=low + + * New upstream release. + * Removing watch file. + + -- Daniel Baumann Wed, 9 Apr 2008 09:54:00 +0200 + +ecryptfs-utils (41-1) unstable; urgency=low + + * New upstream release. + + -- Daniel Baumann Tue, 1 Apr 2008 11:25:00 +0200 + +ecryptfs-utils (40-1) unstable; urgency=low + + * New upstream release. + + -- Daniel Baumann Sun, 24 Feb 2008 22:09:00 +0100 + +ecryptfs-utils (38-2) unstable; urgency=low + + * Temporarily only use tpm toolchain on i386 (Closes: #461233). + * Current upstream should build without patches on amd64 (Closes: #445619). + * Added --fail-missing to dh_install call in rules. + * Updated .install files to cover additional files. + + -- Daniel Baumann Thu, 17 Jan 2008 23:47:00 +0100 + +ecryptfs-utils (38-1) unstable; urgency=low + + * New upstream release. + + -- Daniel Baumann Sat, 12 Jan 2008 17:14:00 +0100 + +ecryptfs-utils (37-1) unstable; urgency=low + + * New upstream release (Closes: #457316). + * Compling with trousers support now. + * Bumping to new policy. + + -- Daniel Baumann Fri, 21 Dec 2007 14:54:00 +0100 + +ecryptfs-utils (30-1) unstable; urgency=low + + * New upstream release. + + -- Daniel Baumann Fri, 16 Nov 2007 12:10:00 +0100 + +ecryptfs-utils (27-1) unstable; urgency=low + + * New upstream release. + + -- Daniel Baumann Fri, 19 Oct 2007 21:50:00 +0200 + +ecryptfs-utils (26-1) unstable; urgency=low + + * New upstream release. + * Dropped 02-ia64.dpatch; not required anymore. + * Building with --disable-tspi for the time beeing until trousers is + uploaded. + * Downgrading recommends to opencryptoki to a suggests for the time beeing + until opencryptoki is uploaded. + + -- Daniel Baumann Sun, 14 Oct 2007 11:17:00 +0200 + +ecryptfs-utils (24-2) unstable; urgency=low + + * Enforcing libdir (Closes: #445619). + + -- Daniel Baumann Wed, 10 Oct 2007 23:41:00 +0200 + +ecryptfs-utils (24-1) unstable; urgency=low + + * New upstream release. + + -- Daniel Baumann Tue, 9 Oct 2007 12:03:00 +0200 + +ecryptfs-utils (23-1) unstable; urgency=low + + * New upstream release. + * Added libgpgme11-dev to build-depends. + * Rediffed 02-ia64.dpatch. + + -- Daniel Baumann Mon, 27 Aug 2007 16:32:00 +0200 + +ecryptfs-utils (21-1) unstable; urgency=low + + * Initial release (Closes: #401800). + * Added patch from William Lima to fix FTBFS on + ia64. + + -- Daniel Baumann Sun, 12 Aug 2007 15:20:00 +0200 --- ecryptfs-utils-68.orig/debian/libecryptfs0.install +++ ecryptfs-utils-68/debian/libecryptfs0.install @@ -0,0 +1,2 @@ +/usr/lib/*.so.* +/usr/lib/python* --- ecryptfs-utils-68.orig/debian/control +++ ecryptfs-utils-68/debian/control @@ -0,0 +1,51 @@ +Source: ecryptfs-utils +Section: misc +Priority: optional +Maintainer: Daniel Baumann +Build-Depends: debhelper (>= 7), autotools-dev, autoconf, automake, libtool, libgcrypt11-dev, libgpg-error-dev, libgpgme11-dev, libkeyutils-dev, libopencryptoki-dev [alpha amd64 arm armel hppa ia64 i386 m68k mips mipsel powerpc sparc], libpam0g-dev, libpkcs11-helper1-dev, libtspi-dev [alpha amd64 arm armel hppa ia64 i386 m68k mips mipsel powerpc sparc], pkg-config, python-dev, swig +Standards-Version: 3.8.0 +Homepage: https://launchpad.net/ecryptfs +Vcs-Browser: http://git.debian.net/?p=debian/ecryptfs-utils.git +Vcs-Git: git://git.debian.net/git/debian/ecryptfs-utils.git + +Package: ecryptfs-utils +Section: misc +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Recommends: keyutils +Suggests: opencryptoki +Description: ecryptfs cryptographic filesystem (utilities) + eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem + for Linux. + . + It provides advanced key management and policy features. eCryptfs stores + cryptographic metadata in the header of each file written, so that encrypted + files can be copied between hosts; the file will be decryptable with the proper + key, and there is no need to keep track of any additional information aside + from what is already in the encrypted file itself. Think of eCryptfs as a sort + of "gnupgfs". + . + eCryptfs is a native Linux filesystem. The kernel module component of eCryptfs + is part of the Linux kernel since 2.6.19. + . + This package contains the userland utilities. + +Package: libecryptfs0 +Section: libs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: ecryptfs cryptographic filesystem (library) + eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem + for Linux. + . + This package contains the library. + +Package: libecryptfs-dev +Section: libdevel +Architecture: any +Depends: libecryptfs0 (= ${binary:Version}), libgcrypt11-dev, libgpg-error-dev, libgpgme11-dev, libkeyutils-dev, libopencryptoki-dev [alpha amd64 arm armel hppa ia64 i386 m68k mips mipsel powerpc sparc], libpam0g-dev, libpkcs11-helper1-dev, libtspi-dev [alpha amd64 arm armel hppa ia64 i386 m68k mips mipsel powerpc sparc] +Description: ecryptfs cryptographic filesystem (development) + eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem + for Linux. + . + This package contains the development files. --- ecryptfs-utils-68.orig/debian/libecryptfs0.links +++ ecryptfs-utils-68/debian/libecryptfs0.links @@ -0,0 +1 @@ +/usr/lib/libecryptfs.so.0.0.0 /usr/lib/libecryptfs.so.0.0 --- ecryptfs-utils-68.orig/debian/libecryptfs0.shlibs +++ ecryptfs-utils-68/debian/libecryptfs0.shlibs @@ -0,0 +1 @@ +libecryptfs 0 libecryptfs0 (>= 48) --- ecryptfs-utils-68.orig/debian/ecryptfs-utils.docs +++ ecryptfs-utils-68/debian/ecryptfs-utils.docs @@ -0,0 +1,3 @@ +AUTHORS +README +THANKS --- ecryptfs-utils-68.orig/debian/libecryptfs-dev.install +++ ecryptfs-utils-68/debian/libecryptfs-dev.install @@ -0,0 +1,5 @@ +/usr/include/* +/usr/lib/*.a +/usr/lib/*.la +/usr/lib/*.so +/usr/lib/pkgconfig --- ecryptfs-utils-68.orig/debian/ecryptfs-utils.lintian-overides +++ ecryptfs-utils-68/debian/ecryptfs-utils.lintian-overides @@ -0,0 +1 @@ +ecryptfs-utils: setuid-binary sbin/mount.ecryptfs_private 4755 root/root --- ecryptfs-utils-68.orig/debian/rules +++ ecryptfs-utils-68/debian/rules @@ -0,0 +1,85 @@ +#!/usr/bin/make -f + +DEB_BUILD_ARCH ?= $(shell dpkg-architecture -qDEB_BUILD_ARCH) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + +CFLAGS = -Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +ifneq ($(DEB_BUILD_ARCH),s390) + TPMFLAGS = --enable-opencryptoki +endif + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + rm -f config.guess config.sub + + [ ! -f Makefile ] || $(MAKE) distclean + + dh_clean + +config.status: configure + dh_testdir + +ifneq "$(wildcard /usr/share/misc/config.sub)" "" + cp -f /usr/share/misc/config.sub config.sub +endif +ifneq "$(wildcard /usr/share/misc/config.guess)" "" + cp -f /usr/share/misc/config.guess config.guess +endif + CFLAGS="$(CFLAGS)" ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --libdir=\$${prefix}/lib --mandir=\$${prefix}/share/man --enable-static --enable-gpg --disable-gui --enable-pam --disable-openssl --disable-pkcs11-helper --disable-tspi $(TPMFLAGS) + +build: build-stamp +build-stamp: config.status + dh_testdir + + $(MAKE) + + touch build-stamp + +install: build + dh_testdir + dh_testroot + dh_prep + dh_installdirs + + $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install + + install -D -m 0644 debian/config/ecryptfs-mount-private.desktop debian/ecryptfs-utils/usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop + mv debian/tmp/usr/share/doc/ecryptfs-utils/ecryptfs-mount-private.txt debian/ecryptfs-utils/usr/share/ecryptfs-utils/ecryptfs-mount-private.txt + + chmod 4755 debian/tmp/sbin/mount.ecryptfs_private + + find debian/tmp -name "*.pyc" | xargs rm -f + +binary: binary-arch + +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs ChangeLog + dh_installdocs + dh_install --fail-missing --sourcedir=debian/tmp + dh_lintian + dh_link + dh_strip + dh_compress + dh_fixperms -Xsbin/mount.ecryptfs_private + dh_makeshlibs + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary-indep: + +.PHONY: clean build install binary binary-arch binary-indep --- ecryptfs-utils-68.orig/debian/config/ecryptfs-mount-private.desktop +++ ecryptfs-utils-68/debian/config/ecryptfs-mount-private.desktop @@ -0,0 +1,7 @@ +[Desktop Entry] +Name=Access Your Private Data +GenericName=Access Your Private Data +Exec=/usr/bin/ecryptfs-mount-private +Terminal=true +Type=Application +Categories=System;