eCryptfs 105

Milestone information

Dustin Kirkland 
Release registered:
Yes. Drivers can target bugs and blueprints to this milestone.  

Download RDF metadata


Assigned to you:
No blueprints or bugs assigned to you.
No users assigned to blueprints and bugs.
No blueprints are targeted to this milestone.
No bugs are targeted to this milestone.

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon ecryptfs-utils_105.orig.tar.gz (md5, sig) release tarball 198
last downloaded 5 days ago
Total downloads: 198

Release notes 

ecryptfs-utils (105-0ubuntu1) vivid; urgency=low

  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs.7: LP: #1267640
    - fix inconsistency in man page for passphrase_passwd_file format
  * doc/manpage/ecryptfs-setup-private.1, src/utils/ecryptfs-setup-
    private, src/utils/ecryptfs-setup-swap: LP: #1420424
    - use /dev/random rather than /dev/urandom for long lived keys
  * src/utils/ecryptfs-setup-private:
    - use /dev/urandom for our testing, as we read a lot of info
  * src/utils/ecryptfs-setup-swap: LP: #953875, #1086140
    - fix a whitespace bug in a grep, that might cause us to not
      comment out the old swap space in /etc/fstab
    - offset the start of the encrypted swap space by 1KB, which
      ensures that we don't overwrite the UUID label on the header
      of the partition
    - use the aes-xts block cipher, and plain64 initialization vector,
      which are current best practice here
    - fixed a grammar nitpick

  [ Colin King ]
  * src/libecryptfs/key_management.c, src/utils/mount.ecryptfs.c:
    - A couple of minor fixes: Fix a memory leak and handle out of memory
      error, as found by using cppcheck.
  * src/utils/mount.ecryptfs.c
    - fix potential double free on yesno if get_string_stdin exits early
      without allocating a new buffer and we free yesno on the exit clean
      up path.
  * src/libecryptfs/cmd_ln_parser.c
    - remove redundant if / goto statement that does nothing.

  [ Anders Kaseorg ]
  * src/pam_ecryptfs/pam_ecryptfs.c: exit (not return) from forked child on
    error (LP: #1323421)

  [ Tyler Hicks ]
  * Introduce the version 2 wrapped-passphrase file format. It adds the
    ability to combine a randomly generated salt with the wrapping password
    (typically, a user's login password) prior to performing key
    strengthening. The version 2 file format is considered to be a
    intermediate step in strengthening the wrapped-passphrase files of
    existing encrypted home/private users. Support for reading/writing version
    2 wrapped-passphrase files and transparent migration, through
    pam_ecryptfs, from version 1 to version 2 files is considered safe enough
    to backport to stable distro releases. The libecryptfs ABI around
    wrapped-passphrase file handling is not broken.
    - CVE-2014-9687
  * Run test as part of the make check target.
  * Add a new test, called, which is suitable
    for the make check target and verifies v1 to v2 wrapped-passphrase file
  * Create a temporary file when creating a new wrapped-passphrase file and
    copy it to its final destination after the file has been fully synced to
    disk (LP: #1020902)

 -- Dustin Kirkland <> Wed, 11 Mar 2015 10:28:15 -0500


This release does not have a changelog.

0 blueprints and 0 bugs targeted

There are no feature specifications or bug tasks targeted to this milestone. The project's maintainer, driver, or bug supervisor can target specifications and bug tasks to this milestone to track the things that are expected to be completed for the release.

This milestone contains Public information
Everyone can see this information.