--- ecryptfs-utils-73.orig/debian/ecryptfs-utils.postinst +++ ecryptfs-utils-73/debian/ecryptfs-utils.postinst @@ -0,0 +1,56 @@ +#!/bin/sh -e + +auth=0c1295085dca124e6ba5a3cea7993c22 +account=9f04221fe44762047894adeb96ffd069 +session=2e9a42f2a3b6573891ff9e6bf0c31c9e +password=4cf59ec48caad2a06ea2e183d8bc007a + +force= +if dpkg --compare-versions "$2" lt-nl 53-1ubuntu6; then + # If we're upgrading from an older ecryptfs-utils, + # and the pam configuration precisely matches that + # which was written by auth-client-config, we can + # safely force the pam-auth-update. + force=--force + for type in auth account session password + do + sum="$(md5sum /etc/pam.d/common-$type 2>/dev/null | awk '{ print $1 }')" + [ "$sum" = "$(eval echo \$$type)" ] || force= + done +fi +pam-auth-update --package $force + +#DEBHELPER# + +exit 0 +#!/bin/sh + +set -e + +case "${1}" in + configure) + # Basically, if a user chooses to encrypt their entire home + # directory, we're going to need someplace to put their + # ~/.ecryptfs directory that's available prior to mounting their + # home directory. Classic chicken/egg bootstrapping. + + if [ ! -d /var/lib/ecryptfs ] + then + mkdir -p /var/lib/ecryptfs + chmod 1777 /var/lib/ecryptfs + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + ;; + + *) + echo "postinst called with unknown argument \`{$1}'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 --- ecryptfs-utils-73.orig/debian/libecryptfs0.links +++ ecryptfs-utils-73/debian/libecryptfs0.links @@ -0,0 +1 @@ +/usr/lib/libecryptfs.so.0.0.0 /usr/lib/libecryptfs.so.0.0 --- ecryptfs-utils-73.orig/debian/ecryptfs-utils.pam-auth-update +++ ecryptfs-utils-73/debian/ecryptfs-utils.pam-auth-update @@ -0,0 +1,12 @@ +Name: eCryptfs Key/Mount Management +Default: yes +Priority: 0 +Auth-Type: Additional +Auth-Final: + optional pam_ecryptfs.so unwrap +Session-Type: Additional +Session-Final: + optional pam_ecryptfs.so unwrap +Password-Type: Additional +Password-Final: + optional pam_ecryptfs.so --- ecryptfs-utils-73.orig/debian/libecryptfs0.install +++ ecryptfs-utils-73/debian/libecryptfs0.install @@ -0,0 +1,2 @@ +/usr/lib/*.so.* +/usr/lib/python* --- ecryptfs-utils-73.orig/debian/ecryptfs-utils.lintian-overides +++ ecryptfs-utils-73/debian/ecryptfs-utils.lintian-overides @@ -0,0 +1 @@ +ecryptfs-utils: setuid-binary sbin/mount.ecryptfs_private 4755 root/root --- ecryptfs-utils-73.orig/debian/control +++ ecryptfs-utils-73/debian/control @@ -0,0 +1,51 @@ +Source: ecryptfs-utils +Section: misc +Priority: optional +Maintainer: Ubuntu Core Developers +XSBC-Original-Maintainer: Daniel Baumann +Build-Depends: debhelper (>= 7), dpatch, autotools-dev, autoconf, automake, libtool, libgcrypt11-dev, libgpg-error-dev, libgpgme11-dev, libkeyutils-dev, libopencryptoki-dev [alpha amd64 arm armel hppa ia64 i386 m68k mips mipsel powerpc sparc], libpam0g-dev, libpkcs11-helper1-dev, libssl-dev, libtspi-dev [alpha amd64 arm armel hppa ia64 i386 m68k mips mipsel powerpc sparc], pkg-config, python-dev, swig +Standards-Version: 3.8.0 +Homepage: https://launchpad.net/ecryptfs +Vcs-Browser: http://git.debian.net/?p=debian/ecryptfs-utils.git +Vcs-Git: git://git.debian.net/git/debian/ecryptfs-utils.git + +Package: ecryptfs-utils +Section: misc +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (>= 1.0.1-2ubuntu1), keyutils, libnss3-1d +Suggests: opencryptoki, cryptsetup +Description: ecryptfs cryptographic filesystem (utilities) + eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem + for Linux. + . + It provides advanced key management and policy features. eCryptfs stores + cryptographic metadata in the header of each file written, so that encrypted + files can be copied between hosts; the file will be decryptable with the proper + key, and there is no need to keep track of any additional information aside + from what is already in the encrypted file itself. Think of eCryptfs as a sort + of "gnupgfs". + . + eCryptfs is a native Linux filesystem. The kernel module component of eCryptfs + is part of the Linux kernel since 2.6.19. + . + This package contains the userland utilities. + +Package: libecryptfs0 +Section: libs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: ecryptfs cryptographic filesystem (library) + eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem + for Linux. + . + This package contains the library. + +Package: libecryptfs-dev +Section: libdevel +Architecture: any +Depends: libecryptfs0 (= ${binary:Version}), libgcrypt11-dev, libgpg-error-dev, libgpgme11-dev, libkeyutils-dev, libopencryptoki-dev [alpha amd64 arm armel hppa ia64 i386 m68k mips mipsel powerpc sparc], libpam0g-dev, libpkcs11-helper1-dev, libtspi-dev [alpha amd64 arm armel hppa ia64 i386 m68k mips mipsel powerpc sparc] +Description: ecryptfs cryptographic filesystem (development) + eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem + for Linux. + . + This package contains the development files. --- ecryptfs-utils-73.orig/debian/rules +++ ecryptfs-utils-73/debian/rules @@ -0,0 +1,88 @@ +#!/usr/bin/make -f + +include /usr/share/dpatch/dpatch.make + +DEB_BUILD_ARCH ?= $(shell dpkg-architecture -qDEB_BUILD_ARCH) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + +CFLAGS = -Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +ifneq ($(DEB_BUILD_ARCH),s390) + TPMFLAGS = --enable-opencryptoki +endif + +clean: unpatch + dh_testdir + dh_testroot + rm -f build-stamp + rm -f config.guess config.sub + + [ ! -f Makefile ] || $(MAKE) distclean + + dh_clean + +config.status: configure patch + dh_testdir + +ifneq "$(wildcard /usr/share/misc/config.sub)" "" + cp -f /usr/share/misc/config.sub config.sub +endif +ifneq "$(wildcard /usr/share/misc/config.guess)" "" + cp -f /usr/share/misc/config.guess config.guess +endif + CFLAGS="$(CFLAGS)" ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --libdir=\$${prefix}/lib --mandir=\$${prefix}/share/man --enable-static --enable-gpg --disable-gui --enable-pam --disable-openssl --disable-pkcs11-helper --disable-tspi $(TPMFLAGS) + +build: build-stamp +build-stamp: config.status + dh_testdir + + $(MAKE) + + touch build-stamp + +install: build + dh_testdir + dh_testroot + dh_prep + dh_installdirs + + $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install + install -m 644 -D $(CURDIR)/debian/ecryptfs-utils.pam-auth-update $(CURDIR)/debian/tmp/usr/share/pam-configs/ecryptfs-utils + + install -D -m 0644 debian/config/ecryptfs-mount-private.desktop debian/ecryptfs-utils/usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop + mv debian/tmp/usr/share/doc/ecryptfs-utils/ecryptfs-mount-private.txt debian/ecryptfs-utils/usr/share/ecryptfs-utils/ecryptfs-mount-private.txt + + chmod 4755 debian/tmp/sbin/mount.ecryptfs_private + + find debian/tmp -name "*.pyc" | xargs rm -f + +binary: binary-arch + +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs ChangeLog + dh_installdocs + dh_install --fail-missing --sourcedir=debian/tmp + dh_lintian + dh_link + dh_strip + dh_compress + dh_fixperms -Xsbin/mount.ecryptfs_private + dh_makeshlibs + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary-indep: + +.PHONY: clean build install binary binary-arch binary-indep --- ecryptfs-utils-73.orig/debian/ecryptfs-utils.dirs +++ ecryptfs-utils-73/debian/ecryptfs-utils.dirs @@ -0,0 +1 @@ +usr/share/pam-configs --- ecryptfs-utils-73.orig/debian/libecryptfs0.shlibs +++ ecryptfs-utils-73/debian/libecryptfs0.shlibs @@ -0,0 +1 @@ +libecryptfs 0 libecryptfs0 (>= 48) --- ecryptfs-utils-73.orig/debian/libecryptfs-dev.install +++ ecryptfs-utils-73/debian/libecryptfs-dev.install @@ -0,0 +1,5 @@ +/usr/include/* +/usr/lib/*.a +/usr/lib/*.la +/usr/lib/*.so +/usr/lib/pkgconfig --- ecryptfs-utils-73.orig/debian/compat +++ ecryptfs-utils-73/debian/compat @@ -0,0 +1 @@ +7 --- ecryptfs-utils-73.orig/debian/ecryptfs-utils.install +++ ecryptfs-utils-73/debian/ecryptfs-utils.install @@ -0,0 +1,7 @@ +/lib/security +/sbin +/usr/bin +/usr/lib/ecryptfs +/usr/share/doc +/usr/share/man +/usr/share/pam-configs/ecryptfs-utils --- ecryptfs-utils-73.orig/debian/copyright +++ ecryptfs-utils-73/debian/copyright @@ -0,0 +1,66 @@ +Authors: + Phillip Hellewell + Michael A. Halcrow + Dustin Kirkland +Download: https://launchpad.net/ecryptfs/trunk + +Files: * +Copyright: 2004-2008 International Business Machines Corp. +License: GPL-2+ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + . + On Debian systems, the complete text of the GNU General Public License + can be found in /usr/share/common-licenses/GPL-2 file. + +Files: doc/manpage/ecryptfs-manager.8, doc/manpage/ecryptfsd.8, + doc/manpage/mount.ecryptfs.8): +Copyright: (C) 2008 William Lima +License: GPL-2+ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + . + On Debian systems, the complete text of the GNU General Public License + can be found in /usr/share/common-licenses/GPL-2 file. + +Files: debian/* +Copyright: (C) 2007-2008 Daniel Baumann +License: GPL-2+ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + . + On Debian systems, the complete text of the GNU General Public License + can be found in /usr/share/common-licenses/GPL-2 file. --- ecryptfs-utils-73.orig/debian/ecryptfs-utils.prerm +++ ecryptfs-utils-73/debian/ecryptfs-utils.prerm @@ -0,0 +1,38 @@ +#!/bin/sh -e + +if [ "$1" = remove ]; then + # We must do some checking to prevent removal of ecryptfs if in use + # Check active mounts + if out=`mount | grep "\Wtype\Wecryptfs\W"`; then + echo "ERROR: Cannot remove ecryptfs-utils, as it appears to be in use:" 1>&2 + echo "$out" 1>&2 + exit 1 + fi + if out=`grep "\Wecryptfs\W" /proc/mounts`; then + echo "ERROR: Cannot remove ecryptfs-utils, as it appears to be in use:" 1>&2 + echo "$out" 1>&2 + exit 1 + fi + # Check fstab + if out=`grep "\Wecryptfs\W" /etc/fstab`; then + echo "ERROR: Cannot remove ecryptfs-utils, as it appears to be in use:" 1>&2 + echo "$out" 1>&2 + exit 1 + fi + # Check home directories + for i in `ls /home`; do + if [ -d "/home/$i/.ecryptfs" ]; then + # If we find a .ecryptfs directory (or link) in a home, + # directory, then someone is using ecryptfs-utils, and + # we should not allow package removal + echo "ERROR: Cannot remove ecryptfs-utils, as it appears to be in use:" 1>&2 + echo " [/home/$i/.ecryptfs]" 1>&2 + exit 1 + fi + done + pam-auth-update --package --remove ecryptfs-utils +fi + +#DEBHELPER# + +exit 0 --- ecryptfs-utils-73.orig/debian/ecryptfs-utils.docs +++ ecryptfs-utils-73/debian/ecryptfs-utils.docs @@ -0,0 +1,3 @@ +AUTHORS +README +THANKS --- ecryptfs-utils-73.orig/debian/changelog +++ ecryptfs-utils-73/debian/changelog @@ -0,0 +1,702 @@ +ecryptfs-utils (73-0ubuntu2) jaunty; urgency=low + + * src/utils/ecryptfs-setup-private: fix bug in grep when running with LANG + in other locales, LP: #347969, cherry-picked from bzr (r369). + + -- Dustin Kirkland Tue, 24 Mar 2009 14:38:49 -0500 + +ecryptfs-utils (73-0ubuntu1) jaunty; urgency=low + + [ Dustin Kirkland ] + Userspace fixes for LP: #345544, CVE-2009-0787 + * src/utils/ecryptfs-rewrite-file: new script, to rewrite a file, + forcing it to be re-encrypted when written to disk + * doc/manpage/ecryptfs-rewrite-file.1: documentation added + + Unrelated fixes in this release + * src/utils/ecryptfs-mount-private, src/utils/ecryptfs-setup-private, + src/utils/ecryptfs-setup-swap: use head/line for prompting and reading + input + + [ Michal Hlavinka ] + * ecryptfs-setup-private: don't fail with syntax error when kernel + module not loaded + * *.desktop: make desktop files standards compliant + * umount.ecryptfs: don't sigsegv when arguments are missing + + -- Dustin Kirkland Fri, 20 Mar 2009 17:26:13 -0500 + +ecryptfs-utils (72-0ubuntu1) jaunty; urgency=low + + [ Dustin Kirkland ] + * src/utils/ecryptfs-[u]mount-private: print message about cd $PWD, + LP: #332331 + * doc/manpage/*: manpage updates + * debian/ecryptfs-utils.prerm: prevent removal of ecryptfs-utils + package, if in use, LP: #331085 + * src/utils/ecryptfs-setup-private: + - allow for LDAP-based logins, LP: #317307 + - add --noautomount, --noautoumount options, LP: #301759 + + [ Tyler Hicks ] + * src/libecryptfs/cipher_list.c: ignore unknown ciphers, LP: #335632 + * doc/manpage/ecryptfs.7: add key sig mount options info, LP: #329491 + * src/utils/mount.ecryptfs.c: scrub unknown option + + [ James Dupin ] + * doc/manpage/fr/*: initial cut at french manpages + + [ Michal Hlavinka ] + * src/libecryptfs/module_mgr.c: fix mount parameter handling on + interactive mounting, LP: #331948 + + -- Dustin Kirkland Wed, 18 Mar 2009 18:53:11 -0500 + +ecryptfs-utils (71-0ubuntu1) jaunty; urgency=low + + Upstream changes + + [ Dustin Kirkland ] + * src/utils/ecryptfs-setup-swap: a first cut at a script that helps setup + encrypted swap + * debian/control: suggest cryptsetup + + [ Michal Hlavinka ] + * improve interactive mode of mount.ecryptfs + + -- Dustin Kirkland Wed, 18 Feb 2009 17:34:17 -0600 + +ecryptfs-utils (70-0ubuntu1) jaunty; urgency=low + + * New upstream release, dropped all patches (included upstream) + + [ Michal Hlavinka ] + * Auto module loading improvements + * Fix nss passphrase (un)wrapping + * Fix error handling when wrapping passphrase is too long + * Use %m instead of strerror(errno) everywhere + * Make the code compile with -Werror + + [ Tyler Hicks ] + * umount.ecryptfs wrapper, clears keys + + [ Dustin Kirkland ] + * Add a trailing newline to passphrase printing + * Hack around glibc/kernel mlock limit issue, LP: #329176 + + -- Dustin Kirkland Fri, 13 Feb 2009 19:33:22 -0600 + +ecryptfs-utils (69-0ubuntu2) jaunty; urgency=low + + * debian/patches/10-remove-bashism.dpatch: fix installer bug, LP: #326184 + * debian/control: Added libnss3-1d dependency (trying to cut over from + openssl linkage) + + -- Dustin Kirkland Fri, 06 Feb 2009 17:58:11 +0100 + +ecryptfs-utils (69-0ubuntu1) jaunty; urgency=low + + * New upstream release, dropped all patches (included upstream) + * This release includes support for filename encryption (LP: #264977) + * This release promotes keyutils from a 'recommends' to a 'depends, + for access to the keyctl command, which is used by the helper scripts + to clear the keyring on unmount (LP: #313812) + + -- Dustin Kirkland Mon, 26 Jan 2009 13:51:21 -0500 + +ecryptfs-utils (68-1ubuntu2) jaunty; urgency=low + + * debian/patches/05-mount_opts.dpatch: Clean up mount options, LP: #277723 + + -- Dustin Kirkland Mon, 05 Jan 2009 15:34:05 -0600 + +ecryptfs-utils (68-1ubuntu1) jaunty; urgency=low + + * Merge from debian unstable (LP: #311193), remaining changes: + - debian/ecryptfs-utils.postinst: handle pam-auth-update + - debian/control: keep the dpatch build dep; libpam-runtime dep for + pam-auth-update + - debian/ecryptfs-utils.install: install the pam-auth-update file + - debian/rules:keep the dpatch infrastructure around as we'll likely need + it again; install the pam-auth-update file + - debian/ecryptfs-utils.pam-auth-update: pam stack configuration + - debian/ecryptfs-utils.dirs: usr share install dirs + - debian/ecryptfs-utils.prerm: remove pam-auth-update configuration + * Upstream merge also fixes LP: #304043. + + -- Dustin Kirkland Wed, 24 Dec 2008 10:24:53 -0600 + +ecryptfs-utils (68-1) unstable; urgency=high + + * Merging upstream version 68: + - Contains upstream changelog (Closes: #507942). + - Fixes syntax error in ecryptfs-setup-private (Closes: #509339). + * Updating rules to install changelog. + + -- Daniel Baumann Tue, 23 Dec 2008 08:04:00 +0100 + +ecryptfs-utils (67-1ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes (Debian Bug: #506172): + - debian/ecryptfs-utils.postinst: handle pam-auth-update + - debian/rules:keep the dpatch infrastructure around as we'll likely need + it again; install the pam-auth-update file + - debian/ecryptfs-utils.install: install the pam-auth-update file + - debian/control: keep the dpatch build dep; libpam-runtime dep for + pam-auth-update + - debian/ecryptfs-utils.pam-auth-update: pam stack configuration + - debian/ecryptfs-utils.dirs: usr share install dirs + - debian/ecryptfs-utils.prerm: remove pam-auth-update configuration + * Dropped changes + - debian/patches/10-counter_increment_fix.dpatch: included upstream + - debian/ecryptfs-mount-private.desktop: included upstream + - debian/ecryptfs-mount-private.txt: included upstream + - debian/rules: desktop, readme files installed by upstream + - debian/ecryptfs-utils.install: desktop, readme installed by upstream + + -- Dustin Kirkland Thu, 04 Dec 2008 12:09:35 -0600 + +ecryptfs-utils (67-1) unstable; urgency=low + + * Merging upstream version 67. + + -- Daniel Baumann Wed, 3 Dec 2008 09:54:00 +0100 + +ecryptfs-utils (66-2ubuntu3) jaunty; urgency=low + + * debian/patches/10-counter_increment_fix.dpatch: fix broken mount counter + for encrypted home users (LP: #301085). + + -- Dustin Kirkland Sat, 22 Nov 2008 14:59:52 -0600 + +ecryptfs-utils (66-2ubuntu2) jaunty; urgency=low + + * debian/control: depend on python-dev and swig to fix FTBFS (LP: #299888) + * debian/changelog: fix references to Debian bugs + + -- Dustin Kirkland Wed, 19 Nov 2008 07:09:19 -0600 + +ecryptfs-utils (66-2ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, + (LP: #259631, #293433, #286265, #247421, #294888, #298421) + * Remaining changes: + - debian/ecryptfs-utils.postinst: handle pam-auth-update + (Debian Bug: #506172) + - debian/rules: + + keep the dpatch infrastructure around, as we'll likely + need it again at some point soon + + install the desktop, readme, and pam-auth-update files () + - debian/ecryptfs-utils.install: install the desktop, readme shared files + (Debian Bug: #506172) + - debian/control: + + keep the dpatch build dep + + depend on libpam-runtime (Debian Bug: #506172) + - debian/ecryptfs-utils.prerm: remove pam-auth-update configuration + (Debian Bug: #506172) + - debian/ecryptfs-mount-private.txt: readme to install in unmounted + private dir (Debian Bug: #506172) + - debian/ecryptfs-mount-private.desktop: desktop link to install in + unmounted private dir (Debian Bug: #506172) + - debian/ecryptfs-utils.dirs: usr share install dirs (Debian Bug: #506172) + - debian/ecryptfs-utils.pam-auth-update: pam stack configuration + (Debian Bug: #506172) + + -- Dustin Kirkland Tue, 18 Nov 2008 22:55:19 -0600 + +ecryptfs-utils (66-2) unstable; urgency=low + + * Removing auth-client-config support, no longer used. + * Adding ecryptfs-utils recommends to keyutils. + * Building without ssl, ecryptfs_key_mod_openssl.c has incompatible + license (GPL-2+). + * Building without pkcs11 helper, ecryptfs_key_mod_pkcs11_helper.c + links against openssl and has incompatible license (GPL-2+). + * Building without pkcs11 helper, ecryptfs_key_mod_tspi.c links + against openssl and has incompatible license (GPL-2+). + + -- Daniel Baumann Tue, 18 Nov 2008 20:02:00 +0100 + +ecryptfs-utils (66-1) unstable; urgency=low + + * Manually adding second line of the commit message when merging + upstream version 65 to changelog. + * Merging upstream version 66. + * Adding ecryptfs-utils.postinst to create /var/lib/ecryptfs on + package installation time. + + -- Daniel Baumann Tue, 18 Nov 2008 12:39:00 +0100 + +ecryptfs-utils (65-1) unstable; urgency=low + + * Merging upstream version 65: + - Adds --wrapping option to ecryptfs-setup-private command to use an + independent wrapping passphrase, different from the login passphrase + (Closes: #505008). + * Removing pam-doc.dpatch, went upstream. + * Adding build-depends to swig. + * Adding build-depends to python-dev. + * Including python bindings in libecryptfs0. + + -- Daniel Baumann Sat, 15 Nov 2008 07:49:00 +0100 + +ecryptfs-utils (64-3) unstable; urgency=low + + * Replacing obsolete dh_clean -k with dh_prep. + * Adding patch from Osamu Aoki to update + ecryptfs-pam-doc.txt contents with s/Confidential/Private/ + (Closes: #504934). + * Updating homepage and download location in control and copyright + (Closes: #504930). + * Updating author information in copyright. + * Installing desktop shortcut and readme to /usr/share/ecryptfs-utils. + Together with the fixes of upstream version 64, this interactively prompts + for passwords now (Closes: #504370). + + -- Daniel Baumann Sat, 8 Nov 2008 07:01:00 +0100 + +ecryptfs-utils (64-2) unstable; urgency=low + + * Adding build-depends to python (Closes: #504719). + + -- Daniel Baumann Thu, 6 Nov 2008 17:45:00 +0100 + +ecryptfs-utils (64-1) unstable; urgency=low + + * Removing sbin-path.dpatch, not needed anymore. + * Building with --enable-static, was default previously. + + -- Daniel Baumann Wed, 5 Nov 2008 20:45:00 +0100 + +ecryptfs-utils (63-1) unstable; urgency=low + + * Merging upstream version 63. + + -- Daniel Baumann Fri, 24 Oct 2008 06:42:00 +0200 + +ecryptfs-utils (61-1) unstable; urgency=low + + * Using patch-stamp rather than patch in rules file. + * Merging upstream version 61. + * Rediffing sbin-path.dpatch. + + -- Daniel Baumann Thu, 23 Oct 2008 19:42:00 +0200 + +ecryptfs-utils (58-2) unstable; urgency=low + + * Adding patch from situert to call ecryptfs + helper scripts in /sbin with full path to avoid problem if /sbin is + not in PATH (Closes: #498543). + + -- Daniel Baumann Thu, 11 Sep 2008 08:11:00 +0200 + +ecryptfs-utils (58-1) unstable; urgency=low + + * Merging upstream version 58. + + -- Daniel Baumann Tue, 9 Sep 2008 07:08:00 +0200 + +ecryptfs-utils (57-1) unstable; urgency=low + + * Updating vcs fields in control file. + * Merging upstream version 57. + + -- Daniel Baumann Mon, 8 Sep 2008 13:44:00 +0200 + +ecryptfs-utils (56-1) unstable; urgency=low + + * Setting permissions for ecryptfs.acc when installing it in rules. + * Merging upstream version 56. + + -- Daniel Baumann Mon, 25 Aug 2008 01:25:00 +0200 + +ecryptfs-utils (55-1) unstable; urgency=low + + * Merging upstream version 55. + + -- Daniel Baumann Mon, 25 Aug 2008 01:19:00 +0200 + +ecryptfs-utils (53-2) unstable; urgency=low + + * Adding auth-client-config support, thanks to Dustin Kirkland + . + + -- Daniel Baumann Tue, 5 Aug 2008 23:59:00 +0200 + +ecryptfs-utils (53-1ubuntu13) intrepid-proposed; urgency=low + + Fixes for LP: #259631, add interactive mounting capability + * debian/rules, debian/ecryptfs-utils.dirs, + debian/ecryptfs-utils.install, debian/ecryptfs-mount-private.desktop, + debian/ecryptfs-mount-private.txt: install the new desktop shortcut + file and readme.txt to /usr/share/ecryptfs-utils + * debian/patches/60_interactive_mount.dpatch: modify ecryptfs-mount-private + utility to interactively prompt for password + * debian/patches/00list: updated accordingly + + -- Dustin Kirkland Tue, 04 Nov 2008 09:34:41 -0600 + +ecryptfs-utils (53-1ubuntu12) intrepid-proposed; urgency=low + + * debian/patches/55_check_password_and_remove_from_proc.dpatch: + use the printf function properly (LP: #290445) + + -- Dustin Kirkland Tue, 28 Oct 2008 16:50:11 -0500 + +ecryptfs-utils (53-1ubuntu11) intrepid; urgency=low + + * debian/patches/55_check_password_and_remove_from_proc.dpatch: + Fix ecryptfs-add-passphrase and ecryptfs-wrap-passphrase to take + passphrases on standard, to protect from disclosure on the process + table; fix callers in ecryptfs-setup-private (LP: #287908). + Validate that the user password is correct with unix_chkpwd (LP: #287906). + * debian/patches/00list: updated accordingly + + -- Dustin Kirkland Thu, 23 Oct 2008 12:53:30 -0500 + +ecryptfs-utils (53-1ubuntu10) intrepid; urgency=low + + [Dustin Kirkland] + * debian/patches/45-mount_private_counter.dpatch: implement a counter to + track mounts/unmounts of the private directory; unmount if the + counter is 0; allow a -f override to force unmount. LP: #259293. + + [Steve Langasek] + * debian/patches/50-error-on-empty-password.dpatch: return + PAM_AUTHTOK_RECOVER_ERR from the password changing module if we + didn't get a password from the other modules in the stack, instead + of returning success. LP: #272232. + + -- Dustin Kirkland Sun, 19 Oct 2008 10:30:08 -0500 + +ecryptfs-utils (53-1ubuntu9) intrepid; urgency=low + + * debian/patches/35-silence_useless_mount_messages.dpatch: silence error + messages (LP: #277343) + * debian/patches/40-zero_out_grep_options.dpatch: zero out GREP_OPTIONS + (LP: #257984) + * debian/patches/00list: updated accordingly + + -- Dustin Kirkland Fri, 03 Oct 2008 12:58:21 -0500 + +ecryptfs-utils (53-1ubuntu8) intrepid; urgency=low + + * debian/rules: change the installed permissions of pam-auth-update + config to r--r--r-- (LP: #260458). + + -- Dustin Kirkland Fri, 22 Aug 2008 18:45:09 +0100 + +ecryptfs-utils (53-1ubuntu7) intrepid; urgency=low + + * debian/00list: added 30-ecryptfs-setup-private_empty-dir-check.dpatch + (LP: #260346). + * debian/30-ecryptfs-setup-private_empty-dir-check.dpatch: Patch checks that + ~/Private and ~/.Private are empty before proceeding. + + -- Dustin Kirkland Fri, 22 Aug 2008 12:16:50 +0100 + +ecryptfs-utils (53-1ubuntu6) intrepid; urgency=low + + * Fixes (LP: #259915). + * debian/control: drop suggests of auth-client-config, add depends on + libpam-runtime. + * debian/ecryptfs-utils.postinst: initial creation, use pam-auth-update, + be sure to 'force' if pam stack was precisely written by + auth-client-config. + * debian/ecryptfs-utils.prerm: remove pam-auth-update config on uninstall + * debian/ecryptfs-utils.pam-auth-update: initial creation of pam-auth-update + configuration. + * debian/ecryptfs.acc: drop auth-client-config profile. + * debian/rules, debian/ecryptfs-utils.install, debian/ecryptfs-utils.dirs: + remove auth-client-config installation, add pam-auth-update. + + -- Dustin Kirkland Fri, 22 Aug 2008 01:22:48 +0100 + +ecryptfs-utils (53-1ubuntu5) intrepid; urgency=low + + * debian/patches/00list: add 25-ecryptfs-setup-private_fix-pw-echo.dpatch + (LP: #259746). + * debian/patches/25-ecryptfs-setup-private_fix-pw-echo.dpatch: comment out + mostly-debugish echo's; conditionally print randomly generated passphrase; + always remind the user to print/record the mount passphrase for data + recovery. + + -- Dustin Kirkland Wed, 20 Aug 2008 23:20:36 +0100 + +ecryptfs-utils (53-1ubuntu4) intrepid; urgency=low + + * debian/patches/00list: add 20-ecryptfs-setup-private-force.dpatch. + * debian/patches/20-ecryptfs-setup-private-force.dpatch: error out if a + pre-existing ecryptfs setup is found, allow for a --force override, + * (LP: #258388). + + -- Dustin Kirkland Fri, 15 Aug 2008 13:54:03 -0500 + +ecryptfs-utils (53-1ubuntu3) intrepid; urgency=low + + * debian/patches/00list: add 15-pam_ecryptfs-auth_fork_exit.dpatch. + * debian/patches/15-pam_ecryptfs-auth_fork_exit.dpatch: fix broken + exit condition causing screensaver unlocking to fail (LP: #255795). + + -- Dustin Kirkland Mon, 11 Aug 2008 13:50:59 -0500 + +ecryptfs-utils (53-1ubuntu2) intrepid; urgency=low + + * debian/control: add build dependency on dpatch. + * debian/rules: add relevant patch bits. + * debian/patches/00list: add 10-pam_ecryptfs-automount.dpatch. + * debian/patches/10-pam_ecryptfs-automount.dpatch: patch pam_ecryptfs to + respect ~/.ecryptfs/auto-mount and ~/.ecryptfs/auto-umount files + (LP: #256154). + + -- Dustin Kirkland Fri, 08 Aug 2008 13:00:53 -0500 + +ecryptfs-utils (53-1ubuntu1) intrepid; urgency=low + + * Merge from debian unstable (LP: #254714, #251245), remaining changes: + - debian/rules: install ecryptfs auth-client-config profile + - debian/control: Update maintainer, suggest auth-client-config + - debian/ecryptfs.acc: define auth-client-config profile + - debian/ecryptfs-utils.install: install auth-client-config profile + * Dropped changes: + - debian/ecryptfs-utils.dirs: handled by install -D rule + * Additional changes + - debian/ecryptfs.acc: Add to common-password stack, make all pam_ecryptfs + entries optional (LP: #253816). + + -- Dustin Kirkland Mon, 04 Aug 2008 15:58:24 -0500 + +ecryptfs-utils (53-1) unstable; urgency=low + + * Updating to install newly added manpages. + * Removing 01-manpage.dpatch, not required anymore. + * Merging upstream version 53. + + -- Daniel Baumann Sun, 3 Aug 2008 00:11:00 +0200 + +ecryptfs-utils (52-1) unstable; urgency=low + + * Merging upstream version 52. + + -- Daniel Baumann Fri, 1 Aug 2008 03:50:00 +0200 + +ecryptfs-utils (51-1) unstable; urgency=low + + * Merging upstream version 51. + + -- Daniel Baumann Fri, 1 Aug 2008 01:22:00 +0200 + +ecryptfs-utils (50-4ubuntu2) intrepid; urgency=low + + * debian/patches/00list, debian/patches/05-pam_ecryptfs_waitpid.dpatch: + Cherry pick this patch from upstream, which fixes gdm/kdm hangs on logout + (LP: #250988). + + -- Dustin Kirkland Tue, 22 Jul 2008 18:34:59 -0500 + +ecryptfs-utils (50-4ubuntu1) intrepid; urgency=low + + * Merge from debian unstable (LP: #249503), remaining changes: + - debian/control: Update maintainer, suggest auth-client-config + - debian/ecryptfs-utils.dirs: add etc/auth-client-config/profile.d + - debian/ecryptfs-utils.install: add ecryptfs auth-client-config profile + - debian/ecryptfs.acc: define auth-client-config profile + - debian/rules: support ecryptfs auth-client-config profile + * Dropped changes: + - debian/libecryptfs0.dirs: moved auth-client-config bit to + debian/ecryptfs-utils.dirs + - debian/libecryptfs.install: moved auth-client-config bit to + debian/ecryptfs-utils.install + + -- Dustin Kirkland Thu, 17 Jul 2008 10:39:51 -0500 + +ecryptfs-utils (50-4) unstable; urgency=medium + + * Adding /usr/lib/libecryptfs.so.0.0 symlink. + * Moving /lib/security/pam_ecryptfs.so and /usr/lib/ecryptfs/*.so from + libecryptfs0 to ecryptfs-utils. + + -- Daniel Baumann Wed, 16 Jul 2008 20:34:00 +0200 + +ecryptfs-utils (50-3ubuntu1) intrepid; urgency=low + + * Merge from debian unstable (LP: #248420), remaining changes: + - debian/libecryptfs0.install: add ecryptfs auth-client-config profile + - debian/rules: support ecryptfs auth-client-config profile + - debian/control: Update maintainer, suggest auth-client-config + - debian/libecryptfs0.dirs: add etc/auth-client-config/profile.d + - debian/ecryptfs.acc: define auth-client-config profile + + -- Dustin Kirkland Mon, 14 Jul 2008 09:48:23 -0500 + +ecryptfs-utils (50-3) unstable; urgency=low + + * Adding missing build-depends to pkg-config (Closes: #490415). + + -- Daniel Baumann Sat, 12 Jul 2008 11:12:00 +0200 + +ecryptfs-utils (50-2) unstable; urgency=low + + * Removing currently unused libgtk2.0-dev from build-depends (Closes:#490233). + * Building ecryptfs-utils with TPM support on all supported Debian + architectures, except s390. + * Installing /sbin/mount.ecryptfs_private with suid root. + + -- Daniel Baumann Thu, 10 Jul 2008 23:48:00 +0200 + +ecryptfs-utils (50-1ubuntu1) intrepid; urgency=low + + * auth-client-config support (LP: #247641) + + debian/ecryptfs.acc: create an auth-client-config profile + + debian/libecryptfs0.install: install the auth-client-config profile + + debian/control: modify maintainer value; add auth-client-config to + Suggests + + debian/libecryptfs0.dirs: create with etc/auth-client-config/profile.d + + -- Dustin Kirkland Fri, 11 Jul 2008 12:00:36 -0500 + +ecryptfs-utils (50-1) unstable; urgency=low + + * Merging upstream version 50. + + -- Daniel Baumann Sun, 29 Jun 2008 22:19:00 +0200 + +ecryptfs-utils (49-1) unstable; urgency=low + + * Merging upstream version 49. + + -- Daniel Baumann Sun, 29 Jun 2008 22:09:00 +0200 + +ecryptfs-utils (48-1) unstable; urgency=medium + + * Updating debhelper shlibs file. + * Updating rules fileto reflect upstreams removal of documentation. + * Merging upstream version 48. + + -- Daniel Baumann Mon, 16 Jun 2008 21:35:00 +0200 + +ecryptfs-utils (47-1) unstable; urgency=low + + * Merging upstream version 47. + + -- Daniel Baumann Mon, 16 Jun 2008 20:39:00 +0200 + +ecryptfs-utils (46-1) unstable; urgency=low + + * Removing superfluous empty line from rules file. + * Removing trailing slash in install debhelper file. + * Merging upstream version 46. + * Updating to standards 3.8.0. + + -- Daniel Baumann Tue, 10 Jun 2008 08:06:00 +0200 + +ecryptfs-utils (45-1) unstable; urgency=low + + * Merging upstream version 45. + + -- Daniel Baumann Fri, 16 May 2008 08:22:00 +0200 + +ecryptfs-utils (44-1) unstable; urgency=low + + * Reordering rules file. + * Updating debhelper shlibs file. + * Rewriting copyright file in machine-interpretable format. + * Adding vcs fields in control file. + * Upgrading package to debhelper 7. + * Merging upstream version 44. + + -- Daniel Baumann Sat, 3 May 2008 12:17:00 +0200 + +ecryptfs-utils (43-1) unstable; urgency=low + + * New upstream release. + * Removing watch file. + + -- Daniel Baumann Wed, 9 Apr 2008 09:54:00 +0200 + +ecryptfs-utils (41-1) unstable; urgency=low + + * New upstream release. + + -- Daniel Baumann Tue, 1 Apr 2008 11:25:00 +0200 + +ecryptfs-utils (40-1) unstable; urgency=low + + * New upstream release. + + -- Daniel Baumann Sun, 24 Feb 2008 22:09:00 +0100 + +ecryptfs-utils (38-2) unstable; urgency=low + + * Temporarily only use tpm toolchain on i386 (Closes: #461233). + * Current upstream should build without patches on amd64 (Closes: #445619). + * Added --fail-missing to dh_install call in rules. + * Updated .install files to cover additional files. + + -- Daniel Baumann Thu, 17 Jan 2008 23:47:00 +0100 + +ecryptfs-utils (38-1) unstable; urgency=low + + * New upstream release. + + -- Daniel Baumann Sat, 12 Jan 2008 17:14:00 +0100 + +ecryptfs-utils (37-1) unstable; urgency=low + + * New upstream release (Closes: #457316). + * Compling with trousers support now. + * Bumping to new policy. + + -- Daniel Baumann Fri, 21 Dec 2007 14:54:00 +0100 + +ecryptfs-utils (30-1) unstable; urgency=low + + * New upstream release. + + -- Daniel Baumann Fri, 16 Nov 2007 12:10:00 +0100 + +ecryptfs-utils (27-1) unstable; urgency=low + + * New upstream release. + + -- Daniel Baumann Fri, 19 Oct 2007 21:50:00 +0200 + +ecryptfs-utils (26-1) unstable; urgency=low + + * New upstream release. + * Dropped 02-ia64.dpatch; not required anymore. + * Building with --disable-tspi for the time beeing until trousers is + uploaded. + * Downgrading recommends to opencryptoki to a suggests for the time beeing + until opencryptoki is uploaded. + + -- Daniel Baumann Sun, 14 Oct 2007 11:17:00 +0200 + +ecryptfs-utils (24-2) unstable; urgency=low + + * Enforcing libdir (Closes: #445619). + + -- Daniel Baumann Wed, 10 Oct 2007 23:41:00 +0200 + +ecryptfs-utils (24-1) unstable; urgency=low + + * New upstream release. + + -- Daniel Baumann Tue, 9 Oct 2007 12:03:00 +0200 + +ecryptfs-utils (23-1) unstable; urgency=low + + * New upstream release. + * Added libgpgme11-dev to build-depends. + * Rediffed 02-ia64.dpatch. + + -- Daniel Baumann Mon, 27 Aug 2007 16:32:00 +0200 + +ecryptfs-utils (21-1) unstable; urgency=low + + * Initial release (Closes: #401800). + * Added patch from William Lima to fix FTBFS on + ia64. + + -- Daniel Baumann Sun, 12 Aug 2007 15:20:00 +0200 + --- ecryptfs-utils-73.orig/debian/config/ecryptfs-mount-private.desktop +++ ecryptfs-utils-73/debian/config/ecryptfs-mount-private.desktop @@ -0,0 +1,7 @@ +[Desktop Entry] +Name=Access Your Private Data +GenericName=Access Your Private Data +Exec=/usr/bin/ecryptfs-mount-private +Terminal=true +Type=Application +Categories=System; --- ecryptfs-utils-73.orig/src/utils/ecryptfs-setup-private +++ ecryptfs-utils-73/src/utils/ecryptfs-setup-private @@ -221,11 +221,11 @@ # Check that the mount point and encrypted directory are empty (skip symlinks). # Perhaps one day we could provide a migration mode (using rsync or something), # but this would be VERY hard to do safely. -count=`ls -Al "$MOUNTPOINT" 2>/dev/null | grep -v "^total" | grep -v "^l" -c` +count=`ls -Al "$MOUNTPOINT" 2>/dev/null | egrep -c "^[drwx-]{10}"` if [ "$count" != "0" ]; then error "$MOUNTPOINT must be empty before proceeding" fi -count=`ls -Al "$CRYPTDIR" 2>/dev/null | grep -v "^total" -c` +count=`ls -Al "$CRYPTDIR" 2>/dev/null | egrep -c "^[dlrwx-]{10}"` if [ "$count" != "0" ]; then error "$CRYPTDIR must be empty before proceeding" fi