Ubuntu

Change log for “ecryptfs-utils” package in Ubuntu

175 of 110 results
Published in trusty-release on 2014-03-15
Deleted in trusty-proposed (Reason: moved to release)
ecryptfs-utils (104-0ubuntu1) trusty; urgency=low

  [ Colin King ]
  * src/libecryptfs/ecryptfs-stat.c, tests/kernel/extend-file-
    random/test.c, tests/kernel/inode-race-stat/test.c,
    tests/kernel/trunc-file/test.c:
    - Fixed some 32 bit build warnings
  * src/libecryptfs/decision_graph.c, src/libecryptfs/key_management.c,
    src/libecryptfs/main.c, src/libecryptfs/module_mgr.c, src/utils/io.c,
    src/utils/mount.ecryptfs_private.c, tests/kernel/inotify/test.c,
    tests/kernel/trunc-file/test.c, tests/userspace/wrap-unwrap/test.c:
    - Fixed a pile of minor bugs (memory leaks, unclosed file descriptors,
      etc.) mostly in error paths
  * src/key_mod/ecryptfs_key_mod_passphrase.c, src/libecryptfs/main.c,
    src/pam_ecryptfs/pam_ecryptfs.c:
    - more Coverity fixes, memory leak, error checking, etc.

  [ Nobuto MURATA ]
  * fix an empty update-notifier window (LP: #1107650)
    - changes made in Rev.758 was incomplete

  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7:
    - adjust man page text to avoid confusion about whether the interactive
      mount helper takes a capital 'N' for the answer to y/n questions
      (LP: #1130460)
  * src/utils/ecryptfs_rewrap_passphrase.c:
    - Handle errors when interactively reading the new wrapping passphrase
      and the confirmation from stdin. Fixes a segfault (invalid memory read)
      in ecryptfs-rewrap-passphrase if there was an error while reading either
      of these passphrases.
  * configure.ac:
    - Set AM_CPPFLAGS to always include config.h as the first include file.
      Some .c files correctly included config.h before anything else. The
      majority of .c files got this wrong by including it after other header
      files, including it multiple times, or not including it at all.
      Including it in the AM_CPPFLAGS should solve these problems and keep
      future mistakes from happening in new source files.
    - Enable large file support (LFS) through the use of the AC_SYS_LARGEFILE
      autoconf macro. ecryptfs-utils has been well tested with LFS enabled
      because ecryptfs-utils is being built with
      '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' in Debian-based distros.
      This is mainly needed for some of the in-tree regression tests but
      ecryptfs-utils, in general, should be built with LFS enabled.
  * debian/rules:
    - Don't append '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' to the CFLAGS
      now that the upstream build enables LFS
  * tests/userspace/lfs.sh, tests/userspace/lfs/test.c:
    - Add a test to verify that LFS is enabled. This test is run under the
      make check target.
  * tests/kernel/enospc/test.c:
    - Fix test failures on 32 bit architectures due to large file sizes
      overflowing data types

  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-swap: LP: #1172014
    - write crypttab entry using UUID
  * src/utils/ecryptfs-recover-private: LP: #1028532
    - error out, if we fail to mount the private data correctly

  [ Colin King and Dustin Kirkland ]
  * configure.ac, src/daemon/main.c, src/libecryptfs/cmd_ln_parser.c,
    src/libecryptfs/decision_graph.c, src/utils/mount.ecryptfs.c,
    tests/kernel/trunc-file/test.c:
    - remove some dead code, fix some minor issues raised by Coverity
 -- Nobuto MURATA <email address hidden>   Thu, 21 Feb 2013 01:56:33 +0900

Available diffs

Superseded in trusty-release on 2014-03-15
Published in saucy-release on 2013-04-25
Published in raring-release on 2013-02-20
Deleted in raring-proposed (Reason: moved to release)
ecryptfs-utils (103-0ubuntu2) raring; urgency=low

  * fix an empty update-notifier window (LP: #1107650)
    - needed part was dropped accidentally at 102-0ubuntu1
 -- Nobuto MURATA <email address hidden>   Wed, 20 Feb 2013 14:05:42 +0900

Available diffs

Superseded in raring-release on 2013-02-20
Deleted in raring-proposed on 2013-02-27 (Reason: moved to release)
ecryptfs-utils (103-0ubuntu1) raring; urgency=low

  [ Tyler Hicks ]
  * debian/rules:
    - Use dpkg-buildflags to inject distro compiler hardening flags into the
      build. This also fixes the hardening-no-fortify-functions lintian
      warnings.

  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
    doc/manpage/ecryptfs-find.1, doc/manpage/ecryptfs-generate-tpm-
    key.1, doc/manpage/ecryptfs-insert-wrapped-passphrase-into-
    keyring.1, doc/manpage/ecryptfs-manager.8, doc/manpage/ecryptfs-
    migrate-home.8, doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
    passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
    swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
    private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
    doc/manpage/ecryptfs-verify.1, doc/manpage/ecryptfs-wrap-
    passphrase.1, doc/manpage/Makefile.am, doc/manpage/mount.ecryptfs.8,
    doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
    doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1, src/desktop/ecryptfs-find =>
    src/utils/ecryptfs-find, src/desktop/Makefile.am,
    src/utils/Makefile.am:
    - add 3 new manpages, for ecryptfs-find, ecryptfs-verify, and
      ecryptfs-migrate-home
    - Add SEE ALSO section to manpages which were missing it
    - Mention "Debian and Ubuntu" in license location
    - move the ecryptfs-find utility to the proper location in src/utils
  * src/utils/Makefile.am:
    - fix broken build
  * debian/ecryptfs-utils.links:
    - link no longer needed for ecryptfs-find

  [ Colin King ]
  * === added directory tests/kernel/mmap-bmap, === added directory
    tests/kernel/xattr, tests/kernel/link.sh, tests/kernel/Makefile.am,
    tests/kernel/mknod.sh, tests/kernel/mmap-bmap.sh, tests/kernel/mmap-
    bmap/test.c, tests/kernel/tests.rc, tests/kernel/xattr.sh,
    tests/kernel/xattr/test.c:
    - ran the current eCryptfs tests on 3.8-rc4 with kernel gcov enabled
      and spotted a few trivial areas where it would be useful to up the
      test coverage on the code
    - so here are a few very simple additional tests to exercise eCryptfs
      a little further
 -- Dustin Kirkland <email address hidden>   Fri, 25 Jan 2013 12:58:56 -0600

Available diffs

Superseded in raring-release on 2013-01-26
Deleted in raring-proposed on 2013-01-27 (Reason: moved to release)
ecryptfs-utils (102-0ubuntu1) raring; urgency=low

  [ Dustin Kirkland ]
  * debian/control:
    - bump standards, no change
  * precise

  [ Tyler Hicks ]
  * autogen.sh, scripts/release.sh, Makefile.am:
    - Break out the autoreconf and intltoolize commands from release.sh into
      an executable autogen.sh
    - Use the --copy option when invoking intltoolize
    - Include the new autogen.sh script in the release tarball
  * debian/rules, debian/control:
    - Use dh-autoreconf so that upstream sources can easily be used to build
      packages for all the stable Ubuntu releases in the ecryptfs-utils daily
      build PPA
    - Override the dh_autoreconf target by running the autogen.sh script
    - Drop Build-Depends on autotools-dev since dh-autoreconf is a superset of
      autotools-dev
    - Drop Build-Depends on autoconf, automake, and libtool since
      dh-autoreconf depends on all of these packages
  * m4/ac_python_devel.m4:
    - Fix FTBFS in Raring Ringtail due to multiarch Python. Be sure to include
      platform specific Python include directions in SWIG_PYTHON_CPPFLAGS.
  * src/utils/mount.ecryptfs_private.c:
    - Fix conditionals when checking whether to remove authentication tokens
      from the kernel keyring upon umount. This conditional was incorrectly
      modified in ecryptfs-utils-101, yet the authentication tokens still seem
      to be removed from the kernel keyring so it isn't clear if there was
      actually a user-facing regression.
    - Pass the FEKEK sig, rather than the FNEK sig, to
      ecryptfs_private_is_mounted()
    - Restore behavior of not printing error messages to syslog when
      unmounting and keys cannot be found in the kernel keyring.
    - Restore behavior of printing a useful error message about
      ecryptfs-mount-private when mounting and keys cannot be found in the
      kernel keyring
    - Fix memory leak and clean up free()'s in an error path
    - Use pointer assignment tests, rather than strlen(), to determine which
      key signatures were fetched
  * src/daemon/main.c, src/include/ecryptfs.h,
    src/libecryptfs/{Makefile.am,messaging.c,miscdev.c,netlink.c,sysfs.c},
    doc/manpage/ecryptfsd.8, doc/design_doc/ecryptfs_design_doc_v0_2.tex:
    - Remove netlink messaging interface support
    - Netlink messaging support was superceded by the miscdev interface
      (/dev/ecryptfs) in upstream kernel version 2.6.26 in July, 2008
    - Netlink messaging support was completely removed from the upstream
      kernel starting with version 2.6.32 in December, 2009
  * src/jprobes/*, scripts/delete-cruft.sh:
    - Remove all jprobes code, as I don't use jprobes to debug eCryptfs kernel
      issues and I don't like the idea of maintaining these jprobes outside of
      the kernel tree
  * src/escrow/*:
    - Remove all escrow code, as it isn't used or maintained
  * tests/kernel/llseek.sh, tests/kernel/llseek/test.c,
    tests/userspace/wrap-unwrap.sh, tests/userspace/wrap-unwrap/test.c:
    - Migrate some old testcases over to the modern test framework
  * tests/lib/etl_funcs.sh:
    - Update etl_create_test_dir() to allow a parent directory to be specified
      when creating the directory
  * src/testcases:
    - Delete old testcases that were either too basic, covered by more
      extensive tests in the modern test framework, or just didn't work

  [ Nobuto MURATA ]
  * src/desktop/ecryptfs-record-passphrase:
 -- Dustin Kirkland <email address hidden>   Tue, 22 Jan 2013 16:04:11 -0600

Available diffs

Published in quantal-updates on 2013-02-15
Deleted in quantal-proposed (Reason: moved to -updates)
ecryptfs-utils (100-0ubuntu1.1) quantal-proposed; urgency=low

  * Fix encrypted home/private race condition that could result in encrypted
    filenames not being decrypted, despite the directory being mounted
    correctly otherwise. (LP: #1052038)
    - debian/patches/fix-private-mount-race.patch: Fix race condition by only
      opening the signature file once, rather than opening, reading, and
      closing it for each key signature.
 -- Tyler Hicks <email address hidden>   Tue, 04 Dec 2012 14:12:27 -0600

Available diffs

Published in precise-updates on 2013-02-15
Deleted in precise-proposed (Reason: moved to -updates)
ecryptfs-utils (96-0ubuntu3.1) precise-proposed; urgency=low

  * Fix encrypted home/private race condition that could result in encrypted
    filenames not being decrypted, despite the directory being mounted
    correctly otherwise. (LP: #1052038)
    - debian/patches/fix-private-mount-race.patch: Fix race condition by only
      opening the signature file once, rather than opening, reading, and
      closing it for each key signature.
 -- Tyler Hicks <email address hidden>   Tue, 04 Dec 2012 14:12:55 -0600

Available diffs

Published in oneiric-updates on 2013-02-15
Deleted in oneiric-proposed (Reason: moved to -updates)
ecryptfs-utils (92-0ubuntu1.2) oneiric-proposed; urgency=low

  * Fix encrypted home/private race condition that could result in encrypted
    filenames not being decrypted, despite the directory being mounted
    correctly otherwise. (LP: #1052038)
    - debian/patches/fix-private-mount-race.patch: Fix race condition by only
      opening the signature file once, rather than opening, reading, and
      closing it for each key signature.
 -- Tyler Hicks <email address hidden>   Tue, 04 Dec 2012 14:13:46 -0600

Available diffs

Superseded in raring-release on 2013-01-22
Deleted in raring-proposed on 2013-01-24 (Reason: moved to release)
ecryptfs-utils (101-0ubuntu3) raring; urgency=low

  * Fix FTBFS: multiarched python2.7 paths.
 -- Dmitrijs Ledkovs <email address hidden>   Mon, 24 Dec 2012 14:24:56 +0200

Available diffs

Superseded in raring-release on 2012-12-24
Deleted in raring-proposed on 2012-12-25 (Reason: moved to release)
ecryptfs-utils (101-0ubuntu2) raring; urgency=low

  * debian/patches/record-passphrase-dialogue-translatable.patch:
    - make "Record your encryption passphrase" dialogue translatable
      (LP: #982924)
    - to workaround lp bug 1075304, removing line breaks(.) in the
      dialogue
 -- Nobuto MURATA <email address hidden>   Thu, 06 Dec 2012 23:37:38 +0900

Available diffs

Superseded in raring-release on 2012-12-08
Deleted in raring-proposed on 2012-12-09 (Reason: moved to release)
ecryptfs-utils (101-0ubuntu1) raring; urgency=low

  [ Eric Lammerts ]
  * src/libecryptfs/sysfs.c: LP: #1007880
    - Handle NULL mnt pointer when sysfs is not mounted

  [ Tyler Hicks ]
  * src/utils/ecryptfs-migrate-home: LP: #1026180
    - Correct minor misspelling
  * src/utils/ecryptfs-recover-private: LP: #1004082
    - Fix option parsing when --rw is specified
  * src/utils/ecryptfs-recover-private: LP: #1028923
    - Simplify success message to prevent incorrectly reporting that a
      read-only mount was performed when the --rw option is specified
  * tests/lib/etl_func.sh:
    - Add test library function to return a lower path from an upper path,
      based on inode numbers
  * tests/kernel/mmap-close.sh, tests/kernel/mmap-close/test.c:
    - Add regression test for open->mmap()->close()->dirty memory->munmap()
      pattern
  * tests/kernel/lp-561129.sh:
    - Add test for checking that a pre-existing target inode is properly
      evicted after a rename
  * tests/README:
    - Add documentation on the steps to take when adding new test cases

  [ Colin King ]
  * tests/kernel/lp-911507.sh:
    - Add test case for initializing empty lower files during open()
  * tests/kernel/lp-872905.sh:
    - Add test case to check for proper unlinking of lower files when
      lower file initialization fails
  * src/key_mod/ecryptfs_key_mod_openssl.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    src/libecryptfs/key_management.c,
    src/utils/mount.ecryptfs_private.c, src/utils/umount.ecryptfs.c:
    - address some issues raised by smatch static analysis
    - fix some memory leaks with frees
    - fix some pointer refs and derefs
    - fix some comment typos

  [ Dustin Kirkland ]
  * src/libecryptfs/key_management.c:
    - silence pam error message when errno == EACCES
      + "Error attempting to parse .ecryptfsrc file; rc = [-13]"
  * src/utils/mount.ecryptfs_private.c: LP: #1052038
    - fix race condition, which typically manifests itself with a user
      saying that their home directory is not accessible, or that their
      filenames are not decrypted
    - the root of the problem is that we were reading the signature file,
      ~/.ecryptfs/Private.sig, twice; in some cases, the first one succeeds,
      so the file encryption signature is read and key is loaded, but then
      some other process (usually from PAM, perhaps a cron job or a
      subsequent login) mounts the home directory before the filename
      encryption key is loaded;  thus, $HOME is mounted but filenames are
      not decrypted, so the second read of ~/.ecryptfs/Private.sig fails
      as that file is not found
    - the solution is to rework the internal fetch_sig() function and read
      one or both signatures within a single open/read/close operation of
      the file
    - free memory used by char **sig on failure
  * debian/copyright:
    - fix lintian warning
  * precise
 -- Dustin Kirkland <email address hidden>   Thu, 25 Oct 2012 16:13:28 -0500

Available diffs

Superseded in raring-release on 2012-10-28
Published in quantal-release on 2012-08-02
ecryptfs-utils (100-0ubuntu1) quantal; urgency=low

  [ Tyler Hicks ]
  * src/pam_ecryptfs/pam_ecryptfs.c, src/libecryptfs/key_management.c:
      LP: #1024476
    - fix regression introduced in ecryptfs-utils-99 when Encrypted
      Home/Private is in use and the eCryptfs kernel code is compiled as a
      module
    - drop check for kernel filename encryption support in pam_ecryptfs, as
      appropriate privileges to load the eCryptfs kernel module may not be
      available and filename encryption has been supported since 2.6.29
    - always add filename encryption key to the kernel keyring from pam mount

  [ Colin King ]
  * tests/kernel/inode-race-stat/test.c:
    - limit number of forks based on fd limits
  * tests/kernel/enospc.sh, tests/kernel/enospc/test.c,
    tests/kernel/Makefile.am, tests/kernel/tests.rc:
    - add test case for ENOSPC

  [ Tim Harder ]
  * m4/ac_python_devel.m4: LP: #1029217
    - properly save and restore CPPFLAGS and LIBS when python support is
      enabled
 -- Dustin Kirkland <email address hidden>   Thu, 02 Aug 2012 16:33:55 -0500

Available diffs

Superseded in quantal-release on 2012-08-02
ecryptfs-utils (99-0ubuntu1) quantal; urgency=low

  [ Dustin Kirkland ]
  * debian/ecryptfs-utils.postinst: LP: #936093
    - ensure desktop file is executable
  * precise

  [ Wesley Wiedenmeier ]
  * src/utils/mount.ecryptfs.c: LP: #329264
    - remove old hack, that worked around a temporary kernel regression;
      ensure that all mount memory is mlocked

  [ Sebastian Krahmer ]
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #732614
    - drop group privileges in the same places that user privileges are
      dropped
    - check return status of setresuid() calls and return if they fail
    - drop privileges before checking for the existence of
      ~/.ecryptfs/auto-mount to prevent possible file existence leakage
      by a symlink to a path that typically would not be searchable by
      the user
    - drop privileges before reading salt from the rc file to prevent the
      leakage of root's salt and, more importantly, using the incorrect salt
    - discovered, independently, by Vasiliy Kulikov and Sebastian Krahmer
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #1020904
    - after dropping privileges, clear the environment before executing the
      private eCryptfs mount helper
    - discovered by Sebastian Krahmer
  * src/utils/mount.ecryptfs_private.c: LP: #1020904
    - do not allow private eCryptfs mount aliases to contain ".." characters
      as a preventative measure against a crafted file path being used as an
      alias
    - force the MS_NOSUID mount flag to protect against user controlled lower
      filesystems, such as an auto mounted USB drive, that may contain a
      setuid-root binary
      + CVE-2012-3409
    - force the MS_NODEV mount flag
    - after dropping privileges, clear the environment before executing umount
    - discovered by Sebastian Krahmer

  [ Tyler Hicks ]
  * src/libecryptfs/key_management.c: LP: #732614
    - zero statically declared buffers to prevent the leakage of stack
      contents in the case of a short file read
    - discovered by Vasiliy Kulikov
  * src/libecryptfs/module_mgr.c, src/pam_ecryptfs/pam_ecryptfs.c:
    - fix compiler warnings
 -- Dustin Kirkland <email address hidden>   Fri, 13 Jul 2012 09:52:36 -0500

Available diffs

Superseded in quantal-release on 2012-07-13
ecryptfs-utils (98-0ubuntu1) quantal; urgency=low

  [ Dustin Kirkland ]
  * debian/ecryptfs-utils.prerm:
    - drop the pre-removal ERRORs down to WARNINGs
    - these have caused a ton of trouble;  whatever is causing ecryptfs-utils
      to be marked for removal should be fixed;  but ecryptfs exiting 1 seems
      to be causing more trouble than it's worth
    - LP: #871021, #812270, #988960, #990630, #995381, #1010961
  * doc/ecryptfs-faq.html:
    - update the frequently asked questions, which haven't seen much
      attention in a while now
    - drop a few references to sourceforge
  * doc/ecryptfs-pam-doc.txt, doc/manpage/fr/ecryptfs-add-passphrase.1,
    doc/manpage/fr/ecryptfs-generate-tpm-key.1, doc/manpage/fr/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-
    mount-private.1, doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
    doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
    umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
    doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
    zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
    doc/sourceforge_webpage/ecryptfs-article.pdf,
    doc/sourceforge_webpage/ecryptfs_design_doc_v0_1.pdf,
    doc/sourceforge_webpage/ecryptfs-faq.html,
    doc/sourceforge_webpage/ecryptfs-key-diagram-356.png,
    doc/sourceforge_webpage/ecryptfs-key-diagram-640.png,
    doc/sourceforge_webpage/ecryptfs-pageuptodate-call-graph.png,
    doc/sourceforge_webpage/ecryptfs-pam-doc.txt,
    doc/sourceforge_webpage/ecryptfs.pdf,
    doc/sourceforge_webpage/index.html, doc/sourceforge_webpage/README,
    === removed directory doc/manpage/fr, === removed directory
    doc/sourceforge_webpage, rpm/ecryptfs-utils.spec:
    - remove some deprecated documentation
    - fish it out of bzr, if we ever need it again, but let's
      quit publishing it in our release tarballs
  * precise
 -- Dustin Kirkland <email address hidden>   Sun, 24 Jun 2012 11:40:53 -0500

Available diffs

Superseded in quantal-release on 2012-06-24
ecryptfs-utils (97-0ubuntu1) quantal; urgency=low

  [ Kees Cook ]
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #938326
    - exit, rather than return to prevent duplicate processes

  [ Andreas Raster ]
  * src/desktop/ecryptfs-find:
    - $mounts was quoted once too often

  [ George Wilson ]
  * src/key_mod/ecryptfs_key_mod_openssl.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    src/key_mod/ecryptfs_key_mod_tspi.c: LP: #937331
    - IBM would like to grant a license exception for key modules that
      require linking to OpenSSL. The change should make the modules
      shippable by Linux distributions

  [ Dustin Kirkland ]
  * debian/copyright:
    - note the GPLv2 SSL exception granted by IBM for the key modules
  * debian/control, debian/copyright, doc/manpage/ecryptfs.7,
    doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
    doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
    manager.8, doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
    passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
    swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
    private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
    doc/manpage/ecryptfs-wrap-passphrase.1,
    doc/manpage/mount.ecryptfs.8, doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/pam_ecryptfs.8, doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1, README,
    src/utils/mount.ecryptfs.c:
    - use the new ecryptfs.org website where appropriate
  * debian/control:
    - update to suggest zescrow-client
  * precise

  [ Sergio Peña ]
  * src/libecryptfs/cipher_list.c: LP: #922821
    - add the new name of the blowfish cipher (linux >= 3.2)
  * src/include/ecryptfs.h, src/libecryptfs/main.c,
    src/utils/mount.ecryptfs.c: LP: #917509
    - use execl() to mount ecryptfs
    - this allows us to support any arbitrary mount options in
      /etc/fstab

  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7:
    - Remove the note saying that the passphrase and openssl key modules are
      available by default. That's true upstream but not always true in distro
      builds.
  * tests/run_tests.sh:
    - Make upper and lower mount point arguments optional by automatically
      creating directories in /tmp by default.
    - Make it possible to run only userspace tests without having to specify
      unused mount information
    - Accept a comma-separated list of lower filesystems to test on and loop
      through all kernel tests for each lower filesystem
    - Accept a comma-separated list of tests to run
  * tests/lib/etl_funcs.sh:
    - Unset $ETL_DISK just before etl_remove_disk() successfully returns
  * tests/userspace/Makefile.am:
    - Also build 'make check' tests when building with --enable-tests
  * include/ecryptfs.h, libecryptfs/Makefile.am,
    libecryptfs/cipher_list.c, libecryptfs/module_mgr.c,
    utils/io.h: LP: #994813
    - remove overly complicated implementation to detect what ciphers
      are supported by the currently running kernel's crypto api
    - prompt for the entire supported cipher list, if the user selects a
      cipher that their kernel doesn't support, the mount will fail
      and the kernel will write an error message to the syslog
  * src/libecryptfs/module_mgr.c:
    - Use correct blowfish block size when displaying supported ciphers to
      the user
  * tests/kernel/lp-1009207.sh, tests/kernel/Makefile.am,
    tests/kernel/tests.rc:
    - Add simple test case for incorrect handling of umask and default POSIX
      ACL masks
  * tests/kernel/lp-994247.sh, tests/kernel/lp-994247/test.c,
    tests/kernel/Makefile.am, tests/kernel/tests.rc:
    - Add test case for incorrect handling of open /dev/ecryptfs file
      descriptors that are passed or inherited by other processes

  [ Colin King ]
  * tests/lib/etl_funcs.sh:
    - etl_lumount() should use DST rather than SRC dir so it can run on Lucid
    - use file system appropriate mkfs force flag
    - cater for correct ext2 default mount flags
  * tests/kernel/lp-509180.sh, tests/kernel/lp-509180/test.c:
    - test for trailing garbage at end of files
  * tests/kernel/lp-524919.sh, tests/kernel/lp-524919/test.c:
    - test case for checking lstat/readlink size
  * tests/kernel/lp-870326.sh, tests/kernel/lp-870326/test.c:
    - test case for open(), mmap(), close(), modify mmap'd region
  * tests/kernel/lp-469664.sh:
    - test case for lsattr
  * tests/kernel/lp-613873.sh:
    - test case for stat modify time
  * tests/kernel/lp-745836.sh:
    - test case for clearing ECRYPTFS_NEW_FILE flag during truncate
  * tests/lib/etl_funcs.sh, tests/kernel/extend-file-random.sh,
    tests/kernel/trunc-file.sh (LP: #1007159):
    - Add test library function for estimating available space in lower fs
    - Use new library function in tests that need to create large files

  [ Colin Watson ]
  * src/utils/ecryptfs-setup-swap: Skip /dev/zram* swap devices
    LP: #979350

  [ Serge Hallyn ]
  * src/utils/mount.ecryptfs_private.c:
    - EoL fixes
 -- Dustin Kirkland <email address hidden>   Fri, 15 Jun 2012 09:28:58 -0500

Available diffs

Superseded in quantal-release on 2012-06-15
Published in precise-release on 2012-04-18
ecryptfs-utils (96-0ubuntu3) precise; urgency=low

  * src/utils/ecryptfs-setup-swap: Skip /dev/zram* swap devices
    (LP: #979350).
 -- Colin Watson <email address hidden>   Wed, 18 Apr 2012 15:52:45 +0100

Available diffs

Superseded in precise-release on 2012-04-18
ecryptfs-utils (96-0ubuntu2) precise; urgency=low

  * Add debian/patches/automount-fork-exit.patch (LP: #938326).
 -- Kees Cook <email address hidden>   Tue, 21 Feb 2012 17:49:54 -0800

Available diffs

Superseded in precise-release on 2012-02-22
ecryptfs-utils (96-0ubuntu1) precise; urgency=low

  [ Dustin Kirkland ]
  * CONTRIBUTING:
    - added a new file to describe how to contribute to ecryptfs
  * === added directory img/old, img/old/ecryptfs_14.png,
    img/old/ecryptfs_192.png, img/old/ecryptfs_64.png:
    - saving the old logos/branding for posterity
  * debian/copyright, img/COPYING:
    - added CC-by-SA 3.0 license
    - use the text version
  * img/ecryptfs_14.png, img/ecryptfs_192.png, img/ecryptfs_64.png:
    - added scaled copies of images used for Launchpad.net branding
  * src/utils/ecryptfs-recover-private: LP: #847505
    - add an option to allow user to enter the mount passphrase,
      in case they've recorded that, but forgotten their login
      passphrase
  * src/libecryptfs/sysfs.c: LP: #802197
    - default sysfs to /sys, if not found in /etc/mtab
    - it seems that reading /etc/mtab for this is outdated
    - ensure that ecryptfs works even if there is no sysfs entry
      in /etc/mtab
  * src/key_mod/ecryptfs_key_mod_tspi.c: LP: #462225
    - fix TPM and string_to_uuid 64bits issue
    - thanks to Janos for the patch
  * precise

  [ Tyler Hicks ]
  * CONTRIBUTING:
    - clarified how to contribute to the ecryptfs kernel module
  * tests/lib/etl_funcs.sh:
    - created eCryptfs test library of bash functions for use in test
      cases and test harnesses
  * test/etl_add_passphrase_key_to_keyring.c:
    - created a C helper program to allow bash scripts to interface to
      the libecryptfs function that adds passphrase-based keys to the
      kernel keyring
  * tests/kernel/tests.rc, tests/userspace/tests.rc:
    - created a test case category files for test harnesses to source
      when running testcases of a certain category (destructive, safe,
      etc.)
  * tests/run_tests.sh:
    - created a test harness to run eCryptfs test cases
  * tests/kernel/miscdev-bad-count.sh,
    tests/kernel/miscdev-bad-count/test.c:
    - created test case for miscdev issue reported to mailing list
  * tests/kernel/lp-885744.sh:
    - created test case for pathconf bug
  * tests/kernel/lp-926292.sh:
    - created test case for checking stale inode attrs after setxattr
  * tests/new.sh:
    - created new test case template to copy from
  * tests/userspace/verify-passphrase-sig.sh,
    tests/userspace/verify-passphrase-sig/test.c:
    - created test case, for make check, to test the creation of
      passphrase-based fekeks and signatures
  * configure.ac, Makefile.am, tests/Makefile.am, tests/lib/Makefile.am,
    tests/kernel/Makefile.am, tests/userspace/Makefile.am:
    - updated and created autoconf/automake files to build the new tests
      directory
    - added make check target

  [ Eddie Garcia ]
  * img/*: LP: #907131
    - contributing a new set of logos and branding under the CC-by-SA3.0
      license

  [ Colin King ]
  * tests/kernel/extend-file-random.sh,
    tests/kernel/extend-file-random/test.c:
    - Test to randomly extend file size, read/write + unlink
  * tests/kernel/trunc-file.sh, tests/kernel/trunc-file/test.c:
    - Test to exercise file truncation
  * tests/kernel/directory-concurrent.sh,
    tests/kernel/directory-concurrent/test.c:
    - test for directory creation/deletion races with multiple processes
  * tests/kernel/file-concurrent.sh,
    tests/kernel/file-concurrent/test.c:
    - test for file creation/truncation/unlink races with multiple
      processes
  * tests/kernel/inotify.sh, tests/kernel/inotify/test.c:
    - test for proper inotify support
  * tests/kernel/mmap-dir.sh, tests/kernel/mmap-dir/test.c:
    - test that directory files cannot be mmap'ed
  * tests/kernel/read-dir.sh, tests/kernel/read-dir/test.c:
    - test that read() on directory files returns the right error
  * tests/kernel/setattr-flush-dirty.sh:
    - test that the modified timestamp isn't clobbered in writeback
  * tests/kernel/inode-race-stat.sh, tests/kernel/inode-race-stat/test.c:
    - test for inode initialization race condition
 -- Dustin Kirkland <email address hidden>   Thu, 16 Feb 2012 14:22:09 -0600

Available diffs

Superseded in precise-release on 2012-02-16
ecryptfs-utils (95-0ubuntu1) precise; urgency=low

  [ Serge Hallyn ]
  * fix infinite loop on arm: fgetc returns an int, and -1 at end of
    options.  Arm makes char unsigned. (LP: #884407)

  [ Dustin Kirkland ]
  * debian/compat, debian/control, debian/ecryptfs-utils.install,
    debian/ecryptfs-utils.lintian-overrides,
    debian/libecryptfs0.install, debian/libecryptfs-dev.install,
    debian/lintian/ecryptfs-utils, debian/python-ecryptfs.install,
    debian/rules, debian/source/options, doc/ecryptfs-pam-doc.txt,
    doc/manpage/ecryptfs-setup-private.1, lintian/ecryptfs-utils, ===
    removed directory debian/lintian:
    - merge a bunch of packaging changes from Debian's Daniel Baumann
  * scripts/release.sh:
    - minor release fixes
 -- Dustin Kirkland <email address hidden>   Wed, 14 Dec 2011 14:22:33 -0600

Available diffs

Superseded in precise-release on 2011-12-14
ecryptfs-utils (94-0ubuntu1) precise; urgency=low

  [ Dustin Kirkland ]
  * scripts/release.sh:
    - fix release script
    - bump ubuntu release
  * doc/manpage/ecryptfs-recover-private.1, src/utils/ecryptfs-migrate-
    home (properties changed: -x to +x), src/utils/ecryptfs-recover-
    private:
    - add a --rw option for ecryptfs-recover-private
  * src/utils/ecryptfs-migrate-home: LP: #820416
    - show progress on rsync
  * debian/ecryptfs-utils.ecryptfs-utils-restore.upstart,
    debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
    src/utils/ecryptfs-migrate-home,
    src/utils/ecryptfs-setup-private: LP: #883238
    - remove 2 upstart scripts, which attempted to "save" users who didn't
      login after migrating their home; instead, we now require the root
      user to enter user passwords at migration time
  * debian/copyright, debian/ecryptfs-utils.ecryptfs-utils-
    restore.upstart, debian/ecryptfs-utils.ecryptfs-utils-save.upstart,
    doc/manpage/ecryptfs.7, doc/manpage/ecryptfs-add-passphrase.1,
    doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
    insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
    mount-private.1, doc/manpage/ecryptfs-recover-private.1,
    doc/manpage/ecryptfs-rewrap-passphrase.1, doc/manpage/ecryptfs-
    rewrite-file.1, doc/manpage/ecryptfs-setup-private.1,
    doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1,
    doc/manpage/ecryptfs-umount-private.1, doc/manpage/ecryptfs-unwrap-
    passphrase.1, doc/manpage/ecryptfs-wrap-passphrase.1,
    doc/manpage/fr/ecryptfs-add-passphrase.1, doc/manpage/fr/ecryptfs-
    generate-tpm-key.1, doc/manpage/fr/ecryptfs-insert-wrapped-
    passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-mount-private.1,
    doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
    doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
    umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
    doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
    zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
    doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
    doc/manpage/umount.ecryptfs.8,
    doc/manpage/umount.ecryptfs_private.1,
    src/pam_ecryptfs/pam_ecryptfs.c,
    src/utils/ecryptfs_add_passphrase.c,
    src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    src/utils/ecryptfs-migrate-home, src/utils/ecryptfs-mount-private,
    src/utils/ecryptfs-recover-private,
    src/utils/ecryptfs_rewrap_passphrase.c, src/utils/ecryptfs-rewrite-
    file, src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-
    swap, src/utils/ecryptfs-umount-private,
    src/utils/ecryptfs_unwrap_passphrase.c,
    src/utils/ecryptfs_wrap_passphrase.c:
    - update some email addresses, moving <email address hidden> ->
      <email address hidden> (which I can still read)
  * src/libecryptfs/key_management.c: LP: #715066
    - fix 2 places where we were handling
      ecryptfs_add_passphrase_key_to_keyring() inconsistently
    - if we're trying to add a key to the keyring, and it's already there,
      treat that as "success"
  * debian/control:
    - ecryptfs-setup-swap is strongly recommended, which depends on
      cryptsetup; so promote cryptsetup from suggests -> recommends
  * precise

  [ Stephan Ritscher and Tyler Hicks ]
  * src/libecryptfs/cmd_ln_parser.c: LP: #683535
    - fix passphrase_passwd_fd for pipes
    - handle memory allocation failures
    - free memory in error paths

  [ Arfrever Frehtes Taifersar Arahesis ]
  * configure.ac: LP: #893327
    - no need to check for python, if --disable-pywrap is passed
 -- Dustin Kirkland <email address hidden>   Wed, 14 Dec 2011 11:49:10 -0600

Available diffs

Superseded in oneiric-updates on 2013-02-15
Deleted in oneiric-proposed on 2013-02-16 (Reason: moved to -updates)
ecryptfs-utils (92-0ubuntu1.1) oneiric-proposed; urgency=low

  [ Serge Hallyn ]
  * fix infinite loop on arm: fgetc returns an int, and -1 at end of
    options.  Arm makes char unsigned. (LP: #884407)

  [ Michael Terry ]
  * debian/local/ecryptfs-verify, debian/rules:
    - Backport ecryptfs-verify from version 93.  Required to support
      gnome-control-center's check to see if it should display
      the autologin controls.  LP: #576133
 -- Michael Terry <email address hidden>   Thu, 10 Nov 2011 10:33:01 -0500

Available diffs

Superseded in precise-release on 2011-12-14
ecryptfs-utils (93-0ubuntu2) precise; urgency=low

  * fix infinite loop on arm: fgetc returns an int, and -1 at end of
    options.  Arm makes char unsigned. (LP: #884407)
 -- Serge Hallyn <email address hidden>   Tue, 08 Nov 2011 10:47:03 -0600

Available diffs

Superseded in precise-release on 2011-11-09
ecryptfs-utils (93-0ubuntu1) precise; urgency=low

  * src/utils/ecryptfs-verify, src/utils/Makefile.am:
    - add an ecryptfs-verify utility, LP: #845738
  * src/testcases/write-read.sh:
    - added a write/read test utility
  * doc/manpage/ecryptfs-mount-private.1, doc/manpage/ecryptfs-setup-
    private.1, doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/umount.ecryptfs_private.1: LP: #882267
    - remove inaccurate documentation about being a member of the ecryptfs
      group
  * src/utils/ecryptfs-setup-private: LP: #882314
    - fix preseeded encrypted home Ubuntu installations (thanks Timo!)
  * oneiric
 -- Dustin Kirkland <email address hidden>   Thu, 27 Oct 2011 10:55:04 -0500

Available diffs

Obsolete in natty-updates on 2013-06-04
Deleted in natty-proposed on 2013-06-04 (Reason: moved to -updates)
ecryptfs-utils (87-0ubuntu1.3) natty-proposed; urgency=low

  * src/libecryptfs/key_management.c: LP: #725862
    - fix nasty bug affecting users who do *not* encrypt filenames;
      the first login works, but on logout, only one key gets
      cleaned out; subsequent logins do not insert the necessary key
      due to an early "goto out"
 -- Dustin Kirkland <email address hidden>   Fri, 02 Sep 2011 17:47:19 -0500

Available diffs

Obsolete in maverick-proposed on 2013-03-05
ecryptfs-utils (83-0ubuntu3.2.10.10.3) maverick-proposed; urgency=low

  * src/libecryptfs/key_management.c: LP: #725862
    - fix nasty bug affecting users who do *not* encrypt filenames;
      the first login works, but on logout, only one key gets
      cleaned out; subsequent logins do not insert the necessary key
      due to an early "goto out"
 -- Dustin Kirkland <email address hidden>   Fri, 02 Sep 2011 17:46:45 -0500
Published in lucid-updates on 2011-09-29
Deleted in lucid-proposed (Reason: moved to -updates)
ecryptfs-utils (83-0ubuntu3.2.10.04.3) lucid-proposed; urgency=low

  * src/libecryptfs/key_management.c: LP: #725862
    - fix nasty bug affecting users who do *not* encrypt filenames;
      the first login works, but on logout, only one key gets
      cleaned out; subsequent logins do not insert the necessary key
      due to an early "goto out"
 -- Dustin Kirkland <email address hidden>   Fri, 02 Sep 2011 17:47:02 -0500
Superseded in precise-release on 2011-10-27
Published in oneiric-release on 2011-09-01
ecryptfs-utils (92-0ubuntu1) oneiric; urgency=low

  * src/libecryptfs/key_management.c: LP: #725862
    - fix nasty bug affecting users who do *not* encrypt filenames;
      the first login works, but on logout, only one key gets
      cleaned out; subsequent logins do not insert the necessary key
      due to an early "goto out"; this fix needs to be SRU'd
  * debian/rules: LP: #586281
    - fix perms on desktop mount file
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #838471
    - rework syslogging to be less noisy and note pam_ecryptfs
 -- Dustin Kirkland <email address hidden>   Thu, 01 Sep 2011 16:25:03 -0500

Available diffs

Superseded in oneiric-release on 2011-09-01
ecryptfs-utils (91-0ubuntu1) oneiric; urgency=low

  [ Diego E. "Flameeyes" Pettenò ]
  * configure.ac:
    - fix reliance on nss-config, which hinders cross-compilation

  [ Marc Deslauriers ]
  * src/utils/mount.ecryptfs_private.c:
  * SECURITY UPDATE: wrong mtab ownership and permissions (LP: #830850)
    - debian/patches/CVE-2011-3145.patch: also set gid and umask before
      updating mtab in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-3145
 -- Dustin Kirkland <email address hidden>   Wed, 31 Aug 2011 16:44:22 -0500

Available diffs

Superseded in natty-updates on 2011-11-15
Obsolete in natty-security on 2013-06-04
ecryptfs-utils (87-0ubuntu1.2) natty-security; urgency=low

  * SECURITY UPDATE: wrong mtab ownership and permissions (LP: #830850)
    - debian/patches/CVE-2011-3145.patch: also set gid and umask before
      updating mtab in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-3145
 -- Marc Deslauriers <email address hidden>   Mon, 22 Aug 2011 14:10:47 -0400

Available diffs

Obsolete in maverick-updates on 2013-03-05
Obsolete in maverick-security on 2013-03-05
ecryptfs-utils (83-0ubuntu3.2.10.10.2) maverick-security; urgency=low

  * SECURITY UPDATE: wrong mtab ownership and permissions (LP: #830850)
    - src/utils/mount.ecryptfs_private.c: also set gid and umask before
      updating mtab.
    - CVE-2011-3145
 -- Marc Deslauriers <email address hidden>   Mon, 22 Aug 2011 15:41:50 -0400
Superseded in lucid-updates on 2011-09-29
Published in lucid-security on 2011-08-23
ecryptfs-utils (83-0ubuntu3.2.10.04.2) lucid-security; urgency=low

  * SECURITY UPDATE: wrong mtab ownership and permissions (LP: #830850)
    - src/utils/mount.ecryptfs_private.c: also set gid and umask before
      updating mtab.
    - CVE-2011-3145
 -- Marc Deslauriers <email address hidden>   Mon, 22 Aug 2011 15:44:59 -0400
Superseded in oneiric-release on 2011-09-01
ecryptfs-utils (90-0ubuntu1) oneiric; urgency=low

  [ Marc Deslauriers ]
  * SECURITY UPDATE: privilege escalation via mountpoint race conditions
    (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
      before checking permissions in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1831
    - CVE-2011-1832
  * SECURITY UPDATE: race condition when checking source during mount
    (LP: #732628)
    - debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
      kernel option when mounting directory in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1833
  * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
      file first and make sure it succeeds before replacing the real mtab
      in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1834
  * SECURITY UPDATE: key poisoning via insecure temp directory handling
    (LP: #732628)
    - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
      user controlled directory in src/utils/ecryptfs-setup-private.
    - CVE-2011-1835
  * SECURITY UPDATE: information disclosure via recovery mount in /tmp
    (LP: #732628)
    - debian/patches/CVE-2011-1836.patch: mount inside protected
      subdirectory in src/utils/ecryptfs-recover-private.
    - CVE-2011-1836
  * SECURITY UPDATE: arbitrary file overwrite via lock counter race
    condition (LP: #732628)
    - debian/patches/CVE-2011-1837.patch: verify permissions with a file
      descriptor, and don't follow symlinks in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1837
 -- Dustin Kirkland <email address hidden>   Wed, 10 Aug 2011 08:36:44 -0500

Available diffs

Superseded in oneiric-release on 2011-08-10
ecryptfs-utils (89-0ubuntu2) oneiric; urgency=low

  * SECURITY UPDATE: privilege escalation via mountpoint race conditions
    (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
      before checking permissions in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1831
    - CVE-2011-1832
  * SECURITY UPDATE: race condition when checking source during mount
    (LP: #732628)
    - debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
      kernel option when mounting directory in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1833
  * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
      file first and make sure it succeeds before replacing the real mtab
      in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1834
  * SECURITY UPDATE: key poisoning via insecure temp directory handling
    (LP: #732628)
    - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
      user controlled directory in src/utils/ecryptfs-setup-private.
    - CVE-2011-1835
  * SECURITY UPDATE: information disclosure via recovery mount in /tmp
    (LP: #732628)
    - debian/patches/CVE-2011-1836.patch: mount inside protected
      subdirectory in src/utils/ecryptfs-recover-private.
    - CVE-2011-1836
  * SECURITY UPDATE: arbitrary file overwrite via lock counter race
    condition (LP: #732628)
    - debian/patches/CVE-2011-1837.patch: verify permissions with a file
      descriptor, and don't follow symlinks in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1837
 -- Marc Deslauriers <email address hidden>   Thu, 04 Aug 2011 10:37:40 -0400

Available diffs

Superseded in lucid-updates on 2011-08-23
Superseded in lucid-security on 2011-08-23
ecryptfs-utils (83-0ubuntu3.2.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: privilege escalation via mountpoint race conditions
    (LP: #732628)
    - src/utils/mount.ecryptfs_private.c: chdir into mountpoint before
      checking permissions. Patch thanks to Dan Rosenberg.
    - CVE-2011-1831
    - CVE-2011-1832
  * SECURITY UPDATE: race condition when checking source during mount
    (LP: #732628)
    - src/utils/mount.ecryptfs_private.c: use new ecryptfs_check_dev_ruid
      kernel option when mounting directory.
    - CVE-2011-1833
  * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
    - src/utils/mount.ecryptfs_private.c: modify mtab via a temp file first
      and make sure it succeeds before replacing the real mtab. Patch
      thanks to Dan Rosenberg.
    - CVE-2011-1834
  * SECURITY UPDATE: key poisoning via insecure temp directory handling
    (LP: #732628)
    - src/utils/ecryptfs-setup-private: make sure we don't copy into a
      user controlled directory.
    - CVE-2011-1835
  * SECURITY UPDATE: arbitrary file overwrite via lock counter race
    condition (LP: #732628)
    - src/utils/mount.ecryptfs_private.c: verify permissions with a file
      descriptor, and don't follow symlinks.
    - CVE-2011-1837
 -- Marc Deslauriers <email address hidden>   Thu, 04 Aug 2011 10:37:00 -0400
Superseded in maverick-updates on 2011-08-23
Superseded in maverick-security on 2011-08-23
ecryptfs-utils (83-0ubuntu3.2.10.10.1) maverick-security; urgency=low

  * SECURITY UPDATE: privilege escalation via mountpoint race conditions
    (LP: #732628)
    - src/utils/mount.ecryptfs_private.c: chdir into mountpoint before
      checking permissions. Patch thanks to Dan Rosenberg.
    - CVE-2011-1831
    - CVE-2011-1832
  * SECURITY UPDATE: race condition when checking source during mount
    (LP: #732628)
    - src/utils/mount.ecryptfs_private.c: use new ecryptfs_check_dev_ruid
      kernel option when mounting directory.
    - CVE-2011-1833
  * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
    - src/utils/mount.ecryptfs_private.c: modify mtab via a temp file first
      and make sure it succeeds before replacing the real mtab. Patch
      thanks to Dan Rosenberg.
    - CVE-2011-1834
  * SECURITY UPDATE: key poisoning via insecure temp directory handling
    (LP: #732628)
    - src/utils/ecryptfs-setup-private: make sure we don't copy into a
      user controlled directory.
    - CVE-2011-1835
  * SECURITY UPDATE: arbitrary file overwrite via lock counter race
    condition (LP: #732628)
    - src/utils/mount.ecryptfs_private.c: verify permissions with a file
      descriptor, and don't follow symlinks.
    - CVE-2011-1837
 -- Marc Deslauriers <email address hidden>   Thu, 04 Aug 2011 10:41:53 -0400
Superseded in natty-updates on 2011-08-23
Superseded in natty-security on 2011-08-23
ecryptfs-utils (87-0ubuntu1.1) natty-security; urgency=low

  * SECURITY UPDATE: privilege escalation via mountpoint race conditions
    (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
      before checking permissions in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1831
    - CVE-2011-1832
  * SECURITY UPDATE: race condition when checking source during mount
    (LP: #732628)
    - debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
      kernel option when mounting directory in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1833
  * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
      file first and make sure it succeeds before replacing the real mtab
      in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1834
  * SECURITY UPDATE: key poisoning via insecure temp directory handling
    (LP: #732628)
    - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
      user controlled directory in src/utils/ecryptfs-setup-private.
    - CVE-2011-1835
  * SECURITY UPDATE: information disclosure via recovery mount in /tmp
    (LP: #732628)
    - debian/patches/CVE-2011-1836.patch: mount inside protected
      subdirectory in src/utils/ecryptfs-recover-private.
    - CVE-2011-1836
  * SECURITY UPDATE: arbitrary file overwrite via lock counter race
    condition (LP: #732628)
    - debian/patches/CVE-2011-1837.patch: verify permissions with a file
      descriptor, and don't follow symlinks in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1837
 -- Marc Deslauriers <email address hidden>   Thu, 04 Aug 2011 10:43:33 -0400
Superseded in oneiric-release on 2011-08-09
ecryptfs-utils (89-0ubuntu1) oneiric; urgency=low

  [ Dustin Kirkland ]
  * debian/control:
    - add missing build dependency needed for release
  * doc/manpage/ecryptfs-wrap-passphrase.1: fix minor error in manpage
  * src/desktop/ecryptfs-find, src/desktop/Makefile.am: LP: #799157
    - add a tool, /usr/share/ecryptfs-utils/ecryptfs-find that can
      help find cleartext/encrypted filenames by inode number
  * src/desktop/ecryptfs-find:
    - test file exists first; ditch the match;
      search all ecryptfs mounts that user can read/traverse
  * debian/ecryptfs-utils.links:
    - add a symlink for Ubuntu
  * scripts/release.sh:
    - improve release script

  [ Serge Hallyn ]
  * Fix from Christophe Dumez: mount.ecryptfs_private: Do not attempt to
    update mtab if it is a symbolic link.  (LP: #789888)
 -- Dustin Kirkland <email address hidden>   Tue, 19 Jul 2011 14:58:23 -0500

Available diffs

Superseded in oneiric-release on 2011-07-19
ecryptfs-utils (88-0ubuntu1) oneiric; urgency=low

  * src/utils/mount.ecryptfs_private.c:
    - reduce the window size for the TOCTOU race;
      does not entirely solve LP: #732628, which is going to need to be
      fixed in the kernel with some heavy locking
  * debian/control: update urls
  * src/utils/ecryptfs-mount-private: LP: #725862
    - fix ecryptfs-mount-private to insert only the fek, if filename
      encryption is disabled
 -- Dustin Kirkland <email address hidden>   Tue, 24 May 2011 09:47:52 -0500

Available diffs

Superseded in oneiric-release on 2011-05-24
Obsolete in natty-release on 2013-06-04
ecryptfs-utils (87-0ubuntu1) natty; urgency=low

  [ Paolo Bonzini <email address hidden> ]
  * src/utils/ecryptfs-setup-private: update the Private.* selinux
    contexts

  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-private:
    - add -p to mkdir, address noise for a non-error
    - must insert keys during testing phase, since we remove keys on
      unmount now, LP: #725862
  * src/utils/ecryptfs_rewrap_passphrase.c: confirm passphrases in
    interactive mode, LP: #667331
 -- Dustin Kirkland <email address hidden>   Wed, 09 Mar 2011 13:31:29 +0000

Available diffs

Superseded in natty-release on 2011-03-14
ecryptfs-utils (86-0ubuntu1) natty; urgency=low

  [ Jakob Unterwurzacher ]
  * src/pam_ecryptfs/pam_ecryptfs.c:
    - check if this file exists and ask the user for the wrapping passphrase
      if it does
    - eliminate both ecryptfs_pam_wrapping_independent_set() and
      ecryptfs_pam_automount_set() and replace with a reusable
      file_exists_dotecryptfs() function

  [ Serge Hallyn and Dustin Kirkland ]
  * src/utils/mount.ecryptfs_private.c:
    - support multiple, user configurable private directories by way of
      a command line "alias" argument
    - this "alias" references a configuration file by the name of:
      $HOME/.ecryptfs/alias.conf, which is in an fstab(5) format,
      as well as $HOME/.ecryptfs/alias.sig, in the same format as
      Private.sig
    - if no argument specified, the utility operates in legacy mode,
      defaulting to "Private"
    - rename variables, s/dev/src/ and s/mnt/dest/
    - add a read_config() function
    - add an alias char* to replace the #defined ECRYPTFS_PRIVATE_DIR
    - this is half of the fix to LP: #615657
  * doc/manpage/mount.ecryptfs_private.1: document these changes
  * src/libecryptfs/main.c, src/utils/mount.ecryptfs_private.c:
    - allow umount.ecryptfs_private to succeed when the key is no
      longer in user keyring.
 -- Dustin Kirkland <email address hidden>   Thu, 24 Feb 2011 13:43:19 -0600

Available diffs

Superseded in maverick-updates on 2011-08-09
Deleted in maverick-proposed on 2011-08-10 (Reason: moved to -updates)
ecryptfs-utils (83-0ubuntu3.1maverick) maverick-proposed; urgency=low

  * Cherry pick upstream bzr commit r520
  * src/utils/mount.ecryptfs_private.c:
    - fix bug LP: #313812, clear used keys on unmount
    - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from
      umount.ecryptfs behave similarly
    - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek
 -- Dustin Kirkland <email address hidden>   Fri, 11 Feb 2011 17:21:59 -0600
Superseded in lucid-updates on 2011-08-09
Deleted in lucid-proposed on 2011-08-10 (Reason: moved to -updates)
ecryptfs-utils (83-0ubuntu3.1) lucid-proposed; urgency=low

  * Cherry pick upstream bzr commit r520
  * src/utils/mount.ecryptfs_private.c:
    - fix bug LP: #313812, clear used keys on unmount
    - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from
      umount.ecryptfs behave similarly
    - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek
 -- Dustin Kirkland <email address hidden>   Fri, 11 Feb 2011 17:21:59 -0600

Available diffs

Deleted in karmic-proposed on 2011-05-03 (Reason: unverified, karmic EOL)
ecryptfs-utils (81-0ubuntu3.1) karmic-proposed; urgency=low

  * Cherry-pick upstream commit bzr r520
  * src/utils/mount.ecryptfs_private.c:
    - fix bug LP: #313812, clear used keys on unmount
    - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from
      umount.ecryptfs behave similarly
    - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek
 -- Dustin Kirkland <email address hidden>   Fri, 11 Feb 2011 17:19:37 -0600

Available diffs

Superseded in natty-release on 2011-02-24
ecryptfs-utils (85-0ubuntu1) natty; urgency=low

  [ Dustin Kirkland ]
  * src/utils/ecryptfs-recover-private: clean sigs of invalid characters
  * src/utils/mount.ecryptfs_private.c:
    - fix bug LP: #313812, clear used keys on unmount
    - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from
      umount.ecryptfs behave similarly
    - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek

  [ <email address hidden> ]
  * src/utils/ecryptfs-migrate-home:
    - support user databases outside of /etc/passwd, LP: #627506
 -- Dustin Kirkland <email address hidden>   Sun, 19 Dec 2010 10:50:52 -0600

Available diffs

Superseded in natty-release on 2011-02-01
ecryptfs-utils (84-0ubuntu1) natty; urgency=low

  * src/desktop/ecryptfs-record-passphrase: fix typo, LP: #524139
  * debian/rules, debian/control:
    - disable the gpg key module, as it's not yet functional
    - clean up unneeded build-deps
    - also, not using opencryptoki either
  * doc/manpage/ecryptfs.7: fix minor documentation bug, reported by
    email by Jon 'maddog' Hall
  * doc/manpage/ecryptfs-recover-private.1, doc/manpage/Makefile.am,
    po/POTFILES.in, src/utils/ecryptfs-recover-private,
    src/utils/Makefile.am: add a utility to simplify data recovery
    of an encrypted private directory from a Live ISO, LP: #689969
 -- Dustin Kirkland <email address hidden>   Fri, 17 Dec 2010 20:14:45 -0600

Available diffs

Superseded in natty-release on 2010-12-18
Obsolete in maverick-release on 2013-03-05
Published in lucid-release on 2010-02-19
ecryptfs-utils (83-0ubuntu3) lucid; urgency=low

  * src/desktop/ecryptfs-record-passphrase: fix typo, LP: #524139
 -- Dustin Kirkland <email address hidden>   Thu, 18 Feb 2010 18:07:48 -0600

Available diffs

Superseded in lucid-release on 2010-02-19
ecryptfs-utils (83-0ubuntu2) lucid; urgency=low

  * debian/rules, debian/control: disable the gpg key module,
    as it's not yet functional; does more harm than good to build it;
    should not be in 10.04 LTS; clean up build-deps; also, not using
    opencryptoki either; unbreak the build for 32-bit Lucid
 -- Dustin Kirkland <email address hidden>   Wed, 17 Feb 2010 16:20:35 -0600

Available diffs

Superseded in lucid-release on 2010-02-17
ecryptfs-utils (83-0ubuntu1) lucid; urgency=low

  [ David Planella ]
  * Makefile.am, configure.ac, debian/control, debian/po/POTFILES.sh,
    debian/po/ecryptfs-utils.pot, debian/po/fr.po, debian/rules,
    po/POTFILES.in, src/desktop/Makefile.am,
    src/desktop/ecryptfs-mount-private.desktop,
    src/desktop/ecryptfs-mount-private.desktop.in,
    src/desktop/ecryptfs-record-passphrase,
    src/desktop/ecryptfs-setup-private.desktop,
    src/desktop/ecryptfs-setup-private.desktop.in:
    - internationalization work for LP: #358283
  * po/LINGUAS, po/ca.po: Catalan translation

  [ Yan Li <email address hidden> ]
  * src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/ecryptfs-migrate-home: add a script and pam hooks to
    support automatic migration to encrypted home directory

  [ Dustin Kirkland ]
  * src/utils/ecryptfs-migrate-home: clean up for merge
    - use $() rather than ``
    - drop set -u
    - use = and !=, and quote vars, rather than testing with -ne, -eq,
      for better shell portability
    - improve usage statement and error text
    - check if already encrypted
    - handle migration of multiple users on boot
    - fix all whitespace, use tabs for indents
    - use quotes around variables, rather than ${} (stylistic preference)
    - major simplification for immediate release
      + remove boot and user modes; only support administrator mode for
        security reasons and to avoid race conditions
      + other modes can be re-added, if necessary, and if security
        concerns can be addressed
    - ensure running as root
    - drop VERBOSE option, always print useful info messages
    - call the user $USER_NAME rather than $USER_ID since id implies
      number, and here we're deailing with names
    - no decimals on awk calculation
    - mktemp on the target user, not root
    - check that there is enough disk space available to do the migration
    - ensure the user's homedir group is correct
    - add critical instructions, user *must* login after the migration and
      before the reboot, as their wrapped passphrase will be cleared on
      reboot (possible we should use an init script to move these to
      /var/tmp on reboot)
    - ensure permissions are set correctly
    - improve text at the end of the migration, organize into notes
  * ecryptfs-utils.ecryptfs-utils-restore.upstart,
    ecryptfs-utils.ecryptfs-utils-save.upstart, rules:
    - try to protect migrating users who don't login before the next reboot
  * debian/ecryptfs-utils.install: install the locale messages
  * src/desktop/ecryptfs-record-passphrase: improve dialog text
  * src/desktop/ecryptfs-record-passphrase: revert the _ bit, as it's not quite
    working yet, will need to talk to David to fix
  * Mark LP: #471725 as fixed
 -- Dustin Kirkland <email address hidden>   Wed, 17 Feb 2010 15:17:09 -0600

Available diffs

Superseded in lucid-release on 2010-02-17
ecryptfs-utils (82-0ubuntu2) lucid; urgency=low

  * debian/rules: fix FTBFS, CFLAGS needed for libgcrypt11-dev linking
 -- Dustin Kirkland <email address hidden>   Tue, 10 Nov 2009 12:05:58 -0600

Available diffs

Superseded in lucid-release on 2009-11-10
ecryptfs-utils (82-0ubuntu1) lucid; urgency=low

  * Merging upstream release
 -- Dustin Kirkland <email address hidden>   Tue, 10 Nov 2009 11:36:15 -0600

Available diffs

Superseded in lucid-release on 2009-11-10
Obsolete in karmic-release on 2013-03-04
ecryptfs-utils (81-0ubuntu3) karmic; urgency=low

  * src/utils/ecryptfs-setup-private, debian/control: LP: #456565
    - fix typo, s/getext/gettext
    - depend on gettext-base

 -- Dustin Kirkland <email address hidden>   Tue, 20 Oct 2009 13:42:43 -0500

Available diffs

Superseded in karmic-release on 2009-10-22
ecryptfs-utils (81-0ubuntu2) karmic; urgency=low

  * src/utils/ecryptfs-setup-private: fix bug where setup-private
    incorrectly assumed that the home/private dir ownerships should
    be owned by USER:USER; instead, default to USER:GROUP, where
    GROUP is the USER's primary group by default, cherry-pick upstream
    r463, LP: #445301

 -- Dustin Kirkland <email address hidden>   Wed, 14 Oct 2009 14:20:42 -0500

Available diffs

Superseded in karmic-release on 2009-10-14
ecryptfs-utils (81-0ubuntu1) karmic; urgency=low

  [ Michael Terry ]
  * src/utils/ecryptfs-setup=swap: clean up some error message reporting,
    LP: #430891, #430890

  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs.7: note the 64-char passphrase limit, LP: #386504
  * src/utils/ecryptfs-setup-private: minor documentation change

 -- Dustin Kirkland <email address hidden>   Fri, 18 Sep 2009 18:59:00 -0500

Available diffs

Superseded in karmic-release on 2009-09-19
ecryptfs-utils (80-0ubuntu1) karmic; urgency=low

  * Merge from upstream

 -- Dustin Kirkland <email address hidden>   Wed, 19 Aug 2009 11:31:15 -0500

Available diffs

Superseded in karmic-release on 2009-08-19
ecryptfs-utils (79-0ubuntu1) karmic; urgency=low

  * Merged upstream release

 -- Dustin Kirkland <email address hidden>   Mon, 17 Aug 2009 11:57:15 -0500

Available diffs

Superseded in karmic-release on 2009-08-17
ecryptfs-utils (78-0ubuntu1) karmic; urgency=low

  [ James Westby ]
  * src/libecryptfs/main.c flockfile the filehandle after checking that
    we were able to successfully open it (LP: #403011)
  * debian/libecryptfs0.shlibs: bump shlibs dep to 77 since we added new
    symbols there

 -- Dustin Kirkland <email address hidden>   Wed, 22 Jul 2009 11:17:41 -0500

Available diffs

Superseded in karmic-release on 2009-07-22
ecryptfs-utils (77-0ubuntu2) karmic; urgency=low

  * flockfile the filehandle after checking that we were able to successfully
    open if (LP: #403011)

 -- James Westby <email address hidden>   Wed, 22 Jul 2009 13:35:11 +0100

Available diffs

Superseded in karmic-release on 2009-07-22
ecryptfs-utils (77-0ubuntu1) karmic; urgency=low

  [ Dustin Kirkland ]
  * src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c:
    revert the zombie code removal from pam_ecryptfs as it seems this
    bit is still needed; fix the source of the problem introduced in
    commit r407; check for non-zero return codes; this problem would
    manifest itself as a) unable to unlock screensaver, b) unable to
    switch users, c) unable to mount home folder on initial login;
    LP: #402222, #402029
  * src/utils/ecryptfs-umount-private: use for loop to loop over key
    ids on removal
  * src/utils/mount.ecryptfs_private.c: return non-zero on unmount failure
    due to open sessions; handle this in ecryptfs-umount-private too; make
    the flock() blocking; use /dev/shm for counter; add an iterator to the
    counter file to prevent users from DoS'ing one another from accessing
    their encrypted directories, LP: #402745
  * debian/ecryptfs-utils.postinst: move /tmp counters to /dev/shm
  * configure.ac: link against pam, silence shlib warning
  * src/include/ecryptfs.h, src/libecryptfs/main.c,
    src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/mount.ecryptfs_private.c: move two functions from
    mount.ecryptfs_private to libecryptfs, namely is_mounted() and
    fetch_private_mnt(); use these in both pam_ecryptfs and
    mount.ecryptfs_private; also move PRIVATE to ECRYPTFS_PRIVATE in
    the ecryptfs.h headers; this will allow us to short-circuit some of the
    costly key-loading code on pam_auth if the private dir is already
    mounted, speeding up some subsequent authentications significantly,
    LP: #402748
  * doc/ecryptfs-mount-private.txt: removed the "$" to make copy-n-paste
    more user friendly
  * src/utils/ecryptfs-setup-private: when encrypting home, put the
    .ecryptfs and .Private data in /home/.ecryptfs rather than /var/lib,
    as users are forgetting to backup /var/lib, and are often putting
    /home on a separate partition; furthermore, this gives users a place
    to access their encrypted data for backup, rather than hiding the
    data below $HOME, LP: #371719

  [ Tyler Hicks ]
  * src/libecryptfs/cipher_list.c, src/libecryptfs/module_mgr.c:
    add blowfish/56-bytes to the list of ciphers we officially support,
    LP: #402790

 -- Dustin Kirkland <email address hidden>   Wed, 22 Jul 2009 00:01:56 -0500

Available diffs

Superseded in karmic-release on 2009-07-22
ecryptfs-utils (76-0ubuntu2) karmic; urgency=low

  * src/pam_ecryptfs/pam_ecryptfs.c: remove deprecated zombie code,
    LP: #401770

 -- Dustin Kirkland <email address hidden>   Mon, 20 Jul 2009 12:07:50 -0500

Available diffs

Superseded in karmic-release on 2009-07-20
ecryptfs-utils (76-0ubuntu1) karmic; urgency=low

  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-swap: switch from vol_id to blkid,
    LP: #376486
  * debian/ecryptfs-utils.postinst, src/utils/ecryptfs-setup-private:
    don't echo mount passphrase if running in bootstrap mode; prune
    potential leakages from install log, LP: #383650
  * SECURITY UPDATE: mount passphrase recorded in install log (LP: #383650).
    - debian/ecryptfs-utils.postinst: prune private information from
      installer log
    - src/utils/ecryptfs-setup-private: don't echo passphrase if running in
      bootstrap mode
    - CVE-2009-1296
  * src/utils/ecryptfs-setup-private: make some of the lanuage more readable,
    (thanks, anrxc)
  * README, configure.ac, debian/control, debian/rules,
    doc/sourceforge_webpage/README, src/libecryptfs-swig/libecryptfs.py,
    src/libecryptfs-swig/libecryptfs_wrap.c,
    src/libecryptfs/key_management.c, src/libecryptfs/libecryptfs.pc.in,
    src/libecryptfs/main.c, src/pam_ecryptfs/Makefile.am,
    src/utils/manager.c, src/utils/mount.ecryptfs.c: move build from gcrypt
    to nss (this change has been pending for some time)
  * src/utils/ecryptfs-dot-private: dropped, was too hacky
  * ecryptfs-mount-private.1, ecryptfs-setup-private.1: align the
    documentation and implementation of the wrapping-independent feature,
    LP: #383746
  * src/utils/ecryptfs-umount-private: use keyctl list @u, since keyctl show
    stopped working, LP: #400484, #395082
  * src/utils/mount.ecryptfs_private.c: fix counter file locking; solves
    a longstanding bug about "random" umount caused by cronjobs, LP: #358573

  [ Michal Hlavinka (edits by Dustin Kirkland) ]
  * doc/manpage/ecryptfs-mount-private.1,
    doc/manpage/ecryptfs-rewrite-file.1,
    doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs.7,
    doc/manpage/mount.ecryptfs_private.1,
    doc/manpage/umount.ecryptfs_private.1: documentation updated to note
    possible ecryptfs group membership requirements; Fix ecrypfs.7 man
    page and key_mod_openssl's error message; fix typo
  * src/libecryptfs/decision_graph.c: put a finite limit (5 tries) on
    interactive input; fix memory leaks when asking questions
  * src/libecryptfs/module_mgr.c: Don't error out with EINVAL when
    verbosity=0 and some options are missing.
  * src/utils/umount.ecryptfs.c: no error for missing key when removing it
  * src/libecryptfs-swig/libecryptfs.i: fix compile werror, cast char*
  * src/utils/ecryptfs_add_passphrase.c: fix/test/use return codes;
    return nonzero for --fnek when not supported but used
  * src/include/ecryptfs.h, src/key_mod/ecryptfs_key_mod_openssl.c,
    src/libecryptfs/module_mgr.c: refuse mounting with too small rsa
    key (key_mod_openssl)
  * src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c: fix return
    codes
  * src/utils/ecryptfs-rewrite-file: polish output
  * src/libecryptfs/key_management.c: inform about full keyring; insert fnek
    sig into keyring if fnek support check fails; don't fail if key already
    exists in keyring
  * src/utils/ecryptfs-setup-private: if the ecryptfs group exists, restrict
    ecryptfs-setup-private to members of this group
  * src/pam_ecryptfs/pam_ecryptfs.c: dynamically load ecryptfs module by
    checking ecryptfs version
  * src/libecryptfs/decision_graph.c, src/utils/io.c,
    src/utils/mount.ecryptfs.c: fix EOF handling, LP: #371587
  * src/desktop/Makefile.am: make desktop files trusted, LP: #371426

  [ Dustin Kirkland and Daniel Baumann ]
  * debian/control, debian/copyright, debian/ecryptfs-utils.dirs,
    debian/ecryptfs-utils.install, debian/ecryptfs-utils.postinst,
    debian/rules, ecryptfs-utils.pam-auth-update: sync Ubuntu's
    packaging with Debian; drop dpatch, drop libssl build dep, clean
    up extraneous debhelper bits, match cflags; remaining diff is only
    ecryptfs-utils.prerm

  [ Arfrever Frehtes Taifersar Arahesis ]
  * key_mod/ecryptfs_key_mod_gpg.c,
    key_mod/ecryptfs_key_mod_pkcs11_helper.c,
    libecryptfs/key_management.c, utils/ecryptfs_unwrap_passphrase.c:
    Fix warnings, initialize a few variables, drop unused ones

  [ David Hicks ]
  * src/lib/key_management.c: fix stray semicolon that prevents .ecryptfsrc
    files from working properly, LP: #372709

  [ Michael Rooney ]
  * src/python/ecryptfsapi.py: added python api

 -- Dustin Kirkland <email address hidden>   Fri, 17 Jul 2009 18:33:44 -0500

Available diffs

Superseded in karmic-release on 2009-07-18
ecryptfs-utils (75-0ubuntu2) karmic; urgency=low

  * SECURITY UPDATE: mount passphrase recorded in install log (LP: #383650).
    - debian/ecryptfs-utils.postinst: prune private information from
      installer log
    - src/utils/ecryptfs-setup-private: don't echo passphrase if running in
      bootstrap mode
    - CVE-2009-1296

 -- Dustin Kirkland <email address hidden>   Fri, 05 Jun 2009 09:39:13 -0500

Available diffs

Obsolete in jaunty-updates on 2013-02-28
Obsolete in jaunty-security on 2013-02-28
ecryptfs-utils (73-0ubuntu6.1) jaunty-security; urgency=low

  * SECURITY UPDATE: mount passphrase recorded in install log (LP: #383650).
    - debian/ecryptfs-utils.postinst: prune private information from
      installer log
    - src/utils/ecryptfs-setup-private: don't echo passphrase if running in
      bootstrap mode
    - CVE-2009-1296

 -- Dustin Kirkland <email address hidden>   Thu, 04 Jun 2009 11:29:58 -0500
Superseded in karmic-release on 2009-06-08
ecryptfs-utils (75-0ubuntu1) karmic; urgency=low

  [ Dustin Kirkland ]
  * debian/rules: drop hackery that moves stuff /usr/share/ecryptfs-utils
  * src/utils/mount.ecryptfs_private.c: update inline documentation
  * debian/changelog, src/libecryptfs/cmd_ln_parser.c,
    src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c,
    src/utils/ecryptfs_add_passphrase.c,
    src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    src/utils/ecryptfs_rewrap_passphrase.c,
    src/utils/ecryptfs_unwrap_passphrase.c,
    src/utils/ecryptfs_wrap_passphrase.c: silence some useless logging,
    LP: #313330
  * include/ecryptfs.h, libecryptfs/key_management.c,
    utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c,
    utils/ecryptfs_unwrap_passphrase.c: if the file to unwrap is
    unspecified, try to use the default ~/.ecryptfs/wrapped-passphrase
    before bailing out, LP: #359997
  * src/utils/ecryptfs-setup-private: unix_chkpwd is not always present
    (eg, gentoo), LP: #332341

  [ Tyler Hicks ]
  * doc/manpage/ecryptfs.7: ecryptfs_encrypted_view option desription
    was wrong LP: #328761

  [ Michal Hlavinka ]
  * decision_graph.c: fix uninitialized return code
  * mount.ecryptfs.c: don't pass verbosity option to kernel

  [ anrxc & Dustin Kirkland ]
  * doc/Makefile.am, src/desktop/Makefile.am: fix automake installation from
    /usr/share to /usr/share/ecryptfs-utils

  [ Daniel Baumann & Dustin Kirkland ]
  * debian/rules, debian/control: sync differences between Debian & Ubuntu's
    packaging

  [ Arfrever Frehtes Taifersar Arahesis ]
  * src/key_mod/ecryptfs_key_mod_gpg.c,
    src/key_mod/ecryptfs_key_mod_pkcs11_helper.c: fix implicit declations

  [ Frédéric Guihéry ]
  * key_mod/ecryptfs_key_mod_tspi.c, utils/ecryptfs_generate_tpm_key.c:
    the SRK password should be set to 20 bytes of NULL (wellknown
    password), in order for different tools to request key protection
    with the Storage Root Key

 -- Dustin Kirkland <email address hidden>   Sat, 02 May 2009 11:44:56 -0500

Available diffs

Superseded in karmic-release on 2009-05-02
Obsolete in jaunty-release on 2013-02-28
ecryptfs-utils (73-0ubuntu6) jaunty; urgency=low

  Fix for LP: #357354, (Upstream revision 375)
  * change "ecryptfs-remind-passphrase" to "ecryptfs-record-passphrase",
    which is far more accurate to what's actually being done

 -- Dustin Kirkland <email address hidden>   Tue, 07 Apr 2009 15:35:45 -0700

Available diffs

Superseded in jaunty-release on 2009-04-07
ecryptfs-utils (73-0ubuntu5) jaunty; urgency=low

  Reworked the fixes for LP: #352307 (Upstream Committed revision 373)
  * debian/local/ecryptfs-remind-passphrase: run if
    ~/.ecryptfs/.wrapped-passphrase.recorded does NOT exist; touch that
    file upon successful run of unwrap passphrase
  * debian/patches/00list,
    debian/patches/update-notifier-remind-passphrase.dpatch: dropped, since
    this was moved into PAM

 -- Dustin Kirkland <email address hidden>   Tue, 07 Apr 2009 14:18:24 -0700

Available diffs

Superseded in jaunty-release on 2009-04-07
ecryptfs-utils (73-0ubuntu4) jaunty; urgency=low

  * debian/rules: Move python site-packages/ to dist-packages. This
    mysteriously broke with the latest python2.6.

 -- Martin Pitt <email address hidden>   Mon, 06 Apr 2009 08:41:40 -0700

Available diffs

Superseded in jaunty-release on 2009-04-06
ecryptfs-utils (73-0ubuntu3) jaunty; urgency=low

  * Add interactive update-notifier hook for reminding the user to write down
    the autogenerated passphrase: (LP: #352307)
    - Add debian/local/ecryptfs-remind-passphrase: update-notifier hook, with
      German translations. (Unfortunately this package is not gettextized yet,
      thus translations have to be added inline).
    - debian/ecryptfs-utils.install: Install above into
      /usr/share/ecryptfs-utils.
    - Add update-notifier-remind-passphrase.dpatch: Create update-notifier
      message about recording your passphrase, if it was generated randomly,
      and ecryptfs-setup-private is run as root.

 -- Martin Pitt <email address hidden>   Sun, 05 Apr 2009 12:34:44 -0700

Available diffs

Superseded in jaunty-release on 2009-04-05
ecryptfs-utils (73-0ubuntu2) jaunty; urgency=low

  * src/utils/ecryptfs-setup-private: fix bug in grep when running with LANG
    in other locales, LP: #347969, cherry-picked from bzr (r369).

 -- Dustin Kirkland <email address hidden>   Tue, 24 Mar 2009 14:38:49 -0500

Available diffs

Superseded in jaunty-release on 2009-03-27
ecryptfs-utils (73-0ubuntu1) jaunty; urgency=low

  [ Dustin Kirkland ]
  Userspace fixes for LP: #345544, CVE-2009-0787
  * src/utils/ecryptfs-rewrite-file: new script, to rewrite a file,
    forcing it to be re-encrypted when written to disk
  * doc/manpage/ecryptfs-rewrite-file.1: documentation added

  Unrelated fixes in this release
  * src/utils/ecryptfs-mount-private, src/utils/ecryptfs-setup-private,
    src/utils/ecryptfs-setup-swap: use head/line for prompting and reading
    input

  [ Michal Hlavinka ]
  * ecryptfs-setup-private: don't fail with syntax error when kernel
    module not loaded
  * *.desktop: make desktop files standards compliant
  * umount.ecryptfs: don't sigsegv when arguments are missing

 -- Dustin Kirkland <email address hidden>   Fri, 20 Mar 2009 17:26:13 -0500

Available diffs

Superseded in jaunty-release on 2009-03-23
ecryptfs-utils (72-0ubuntu1) jaunty; urgency=low

  [ Dustin Kirkland ]
  * src/utils/ecryptfs-[u]mount-private: print message about cd $PWD,
    LP: #332331
  * doc/manpage/*: manpage updates
  * debian/ecryptfs-utils.prerm: prevent removal of ecryptfs-utils
    package, if in use, LP: #331085
  * src/utils/ecryptfs-setup-private:
    - allow for LDAP-based logins, LP: #317307
    - add --noautomount, --noautoumount options, LP: #301759

  [ Tyler Hicks ]
  * src/libecryptfs/cipher_list.c: ignore unknown ciphers, LP: #335632
  * doc/manpage/ecryptfs.7: add key sig mount options info, LP: #329491
  * src/utils/mount.ecryptfs.c: scrub unknown option

  [ James Dupin ]
  * doc/manpage/fr/*: initial cut at french manpages

  [ Michal Hlavinka ]
  * src/libecryptfs/module_mgr.c: fix mount parameter handling on
    interactive mounting, LP: #331948

 -- Dustin Kirkland <email address hidden>   Wed, 18 Mar 2009 18:53:11 -0500

Available diffs

Superseded in jaunty-release on 2009-03-19
ecryptfs-utils (71-0ubuntu2) jaunty; urgency=low

  * debian/ecryptfs-utils.prerm: perform some cursory checks, to ensure that
    there are no obvious, current users of ecryptfs before allowing package
    removal, LP: #331085

 -- Dustin Kirkland <email address hidden>   Mon, 23 Feb 2009 15:55:57 -0600

Available diffs

Superseded in jaunty-release on 2009-03-03
ecryptfs-utils (71-0ubuntu1) jaunty; urgency=low

  Upstream changes

  [ Dustin Kirkland ]
  * src/utils/ecryptfs-setup-swap: a first cut at a script that helps setup
    encrypted swap
  * debian/control: suggest cryptsetup

  [ Michal Hlavinka ]
  * improve interactive mode of mount.ecryptfs

 -- Dustin Kirkland <email address hidden>   Wed, 18 Feb 2009 17:34:17 -0600

Available diffs

Superseded in jaunty-release on 2009-02-19
ecryptfs-utils (70-0ubuntu1) jaunty; urgency=low

  * New upstream release, dropped all patches (included upstream)

  [ Michal Hlavinka ]
  * Auto module loading improvements
  * Fix nss passphrase (un)wrapping
  * Fix error handling when wrapping passphrase is too long
  * Use %m instead of strerror(errno) everywhere
  * Make the code compile with -Werror

  [ Tyler Hicks ]
  * umount.ecryptfs wrapper, clears keys

  [ Dustin Kirkland ]
  * Add a trailing newline to passphrase printing
  * Hack around glibc/kernel mlock limit issue, LP: #329176

 -- Dustin Kirkland <email address hidden>   Fri, 13 Feb 2009 19:33:22 -0600

Available diffs

Superseded in jaunty-release on 2009-02-14
ecryptfs-utils (69-0ubuntu2) jaunty; urgency=low

  * debian/patches/10-remove-bashism.dpatch: fix installer bug, LP: #326184
  * debian/control: Added libnss3-1d dependency (trying to cut over from
    openssl linkage)

 -- Dustin Kirkland <email address hidden>   Fri, 06 Feb 2009 17:58:11 +0100

Available diffs

Superseded in jaunty-release on 2009-02-06
ecryptfs-utils (69-0ubuntu1) jaunty; urgency=low

  * New upstream release, dropped all patches (included upstream)
  * This release includes support for filename encryption (LP: #264977)
  * This release promotes keyutils from a 'recommends' to a 'depends,
    for access to the keyctl command, which is used by the helper scripts
    to clear the keyring on unmount (LP: #313812)

 -- Dustin Kirkland <email address hidden>   Mon, 26 Jan 2009 13:51:21 -0500

Available diffs

Superseded in jaunty-release on 2009-01-26
ecryptfs-utils (68-1ubuntu2) jaunty; urgency=low

  * debian/patches/05-mount_opts.dpatch: Clean up mount options, LP: #277723

 -- Dustin Kirkland <email address hidden>   Mon, 05 Jan 2009 15:34:05 -0600

Available diffs

175 of 110 results