-
ecryptfs-utils (87-0ubuntu1.3) natty-proposed; urgency=low
* src/libecryptfs/key_management.c: LP: #725862
- fix nasty bug affecting users who do *not* encrypt filenames;
the first login works, but on logout, only one key gets
cleaned out; subsequent logins do not insert the necessary key
due to an early "goto out"
-- Dustin Kirkland <email address hidden> Fri, 02 Sep 2011 17:47:19 -0500
-
ecryptfs-utils (87-0ubuntu1.2) natty-security; urgency=low
* SECURITY UPDATE: wrong mtab ownership and permissions (LP: #830850)
- debian/patches/CVE-2011-3145.patch: also set gid and umask before
updating mtab in src/utils/mount.ecryptfs_private.c.
- CVE-2011-3145
-- Marc Deslauriers <email address hidden> Mon, 22 Aug 2011 14:10:47 -0400
-
ecryptfs-utils (87-0ubuntu1.1) natty-security; urgency=low
* SECURITY UPDATE: privilege escalation via mountpoint race conditions
(LP: #732628)
- debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
before checking permissions in src/utils/mount.ecryptfs_private.c.
- CVE-2011-1831
- CVE-2011-1832
* SECURITY UPDATE: race condition when checking source during mount
(LP: #732628)
- debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
kernel option when mounting directory in
src/utils/mount.ecryptfs_private.c.
- CVE-2011-1833
* SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
- debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
file first and make sure it succeeds before replacing the real mtab
in src/utils/mount.ecryptfs_private.c.
- CVE-2011-1834
* SECURITY UPDATE: key poisoning via insecure temp directory handling
(LP: #732628)
- debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
user controlled directory in src/utils/ecryptfs-setup-private.
- CVE-2011-1835
* SECURITY UPDATE: information disclosure via recovery mount in /tmp
(LP: #732628)
- debian/patches/CVE-2011-1836.patch: mount inside protected
subdirectory in src/utils/ecryptfs-recover-private.
- CVE-2011-1836
* SECURITY UPDATE: arbitrary file overwrite via lock counter race
condition (LP: #732628)
- debian/patches/CVE-2011-1837.patch: verify permissions with a file
descriptor, and don't follow symlinks in
src/utils/mount.ecryptfs_private.c.
- CVE-2011-1837
-- Marc Deslauriers <email address hidden> Thu, 04 Aug 2011 10:43:33 -0400
-
ecryptfs-utils (87-0ubuntu1) natty; urgency=low
[ Paolo Bonzini <email address hidden> ]
* src/utils/ecryptfs-setup-private: update the Private.* selinux
contexts
[ Dustin Kirkland ]
* src/utils/ecryptfs-setup-private:
- add -p to mkdir, address noise for a non-error
- must insert keys during testing phase, since we remove keys on
unmount now, LP: #725862
* src/utils/ecryptfs_rewrap_passphrase.c: confirm passphrases in
interactive mode, LP: #667331
-- Dustin Kirkland <email address hidden> Wed, 09 Mar 2011 13:31:29 +0000
-
ecryptfs-utils (86-0ubuntu1) natty; urgency=low
[ Jakob Unterwurzacher ]
* src/pam_ecryptfs/pam_ecryptfs.c:
- check if this file exists and ask the user for the wrapping passphrase
if it does
- eliminate both ecryptfs_pam_wrapping_independent_set() and
ecryptfs_pam_automount_set() and replace with a reusable
file_exists_dotecryptfs() function
[ Serge Hallyn and Dustin Kirkland ]
* src/utils/mount.ecryptfs_private.c:
- support multiple, user configurable private directories by way of
a command line "alias" argument
- this "alias" references a configuration file by the name of:
$HOME/.ecryptfs/alias.conf, which is in an fstab(5) format,
as well as $HOME/.ecryptfs/alias.sig, in the same format as
Private.sig
- if no argument specified, the utility operates in legacy mode,
defaulting to "Private"
- rename variables, s/dev/src/ and s/mnt/dest/
- add a read_config() function
- add an alias char* to replace the #defined ECRYPTFS_PRIVATE_DIR
- this is half of the fix to LP: #615657
* doc/manpage/mount.ecryptfs_private.1: document these changes
* src/libecryptfs/main.c, src/utils/mount.ecryptfs_private.c:
- allow umount.ecryptfs_private to succeed when the key is no
longer in user keyring.
-- Dustin Kirkland <email address hidden> Thu, 24 Feb 2011 13:43:19 -0600
-
ecryptfs-utils (85-0ubuntu1) natty; urgency=low
[ Dustin Kirkland ]
* src/utils/ecryptfs-recover-private: clean sigs of invalid characters
* src/utils/mount.ecryptfs_private.c:
- fix bug LP: #313812, clear used keys on unmount
- add ecryptfs_unlink_sigs to the mount opts, so that unmounts from
umount.ecryptfs behave similarly
- use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek
[ <email address hidden> ]
* src/utils/ecryptfs-migrate-home:
- support user databases outside of /etc/passwd, LP: #627506
-- Dustin Kirkland <email address hidden> Sun, 19 Dec 2010 10:50:52 -0600
-
ecryptfs-utils (84-0ubuntu1) natty; urgency=low
* src/desktop/ecryptfs-record-passphrase: fix typo, LP: #524139
* debian/rules, debian/control:
- disable the gpg key module, as it's not yet functional
- clean up unneeded build-deps
- also, not using opencryptoki either
* doc/manpage/ecryptfs.7: fix minor documentation bug, reported by
email by Jon 'maddog' Hall
* doc/manpage/ecryptfs-recover-private.1, doc/manpage/Makefile.am,
po/POTFILES.in, src/utils/ecryptfs-recover-private,
src/utils/Makefile.am: add a utility to simplify data recovery
of an encrypted private directory from a Live ISO, LP: #689969
-- Dustin Kirkland <email address hidden> Fri, 17 Dec 2010 20:14:45 -0600
-
ecryptfs-utils (83-0ubuntu3) lucid; urgency=low
* src/desktop/ecryptfs-record-passphrase: fix typo, LP: #524139
-- Dustin Kirkland <email address hidden> Thu, 18 Feb 2010 18:07:48 -0600
