lp://staging/ubuntu/trusty-security/ecryptfs-utils
- Get this branch:
- bzr branch lp://staging/ubuntu/trusty-security/ecryptfs-utils
Branch merges
Branch information
Recent revisions
- 94. By Tyler Hicks
-
* SECURITY UPDATE: Mount passphrase wrapped with a default salt value
- debian/patches/ CVE-2014- 9687.patch: Generate a random salt when wrapping
the mount passphrase. If a user has a mount passphrase that was wrapped
using the default salt, their mount passphrase will be rewrapped using a
random salt when they log in with their password.
- debian/patches/ CVE-2014- 9687.patch: Create a temporary file when
creating a new wrapped-passphrase file and copy it to its final
destination after the file has been fully synced to disk (LP: #1020902)
- debian/rules: Set the executable bit on the
v1-to-v2-wrapped- passphrase. sh test script that was created by
wrapping-passphrase- salt.patch
- CVE-2014-9687 - 93. By Nobuto Murata
-
[ Colin King ]
* src/libecryptfs/ecryptfs- stat.c, tests/kernel/ extend- file-
random/test.c, tests/kernel/inode-race- stat/test. c,
tests/kernel/ trunc-file/ test.c:
- Fixed some 32 bit build warnings
* src/libecryptfs/decision_ graph.c, src/libecryptfs /key_management .c,
src/libecryptfs/main. c, src/libecryptfs /module_ mgr.c, src/utils/io.c,
src/utils/mount.ecryptfs_ private. c, tests/kernel/ inotify/ test.c,
tests/kernel/ trunc-file/ test.c, tests/userspace /wrap-unwrap/ test.c:
- Fixed a pile of minor bugs (memory leaks, unclosed file descriptors,
etc.) mostly in error paths
* src/key_mod/ecryptfs_ key_mod_ passphrase. c, src/libecryptfs /main.c,
src/pam_ecryptfs/ pam_ecryptfs. c:
- more Coverity fixes, memory leak, error checking, etc.[ Nobuto MURATA ]
* fix an empty update-notifier window (LP: #1107650)
- changes made in Rev.758 was incomplete[ Tyler Hicks ]
* doc/manpage/ecryptfs. 7:
- adjust man page text to avoid confusion about whether the interactive
mount helper takes a capital 'N' for the answer to y/n questions
(LP: #1130460)
* src/utils/ecryptfs_ rewrap_ passphrase. c:
- Handle errors when interactively reading the new wrapping passphrase
and the confirmation from stdin. Fixes a segfault (invalid memory read)
in ecryptfs-rewrap- passphrase if there was an error while reading either
of these passphrases.
* configure.ac:
- Set AM_CPPFLAGS to always include config.h as the first include file.
Some .c files correctly included config.h before anything else. The
majority of .c files got this wrong by including it after other header
files, including it multiple times, or not including it at all.
Including it in the AM_CPPFLAGS should solve these problems and keep
future mistakes from happening in new source files.
- Enable large file support (LFS) through the use of the AC_SYS_LARGEFILE
autoconf macro. ecryptfs-utils has been well tested with LFS enabled
because ecryptfs-utils is being built with
'-D_LARGEFILE_ SOURCE -D_FILE_ OFFSET_ BITS=64' in Debian-based distros.
This is mainly needed for some of the in-tree regression tests but
ecryptfs-utils, in general, should be built with LFS enabled.
* debian/rules:
- Don't append '-D_LARGEFILE_SOURCE -D_FILE_ OFFSET_ BITS=64' to the CFLAGS
now that the upstream build enables LFS
* tests/userspace/lfs.sh, tests/userspace /lfs/test. c:
- Add a test to verify that LFS is enabled. This test is run under the
make check target.
* tests/kernel/enospc/ test.c:
- Fix test failures on 32 bit architectures due to large file sizes
overflowing data types[ Dustin Kirkland ]
* src/utils/ecryptfs- setup-swap: LP: #1172014
- write crypttab entry using UUID
* src/utils/ecryptfs- recover- private: LP: #1028532
- error out, if we fail to mount the private data correctly[ Colin King and Dustin Kirkland ]
* configure.ac, src/daemon/main.c, src/libecryptfs/cmd_ln_ parser. c,
src/libecryptfs/decision_ graph.c, src/utils/ mount.ecryptfs. c,
tests/kernel/ trunc-file/ test.c:
- remove some dead code, fix some minor issues raised by Coverity - 92. By Nobuto Murata
-
* fix an empty update-notifier window (LP: #1107650)
- needed part was dropped accidentally at 102-0ubuntu1 - 91. By Dustin Kirkland
-
[ Tyler Hicks ]
* debian/rules:
- Use dpkg-buildflags to inject distro compiler hardening flags into the
build. This also fixes the hardening-no-fortify- functions lintian
warnings.[ Dustin Kirkland ]
* doc/manpage/ecryptfs- add-passphrase. 1, doc/manpage/ ecryptfsd. 8,
doc/manpage/ecryptfs- find.1, doc/manpage/ ecryptfs- generate- tpm-
key.1, doc/manpage/ecryptfs- insert- wrapped- passphrase- into-
keyring.1, doc/manpage/ecryptfs- manager. 8, doc/manpage/ ecryptfs-
migrate-home.8, doc/manpage/ecryptfs- mount-private. 1,
doc/manpage/ecryptfs- recover- private. 1, doc/manpage/ ecryptfs- rewrap-
passphrase.1, doc/manpage/ecryptfs- rewrite- file.1,
doc/manpage/ecryptfs- setup-private. 1, doc/manpage/ ecryptfs- setup-
swap.1, doc/manpage/ecryptfs- stat.1, doc/manpage/ ecryptfs- umount-
private.1, doc/manpage/ecryptfs- unwrap- passphrase. 1,
doc/manpage/ecryptfs- verify. 1, doc/manpage/ ecryptfs- wrap-
passphrase.1, doc/manpage/Makefile. am, doc/manpage/ mount.ecryptfs. 8,
doc/manpage/mount.ecryptfs_ private. 1, doc/manpage/ pam_ecryptfs. 8,
doc/manpage/umount. ecryptfs. 8,
doc/manpage/umount. ecryptfs_ private. 1, src/desktop/ ecryptfs- find =>
src/utils/ecryptfs- find, src/desktop/ Makefile. am,
src/utils/Makefile. am:
- add 3 new manpages, for ecryptfs-find, ecryptfs-verify, and
ecryptfs-migrate- home
- Add SEE ALSO section to manpages which were missing it
- Mention "Debian and Ubuntu" in license location
- move the ecryptfs-find utility to the proper location in src/utils
* src/utils/Makefile. am:
- fix broken build
* debian/ecryptfs- utils.links:
- link no longer needed for ecryptfs-find[ Colin King ]
* === added directory tests/kernel/mmap-bmap, === added directory
tests/kernel/ xattr, tests/kernel/ link.sh, tests/kernel/ Makefile. am,
tests/kernel/ mknod.sh, tests/kernel/ mmap-bmap. sh, tests/kernel/mmap-
bmap/test.c, tests/kernel/tests.rc, tests/kernel/ xattr.sh,
tests/kernel/ xattr/test. c:
- ran the current eCryptfs tests on 3.8-rc4 with kernel gcov enabled
and spotted a few trivial areas where it would be useful to up the
test coverage on the code
- so here are a few very simple additional tests to exercise eCryptfs
a little further - 90. By Dustin Kirkland
-
[ Dustin Kirkland ]
* debian/control:
- bump standards, no change
* precise[ Tyler Hicks ]
* autogen.sh, scripts/release.sh, Makefile.am:
- Break out the autoreconf and intltoolize commands from release.sh into
an executable autogen.sh
- Use the --copy option when invoking intltoolize
- Include the new autogen.sh script in the release tarball
* debian/rules, debian/control:
- Use dh-autoreconf so that upstream sources can easily be used to build
packages for all the stable Ubuntu releases in the ecryptfs-utils daily
build PPA
- Override the dh_autoreconf target by running the autogen.sh script
- Drop Build-Depends on autotools-dev since dh-autoreconf is a superset of
autotools-dev
- Drop Build-Depends on autoconf, automake, and libtool since
dh-autoreconf depends on all of these packages
* m4/ac_python_devel.m4:
- Fix FTBFS in Raring Ringtail due to multiarch Python. Be sure to include
platform specific Python include directions in SWIG_PYTHON_CPPFLAGS.
* src/utils/mount.ecryptfs_ private. c:
- Fix conditionals when checking whether to remove authentication tokens
from the kernel keyring upon umount. This conditional was incorrectly
modified in ecryptfs-utils-101, yet the authentication tokens still seem
to be removed from the kernel keyring so it isn't clear if there was
actually a user-facing regression.
- Pass the FEKEK sig, rather than the FNEK sig, to
ecryptfs_private_ is_mounted( )
- Restore behavior of not printing error messages to syslog when
unmounting and keys cannot be found in the kernel keyring.
- Restore behavior of printing a useful error message about
ecryptfs-mount-private when mounting and keys cannot be found in the
kernel keyring
- Fix memory leak and clean up free()'s in an error path
- Use pointer assignment tests, rather than strlen(), to determine which
key signatures were fetched
* src/daemon/main.c, src/include/ecryptfs. h,
src/libecryptfs/{Makefile. am,messaging. c,miscdev. c,netlink. c,sysfs. c},
doc/manpage/ecryptfsd. 8, doc/design_ doc/ecryptfs_ design_ doc_v0_ 2.tex:
- Remove netlink messaging interface support
- Netlink messaging support was superceded by the miscdev interface
(/dev/ecryptfs) in upstream kernel version 2.6.26 in July, 2008
- Netlink messaging support was completely removed from the upstream
kernel starting with version 2.6.32 in December, 2009
* src/jprobes/*, scripts/delete- cruft.sh:
- Remove all jprobes code, as I don't use jprobes to debug eCryptfs kernel
issues and I don't like the idea of maintaining these jprobes outside of
the kernel tree
* src/escrow/*:
- Remove all escrow code, as it isn't used or maintained
* tests/kernel/llseek. sh, tests/kernel/ llseek/ test.c,
tests/userspace/ wrap-unwrap. sh, tests/userspace /wrap-unwrap/ test.c:
- Migrate some old testcases over to the modern test framework
* tests/lib/etl_funcs. sh:
- Update etl_create_test_dir( ) to allow a parent directory to be specified
when creating the directory
* src/testcases:
- Delete old testcases that were either too basic, covered by more
extensive tests in the modern test framework, or just didn't work[ Nobuto MURATA ]
* src/desktop/ecryptfs- record- passphrase: - 88. By Nobuto Murata
-
* debian/
patches/ record- passphrase- dialogue- translatable. patch:
- make "Record your encryption passphrase" dialogue translatable
(LP: #982924)
- to workaround lp bug 1075304, removing line breaks(.) in the
dialogue - 87. By Dustin Kirkland
-
[ Eric Lammerts ]
* src/libecryptfs/sysfs. c: LP: #1007880
- Handle NULL mnt pointer when sysfs is not mounted[ Tyler Hicks ]
* src/utils/ecryptfs- migrate- home: LP: #1026180
- Correct minor misspelling
* src/utils/ecryptfs- recover- private: LP: #1004082
- Fix option parsing when --rw is specified
* src/utils/ecryptfs- recover- private: LP: #1028923
- Simplify success message to prevent incorrectly reporting that a
read-only mount was performed when the --rw option is specified
* tests/lib/etl_func. sh:
- Add test library function to return a lower path from an upper path,
based on inode numbers
* tests/kernel/mmap-close. sh, tests/kernel/ mmap-close/ test.c:
- Add regression test for open->mmap()->close( )->dirty memory->munmap()
pattern
* tests/kernel/lp-561129. sh:
- Add test for checking that a pre-existing target inode is properly
evicted after a rename
* tests/README:
- Add documentation on the steps to take when adding new test cases[ Colin King ]
* tests/kernel/lp-911507. sh:
- Add test case for initializing empty lower files during open()
* tests/kernel/lp-872905. sh:
- Add test case to check for proper unlinking of lower files when
lower file initialization fails
* src/key_mod/ecryptfs_ key_mod_ openssl. c,
src/key_mod/ecryptfs_ key_mod_ pkcs11_ helper. c,
src/libecryptfs/key_ management. c,
src/utils/mount.ecryptfs_ private. c, src/utils/ umount. ecryptfs. c:
- address some issues raised by smatch static analysis
- fix some memory leaks with frees
- fix some pointer refs and derefs
- fix some comment typos[ Dustin Kirkland ]
* src/libecryptfs/key_management .c:
- silence pam error message when errno == EACCES
+ "Error attempting to parse .ecryptfsrc file; rc = [-13]"
* src/utils/mount.ecryptfs_ private. c: LP: #1052038
- fix race condition, which typically manifests itself with a user
saying that their home directory is not accessible, or that their
filenames are not decrypted
- the root of the problem is that we were reading the signature file,
~/.ecryptfs/ Private. sig, twice; in some cases, the first one succeeds,
so the file encryption signature is read and key is loaded, but then
some other process (usually from PAM, perhaps a cron job or a
subsequent login) mounts the home directory before the filename
encryption key is loaded; thus, $HOME is mounted but filenames are
not decrypted, so the second read of ~/.ecryptfs/Private. sig fails
as that file is not found
- the solution is to rework the internal fetch_sig() function and read
one or both signatures within a single open/read/close operation of
the file
- free memory used by char **sig on failure
* debian/copyright:
- fix lintian warning
* precise - 86. By Dustin Kirkland
-
[ Tyler Hicks ]
* src/pam_ecryptfs/ pam_ecryptfs. c, src/libecryptfs /key_management .c:
LP: #1024476
- fix regression introduced in ecryptfs-utils-99 when Encrypted
Home/Private is in use and the eCryptfs kernel code is compiled as a
module
- drop check for kernel filename encryption support in pam_ecryptfs, as
appropriate privileges to load the eCryptfs kernel module may not be
available and filename encryption has been supported since 2.6.29
- always add filename encryption key to the kernel keyring from pam mount[ Colin King ]
* tests/kernel/inode-race- stat/test. c:
- limit number of forks based on fd limits
* tests/kernel/enospc. sh, tests/kernel/ enospc/ test.c,
tests/kernel/ Makefile. am, tests/kernel/ tests.rc:
- add test case for ENOSPC[ Tim Harder ]
* m4/ac_python_devel.m4: LP: #1029217
- properly save and restore CPPFLAGS and LIBS when python support is
enabled - 85. By Dustin Kirkland
-
[ Dustin Kirkland ]
* debian/ecryptfs- utils.postinst: LP: #936093
- ensure desktop file is executable
* precise[ Wesley Wiedenmeier ]
* src/utils/mount.ecryptfs. c: LP: #329264
- remove old hack, that worked around a temporary kernel regression;
ensure that all mount memory is mlocked[ Sebastian Krahmer ]
* src/pam_ecryptfs/ pam_ecryptfs. c: LP: #732614
- drop group privileges in the same places that user privileges are
dropped
- check return status of setresuid() calls and return if they fail
- drop privileges before checking for the existence of
~/.ecryptfs/ auto-mount to prevent possible file existence leakage
by a symlink to a path that typically would not be searchable by
the user
- drop privileges before reading salt from the rc file to prevent the
leakage of root's salt and, more importantly, using the incorrect salt
- discovered, independently, by Vasiliy Kulikov and Sebastian Krahmer
* src/pam_ecryptfs/ pam_ecryptfs. c: LP: #1020904
- after dropping privileges, clear the environment before executing the
private eCryptfs mount helper
- discovered by Sebastian Krahmer
* src/utils/mount.ecryptfs_ private. c: LP: #1020904
- do not allow private eCryptfs mount aliases to contain ".." characters
as a preventative measure against a crafted file path being used as an
alias
- force the MS_NOSUID mount flag to protect against user controlled lower
filesystems, such as an auto mounted USB drive, that may contain a
setuid-root binary
+ CVE-2012-3409
- force the MS_NODEV mount flag
- after dropping privileges, clear the environment before executing umount
- discovered by Sebastian Krahmer[ Tyler Hicks ]
* src/libecryptfs/key_management .c: LP: #732614
- zero statically declared buffers to prevent the leakage of stack
contents in the case of a short file read
- discovered by Vasiliy Kulikov
* src/libecryptfs/module_ mgr.c, src/pam_ ecryptfs/ pam_ecryptfs. c:
- fix compiler warnings
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/vivid/ecryptfs-utils