lp://staging/ubuntu/trusty-security/ecryptfs-utils

Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp://staging/ubuntu/trusty-security/ecryptfs-utils
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

94. By Tyler Hicks

* SECURITY UPDATE: Mount passphrase wrapped with a default salt value
  - debian/patches/CVE-2014-9687.patch: Generate a random salt when wrapping
    the mount passphrase. If a user has a mount passphrase that was wrapped
    using the default salt, their mount passphrase will be rewrapped using a
    random salt when they log in with their password.
  - debian/patches/CVE-2014-9687.patch: Create a temporary file when
    creating a new wrapped-passphrase file and copy it to its final
    destination after the file has been fully synced to disk (LP: #1020902)
  - debian/rules: Set the executable bit on the
    v1-to-v2-wrapped-passphrase.sh test script that was created by
    wrapping-passphrase-salt.patch
  - CVE-2014-9687

93. By Nobuto Murata

[ Colin King ]
* src/libecryptfs/ecryptfs-stat.c, tests/kernel/extend-file-
  random/test.c, tests/kernel/inode-race-stat/test.c,
  tests/kernel/trunc-file/test.c:
  - Fixed some 32 bit build warnings
* src/libecryptfs/decision_graph.c, src/libecryptfs/key_management.c,
  src/libecryptfs/main.c, src/libecryptfs/module_mgr.c, src/utils/io.c,
  src/utils/mount.ecryptfs_private.c, tests/kernel/inotify/test.c,
  tests/kernel/trunc-file/test.c, tests/userspace/wrap-unwrap/test.c:
  - Fixed a pile of minor bugs (memory leaks, unclosed file descriptors,
    etc.) mostly in error paths
* src/key_mod/ecryptfs_key_mod_passphrase.c, src/libecryptfs/main.c,
  src/pam_ecryptfs/pam_ecryptfs.c:
  - more Coverity fixes, memory leak, error checking, etc.

[ Nobuto MURATA ]
* fix an empty update-notifier window (LP: #1107650)
  - changes made in Rev.758 was incomplete

[ Tyler Hicks ]
* doc/manpage/ecryptfs.7:
  - adjust man page text to avoid confusion about whether the interactive
    mount helper takes a capital 'N' for the answer to y/n questions
    (LP: #1130460)
* src/utils/ecryptfs_rewrap_passphrase.c:
  - Handle errors when interactively reading the new wrapping passphrase
    and the confirmation from stdin. Fixes a segfault (invalid memory read)
    in ecryptfs-rewrap-passphrase if there was an error while reading either
    of these passphrases.
* configure.ac:
  - Set AM_CPPFLAGS to always include config.h as the first include file.
    Some .c files correctly included config.h before anything else. The
    majority of .c files got this wrong by including it after other header
    files, including it multiple times, or not including it at all.
    Including it in the AM_CPPFLAGS should solve these problems and keep
    future mistakes from happening in new source files.
  - Enable large file support (LFS) through the use of the AC_SYS_LARGEFILE
    autoconf macro. ecryptfs-utils has been well tested with LFS enabled
    because ecryptfs-utils is being built with
    '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' in Debian-based distros.
    This is mainly needed for some of the in-tree regression tests but
    ecryptfs-utils, in general, should be built with LFS enabled.
* debian/rules:
  - Don't append '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' to the CFLAGS
    now that the upstream build enables LFS
* tests/userspace/lfs.sh, tests/userspace/lfs/test.c:
  - Add a test to verify that LFS is enabled. This test is run under the
    make check target.
* tests/kernel/enospc/test.c:
  - Fix test failures on 32 bit architectures due to large file sizes
    overflowing data types

[ Dustin Kirkland ]
* src/utils/ecryptfs-setup-swap: LP: #1172014
  - write crypttab entry using UUID
* src/utils/ecryptfs-recover-private: LP: #1028532
  - error out, if we fail to mount the private data correctly

[ Colin King and Dustin Kirkland ]
* configure.ac, src/daemon/main.c, src/libecryptfs/cmd_ln_parser.c,
  src/libecryptfs/decision_graph.c, src/utils/mount.ecryptfs.c,
  tests/kernel/trunc-file/test.c:
  - remove some dead code, fix some minor issues raised by Coverity

92. By Nobuto Murata

* fix an empty update-notifier window (LP: #1107650)
  - needed part was dropped accidentally at 102-0ubuntu1

91. By Dustin Kirkland 

[ Tyler Hicks ]
* debian/rules:
  - Use dpkg-buildflags to inject distro compiler hardening flags into the
    build. This also fixes the hardening-no-fortify-functions lintian
    warnings.

[ Dustin Kirkland ]
* doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
  doc/manpage/ecryptfs-find.1, doc/manpage/ecryptfs-generate-tpm-
  key.1, doc/manpage/ecryptfs-insert-wrapped-passphrase-into-
  keyring.1, doc/manpage/ecryptfs-manager.8, doc/manpage/ecryptfs-
  migrate-home.8, doc/manpage/ecryptfs-mount-private.1,
  doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
  passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
  doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
  swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
  private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
  doc/manpage/ecryptfs-verify.1, doc/manpage/ecryptfs-wrap-
  passphrase.1, doc/manpage/Makefile.am, doc/manpage/mount.ecryptfs.8,
  doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8,
  doc/manpage/umount.ecryptfs.8,
  doc/manpage/umount.ecryptfs_private.1, src/desktop/ecryptfs-find =>
  src/utils/ecryptfs-find, src/desktop/Makefile.am,
  src/utils/Makefile.am:
  - add 3 new manpages, for ecryptfs-find, ecryptfs-verify, and
    ecryptfs-migrate-home
  - Add SEE ALSO section to manpages which were missing it
  - Mention "Debian and Ubuntu" in license location
  - move the ecryptfs-find utility to the proper location in src/utils
* src/utils/Makefile.am:
  - fix broken build
* debian/ecryptfs-utils.links:
  - link no longer needed for ecryptfs-find

[ Colin King ]
* === added directory tests/kernel/mmap-bmap, === added directory
  tests/kernel/xattr, tests/kernel/link.sh, tests/kernel/Makefile.am,
  tests/kernel/mknod.sh, tests/kernel/mmap-bmap.sh, tests/kernel/mmap-
  bmap/test.c, tests/kernel/tests.rc, tests/kernel/xattr.sh,
  tests/kernel/xattr/test.c:
  - ran the current eCryptfs tests on 3.8-rc4 with kernel gcov enabled
    and spotted a few trivial areas where it would be useful to up the
    test coverage on the code
  - so here are a few very simple additional tests to exercise eCryptfs
    a little further

90. By Dustin Kirkland 

[ Dustin Kirkland ]
* debian/control:
  - bump standards, no change
* precise

[ Tyler Hicks ]
* autogen.sh, scripts/release.sh, Makefile.am:
  - Break out the autoreconf and intltoolize commands from release.sh into
    an executable autogen.sh
  - Use the --copy option when invoking intltoolize
  - Include the new autogen.sh script in the release tarball
* debian/rules, debian/control:
  - Use dh-autoreconf so that upstream sources can easily be used to build
    packages for all the stable Ubuntu releases in the ecryptfs-utils daily
    build PPA
  - Override the dh_autoreconf target by running the autogen.sh script
  - Drop Build-Depends on autotools-dev since dh-autoreconf is a superset of
    autotools-dev
  - Drop Build-Depends on autoconf, automake, and libtool since
    dh-autoreconf depends on all of these packages
* m4/ac_python_devel.m4:
  - Fix FTBFS in Raring Ringtail due to multiarch Python. Be sure to include
    platform specific Python include directions in SWIG_PYTHON_CPPFLAGS.
* src/utils/mount.ecryptfs_private.c:
  - Fix conditionals when checking whether to remove authentication tokens
    from the kernel keyring upon umount. This conditional was incorrectly
    modified in ecryptfs-utils-101, yet the authentication tokens still seem
    to be removed from the kernel keyring so it isn't clear if there was
    actually a user-facing regression.
  - Pass the FEKEK sig, rather than the FNEK sig, to
    ecryptfs_private_is_mounted()
  - Restore behavior of not printing error messages to syslog when
    unmounting and keys cannot be found in the kernel keyring.
  - Restore behavior of printing a useful error message about
    ecryptfs-mount-private when mounting and keys cannot be found in the
    kernel keyring
  - Fix memory leak and clean up free()'s in an error path
  - Use pointer assignment tests, rather than strlen(), to determine which
    key signatures were fetched
* src/daemon/main.c, src/include/ecryptfs.h,
  src/libecryptfs/{Makefile.am,messaging.c,miscdev.c,netlink.c,sysfs.c},
  doc/manpage/ecryptfsd.8, doc/design_doc/ecryptfs_design_doc_v0_2.tex:
  - Remove netlink messaging interface support
  - Netlink messaging support was superceded by the miscdev interface
    (/dev/ecryptfs) in upstream kernel version 2.6.26 in July, 2008
  - Netlink messaging support was completely removed from the upstream
    kernel starting with version 2.6.32 in December, 2009
* src/jprobes/*, scripts/delete-cruft.sh:
  - Remove all jprobes code, as I don't use jprobes to debug eCryptfs kernel
    issues and I don't like the idea of maintaining these jprobes outside of
    the kernel tree
* src/escrow/*:
  - Remove all escrow code, as it isn't used or maintained
* tests/kernel/llseek.sh, tests/kernel/llseek/test.c,
  tests/userspace/wrap-unwrap.sh, tests/userspace/wrap-unwrap/test.c:
  - Migrate some old testcases over to the modern test framework
* tests/lib/etl_funcs.sh:
  - Update etl_create_test_dir() to allow a parent directory to be specified
    when creating the directory
* src/testcases:
  - Delete old testcases that were either too basic, covered by more
    extensive tests in the modern test framework, or just didn't work

[ Nobuto MURATA ]
* src/desktop/ecryptfs-record-passphrase:

89. By Dimitri John Ledkov

Fix FTBFS: multiarched python2.7 paths.

88. By Nobuto Murata

* debian/patches/record-passphrase-dialogue-translatable.patch:
  - make "Record your encryption passphrase" dialogue translatable
    (LP: #982924)
  - to workaround lp bug 1075304, removing line breaks(.) in the
    dialogue

87. By Dustin Kirkland 

[ Eric Lammerts ]
* src/libecryptfs/sysfs.c: LP: #1007880
  - Handle NULL mnt pointer when sysfs is not mounted

[ Tyler Hicks ]
* src/utils/ecryptfs-migrate-home: LP: #1026180
  - Correct minor misspelling
* src/utils/ecryptfs-recover-private: LP: #1004082
  - Fix option parsing when --rw is specified
* src/utils/ecryptfs-recover-private: LP: #1028923
  - Simplify success message to prevent incorrectly reporting that a
    read-only mount was performed when the --rw option is specified
* tests/lib/etl_func.sh:
  - Add test library function to return a lower path from an upper path,
    based on inode numbers
* tests/kernel/mmap-close.sh, tests/kernel/mmap-close/test.c:
  - Add regression test for open->mmap()->close()->dirty memory->munmap()
    pattern
* tests/kernel/lp-561129.sh:
  - Add test for checking that a pre-existing target inode is properly
    evicted after a rename
* tests/README:
  - Add documentation on the steps to take when adding new test cases

[ Colin King ]
* tests/kernel/lp-911507.sh:
  - Add test case for initializing empty lower files during open()
* tests/kernel/lp-872905.sh:
  - Add test case to check for proper unlinking of lower files when
    lower file initialization fails
* src/key_mod/ecryptfs_key_mod_openssl.c,
  src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
  src/libecryptfs/key_management.c,
  src/utils/mount.ecryptfs_private.c, src/utils/umount.ecryptfs.c:
  - address some issues raised by smatch static analysis
  - fix some memory leaks with frees
  - fix some pointer refs and derefs
  - fix some comment typos

[ Dustin Kirkland ]
* src/libecryptfs/key_management.c:
  - silence pam error message when errno == EACCES
    + "Error attempting to parse .ecryptfsrc file; rc = [-13]"
* src/utils/mount.ecryptfs_private.c: LP: #1052038
  - fix race condition, which typically manifests itself with a user
    saying that their home directory is not accessible, or that their
    filenames are not decrypted
  - the root of the problem is that we were reading the signature file,
    ~/.ecryptfs/Private.sig, twice; in some cases, the first one succeeds,
    so the file encryption signature is read and key is loaded, but then
    some other process (usually from PAM, perhaps a cron job or a
    subsequent login) mounts the home directory before the filename
    encryption key is loaded; thus, $HOME is mounted but filenames are
    not decrypted, so the second read of ~/.ecryptfs/Private.sig fails
    as that file is not found
  - the solution is to rework the internal fetch_sig() function and read
    one or both signatures within a single open/read/close operation of
    the file
  - free memory used by char **sig on failure
* debian/copyright:
  - fix lintian warning
* precise

86. By Dustin Kirkland 

[ Tyler Hicks ]
* src/pam_ecryptfs/pam_ecryptfs.c, src/libecryptfs/key_management.c:
    LP: #1024476
  - fix regression introduced in ecryptfs-utils-99 when Encrypted
    Home/Private is in use and the eCryptfs kernel code is compiled as a
    module
  - drop check for kernel filename encryption support in pam_ecryptfs, as
    appropriate privileges to load the eCryptfs kernel module may not be
    available and filename encryption has been supported since 2.6.29
  - always add filename encryption key to the kernel keyring from pam mount

[ Colin King ]
* tests/kernel/inode-race-stat/test.c:
  - limit number of forks based on fd limits
* tests/kernel/enospc.sh, tests/kernel/enospc/test.c,
  tests/kernel/Makefile.am, tests/kernel/tests.rc:
  - add test case for ENOSPC

[ Tim Harder ]
* m4/ac_python_devel.m4: LP: #1029217
  - properly save and restore CPPFLAGS and LIBS when python support is
    enabled

85. By Dustin Kirkland 

[ Dustin Kirkland ]
* debian/ecryptfs-utils.postinst: LP: #936093
  - ensure desktop file is executable
* precise

[ Wesley Wiedenmeier ]
* src/utils/mount.ecryptfs.c: LP: #329264
  - remove old hack, that worked around a temporary kernel regression;
    ensure that all mount memory is mlocked

[ Sebastian Krahmer ]
* src/pam_ecryptfs/pam_ecryptfs.c: LP: #732614
  - drop group privileges in the same places that user privileges are
    dropped
  - check return status of setresuid() calls and return if they fail
  - drop privileges before checking for the existence of
    ~/.ecryptfs/auto-mount to prevent possible file existence leakage
    by a symlink to a path that typically would not be searchable by
    the user
  - drop privileges before reading salt from the rc file to prevent the
    leakage of root's salt and, more importantly, using the incorrect salt
  - discovered, independently, by Vasiliy Kulikov and Sebastian Krahmer
* src/pam_ecryptfs/pam_ecryptfs.c: LP: #1020904
  - after dropping privileges, clear the environment before executing the
    private eCryptfs mount helper
  - discovered by Sebastian Krahmer
* src/utils/mount.ecryptfs_private.c: LP: #1020904
  - do not allow private eCryptfs mount aliases to contain ".." characters
    as a preventative measure against a crafted file path being used as an
    alias
  - force the MS_NOSUID mount flag to protect against user controlled lower
    filesystems, such as an auto mounted USB drive, that may contain a
    setuid-root binary
    + CVE-2012-3409
  - force the MS_NODEV mount flag
  - after dropping privileges, clear the environment before executing umount
  - discovered by Sebastian Krahmer

[ Tyler Hicks ]
* src/libecryptfs/key_management.c: LP: #732614
  - zero statically declared buffers to prevent the leakage of stack
    contents in the case of a short file read
  - discovered by Vasiliy Kulikov
* src/libecryptfs/module_mgr.c, src/pam_ecryptfs/pam_ecryptfs.c:
  - fix compiler warnings

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://staging/ubuntu/vivid/ecryptfs-utils
This branch contains Public information 
Everyone can see this information.

Subscribers