-
Committer:
Tyler Hicks
-
Date:
2015-03-10 16:58:50 UTC
-
mfrom:
(837.2.19 salt)
-
Revision ID:
tyhicks@canonical.com-20150310165850-lmkhbjwcz3jfq9c4
* Introduce the version 2 wrapped-passphrase file format. It adds the
ability to combine a randomly generated salt with the wrapping password
(typically, a user's login password) prior to performing key
strengthening. The version 2 file format is considered to be a
intermediate step in strengthening the wrapped-passphrase files of
existing encrypted home/private users. Support for reading/writing version
2 wrapped-passphrase files and transparent migration, through
pam_ecryptfs, from version 1 to version 2 files is considered safe enough
to backport to stable distro releases. The libecryptfs ABI around
wrapped-passphrase file handling is not broken.
- CVE-2014-9687
* Run wrap-unwrap.sh test as part of the make check target.
* Add a new test, called v1-to-v2-wrapped-passphrase.sh, which is suitable
for the make check target and verifies v1 to v2 wrapped-passphrase file
migration.
* Create a temporary file when creating a new wrapped-passphrase file and
copy it to its final destination after the file has been fully synced to
disk (LP: #1020902)