65
|
|
|
Dustin Kirkland |
83-0ubuntu3 |
14 years ago
|
|
|
64
|
|
|
Dustin Kirkland |
83-0ubuntu2 |
14 years ago
|
|
|
63
|
|
[ David Planella ] * Makefile.am, configure.ac, debian/control, debian/po/POTFILES.sh, debian/po/ecryptfs-utils.pot, debian/po/fr.po, debian/rules, po/POTFILES.in, src/desktop/Makefile.am, src/desktop/ecryptfs-mount-private.desktop, src/desktop/ecryptfs-mount-private.desktop.in, src/desktop/ecryptfs-record-passphrase, src/desktop/ecryptfs-setup-private.desktop, src/desktop/ecryptfs-setup-private.desktop.in: - internationalization work for LP: #358283 * po/LINGUAS, po/ca.po: Catalan translation
[ Yan Li <yan.i.li@intel.com> ] * src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am, src/utils/ecryptfs-migrate-home: add a script and pam hooks to support automatic migration to encrypted home directory
[ Dustin Kirkland ] * src/utils/ecryptfs-migrate-home: clean up for merge - use $() rather than `` - drop set -u - use = and !=, and quote vars, rather than testing with -ne, -eq, for better shell portability - improve usage statement and error text - check if already encrypted - handle migration of multiple users on boot - fix all whitespace, use tabs for indents - use quotes around variables, rather than ${} (stylistic preference) - major simplification for immediate release + remove boot and user modes; only support administrator mode for security reasons and to avoid race conditions + other modes can be re-added, if necessary, and if security concerns can be addressed - ensure running as root - drop VERBOSE option, always print useful info messages - call the user $USER_NAME rather than $USER_ID since id implies number, and here we're deailing with names - no decimals on awk calculation - mktemp on the target user, not root - check that there is enough disk space available to do the migration - ensure the user's homedir group is correct - add critical instructions, user *must* login after the migration and before the reboot, as their wrapped passphrase will be cleared on reboot (possible we should use an init script to move these to /var/tmp on reboot) - ensure permissions are set correctly - improve text at the end of the migration, organize into notes * ecryptfs-utils.ecryptfs-utils-restore.upstart, ecryptfs-utils.ecryptfs-utils-save.upstart, rules: - try to protect migrating users who don't login before the next reboot * debian/ecryptfs-utils.install: install the locale messages * src/desktop/ecryptfs-record-passphrase: improve dialog text * src/desktop/ecryptfs-record-passphrase: revert the _ bit, as it's not quite working yet, will need to talk to David to fix * Mark LP: #471725 as fixed
|
Dustin Kirkland |
83-0ubuntu1 |
14 years ago
|
|
|
62
|
|
|
Dustin Kirkland |
82-0ubuntu2 |
14 years ago
|
|
|
61
|
|
|
Dustin Kirkland |
82-0ubuntu1 |
14 years ago
|
|
|
60
|
|
|
Dustin Kirkland |
81-0ubuntu3 |
14 years ago
|
|
|
59
|
|
|
Dustin Kirkland |
81-0ubuntu2 |
14 years ago
|
|
|
58
|
|
|
Dustin Kirkland |
81-0ubuntu1 |
14 years ago
|
|
|
57
|
|
|
Dustin Kirkland |
80-0ubuntu1 |
14 years ago
|
|
|
56
|
|
|
Dustin Kirkland |
79-0ubuntu1 |
14 years ago
|
|
|
55
|
|
|
Dustin Kirkland |
78-0ubuntu1 |
14 years ago
|
|
|
54
|
|
|
James Westby |
77-0ubuntu2 |
14 years ago
|
|
|
53
|
|
[ Dustin Kirkland ] * src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c: revert the zombie code removal from pam_ecryptfs as it seems this bit is still needed; fix the source of the problem introduced in commit r407; check for non-zero return codes; this problem would manifest itself as a) unable to unlock screensaver, b) unable to switch users, c) unable to mount home folder on initial login; LP: #402222, #402029 * src/utils/ecryptfs-umount-private: use for loop to loop over key ids on removal * src/utils/mount.ecryptfs_private.c: return non-zero on unmount failure due to open sessions; handle this in ecryptfs-umount-private too; make the flock() blocking; use /dev/shm for counter; add an iterator to the counter file to prevent users from DoS'ing one another from accessing their encrypted directories, LP: #402745 * debian/ecryptfs-utils.postinst: move /tmp counters to /dev/shm * configure.ac: link against pam, silence shlib warning * src/include/ecryptfs.h, src/libecryptfs/main.c, src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am, src/utils/mount.ecryptfs_private.c: move two functions from mount.ecryptfs_private to libecryptfs, namely is_mounted() and fetch_private_mnt(); use these in both pam_ecryptfs and mount.ecryptfs_private; also move PRIVATE to ECRYPTFS_PRIVATE in the ecryptfs.h headers; this will allow us to short-circuit some of the costly key-loading code on pam_auth if the private dir is already mounted, speeding up some subsequent authentications significantly, LP: #402748 * doc/ecryptfs-mount-private.txt: removed the "$" to make copy-n-paste more user friendly * src/utils/ecryptfs-setup-private: when encrypting home, put the .ecryptfs and .Private data in /home/.ecryptfs rather than /var/lib, as users are forgetting to backup /var/lib, and are often putting /home on a separate partition; furthermore, this gives users a place to access their encrypted data for backup, rather than hiding the data below $HOME, LP: #371719
[ Tyler Hicks ] * src/libecryptfs/cipher_list.c, src/libecryptfs/module_mgr.c: add blowfish/56-bytes to the list of ciphers we officially support, LP: #402790
|
Dustin Kirkland |
77-0ubuntu1 |
14 years ago
|
|
|
52
|
|
|
Dustin Kirkland |
76-0ubuntu2 |
14 years ago
|
|
|
51
|
|
[ Dustin Kirkland ] * src/utils/ecryptfs-setup-swap: switch from vol_id to blkid, LP: #376486 * debian/ecryptfs-utils.postinst, src/utils/ecryptfs-setup-private: don't echo mount passphrase if running in bootstrap mode; prune potential leakages from install log, LP: #383650 * SECURITY UPDATE: mount passphrase recorded in install log (LP: #383650). - debian/ecryptfs-utils.postinst: prune private information from installer log - src/utils/ecryptfs-setup-private: don't echo passphrase if running in bootstrap mode - CVE-2009-1296 * src/utils/ecryptfs-setup-private: make some of the lanuage more readable, (thanks, anrxc) * README, configure.ac, debian/control, debian/rules, doc/sourceforge_webpage/README, src/libecryptfs-swig/libecryptfs.py, src/libecryptfs-swig/libecryptfs_wrap.c, src/libecryptfs/key_management.c, src/libecryptfs/libecryptfs.pc.in, src/libecryptfs/main.c, src/pam_ecryptfs/Makefile.am, src/utils/manager.c, src/utils/mount.ecryptfs.c: move build from gcrypt to nss (this change has been pending for some time) * src/utils/ecryptfs-dot-private: dropped, was too hacky * ecryptfs-mount-private.1, ecryptfs-setup-private.1: align the documentation and implementation of the wrapping-independent feature, LP: #383746 * src/utils/ecryptfs-umount-private: use keyctl list @u, since keyctl show stopped working, LP: #400484, #395082 * src/utils/mount.ecryptfs_private.c: fix counter file locking; solves a longstanding bug about "random" umount caused by cronjobs, LP: #358573
[ Michal Hlavinka (edits by Dustin Kirkland) ] * doc/manpage/ecryptfs-mount-private.1, doc/manpage/ecryptfs-rewrite-file.1, doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs.7, doc/manpage/mount.ecryptfs_private.1, doc/manpage/umount.ecryptfs_private.1: documentation updated to note possible ecryptfs group membership requirements; Fix ecrypfs.7 man page and key_mod_openssl's error message; fix typo * src/libecryptfs/decision_graph.c: put a finite limit (5 tries) on interactive input; fix memory leaks when asking questions * src/libecryptfs/module_mgr.c: Don't error out with EINVAL when verbosity=0 and some options are missing. * src/utils/umount.ecryptfs.c: no error for missing key when removing it * src/libecryptfs-swig/libecryptfs.i: fix compile werror, cast char* * src/utils/ecryptfs_add_passphrase.c: fix/test/use return codes; return nonzero for --fnek when not supported but used * src/include/ecryptfs.h, src/key_mod/ecryptfs_key_mod_openssl.c, src/libecryptfs/module_mgr.c: refuse mounting with too small rsa key (key_mod_openssl) * src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c: fix return codes * src/utils/ecryptfs-rewrite-file: polish output * src/libecryptfs/key_management.c: inform about full keyring; insert fnek sig into keyring if fnek support check fails; don't fail if key already exists in keyring * src/utils/ecryptfs-setup-private: if the ecryptfs group exists, restrict ecryptfs-setup-private to members of this group * src/pam_ecryptfs/pam_ecryptfs.c: dynamically load ecryptfs module by checking ecryptfs version * src/libecryptfs/decision_graph.c, src/utils/io.c, src/utils/mount.ecryptfs.c: fix EOF handling, LP: #371587 * src/desktop/Makefile.am: make desktop files trusted, LP: #371426
[ Dustin Kirkland and Daniel Baumann ] * debian/control, debian/copyright, debian/ecryptfs-utils.dirs, debian/ecryptfs-utils.install, debian/ecryptfs-utils.postinst, debian/rules, ecryptfs-utils.pam-auth-update: sync Ubuntu's packaging with Debian; drop dpatch, drop libssl build dep, clean up extraneous debhelper bits, match cflags; remaining diff is only ecryptfs-utils.prerm
[ Arfrever Frehtes Taifersar Arahesis ] * key_mod/ecryptfs_key_mod_gpg.c, key_mod/ecryptfs_key_mod_pkcs11_helper.c, libecryptfs/key_management.c, utils/ecryptfs_unwrap_passphrase.c: Fix warnings, initialize a few variables, drop unused ones
[ David Hicks ] * src/lib/key_management.c: fix stray semicolon that prevents .ecryptfsrc files from working properly, LP: #372709
[ Michael Rooney ] * src/python/ecryptfsapi.py: added python api
|
Dustin Kirkland |
76-0ubuntu1 |
14 years ago
|
|
|
50
|
|
|
Dustin Kirkland |
75-0ubuntu2 |
14 years ago
|
|
|
49
|
|
[ Dustin Kirkland ] * debian/rules: drop hackery that moves stuff /usr/share/ecryptfs-utils * src/utils/mount.ecryptfs_private.c: update inline documentation * debian/changelog, src/libecryptfs/cmd_ln_parser.c, src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c, src/utils/ecryptfs_add_passphrase.c, src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c, src/utils/ecryptfs_rewrap_passphrase.c, src/utils/ecryptfs_unwrap_passphrase.c, src/utils/ecryptfs_wrap_passphrase.c: silence some useless logging, LP: #313330 * include/ecryptfs.h, libecryptfs/key_management.c, utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c, utils/ecryptfs_unwrap_passphrase.c: if the file to unwrap is unspecified, try to use the default ~/.ecryptfs/wrapped-passphrase before bailing out, LP: #359997 * src/utils/ecryptfs-setup-private: unix_chkpwd is not always present (eg, gentoo), LP: #332341
[ Tyler Hicks ] * doc/manpage/ecryptfs.7: ecryptfs_encrypted_view option desription was wrong LP: #328761
[ Michal Hlavinka ] * decision_graph.c: fix uninitialized return code * mount.ecryptfs.c: don't pass verbosity option to kernel
[ anrxc & Dustin Kirkland ] * doc/Makefile.am, src/desktop/Makefile.am: fix automake installation from /usr/share to /usr/share/ecryptfs-utils
[ Daniel Baumann & Dustin Kirkland ] * debian/rules, debian/control: sync differences between Debian & Ubuntu's packaging
[ Arfrever Frehtes Taifersar Arahesis ] * src/key_mod/ecryptfs_key_mod_gpg.c, src/key_mod/ecryptfs_key_mod_pkcs11_helper.c: fix implicit declations
[ Frédéric Guihéry ] * key_mod/ecryptfs_key_mod_tspi.c, utils/ecryptfs_generate_tpm_key.c: the SRK password should be set to 20 bytes of NULL (wellknown password), in order for different tools to request key protection with the Storage Root Key
|
Dustin Kirkland |
75-0ubuntu1 |
14 years ago
|
|
|
48
|
|
|
Dustin Kirkland |
73-0ubuntu6 |
14 years ago
|
|
|
47
|
|
|
Dustin Kirkland |
73-0ubuntu5 |
14 years ago
|
|
|
46
|
|
|
Martin Pitt |
73-0ubuntu4 |
14 years ago
|
|
|