← Back to branch summary

~ubuntu-branches/ubuntu/precise/ecryptfs-utils/precise-updates

« back to all changes in this revision

Viewing changes to src/include/ecryptfs.h

  • Committer: Package Import Robot
  • Author(s): Tyler Hicks
  • Date: 2015-03-04 16:38:14 UTC
  • mfrom: (82.1.1 precise-proposed)
  • Revision ID: package-import@ubuntu.com-20150304163814-reueti8cs55usmm1
Tags: 96-0ubuntu3.4
https://launchpad.net/bugs/1020902
* SECURITY UPDATE: Mount passphrase wrapped with a default salt value
  - debian/patches/CVE-2014-9687.patch: Generate a random salt when wrapping
    the mount passphrase. If a user has a mount passphrase that was wrapped
    using the default salt, their mount passphrase will be rewrapped using a
    random salt when they log in with their password.
  - debian/patches/CVE-2014-9687.patch: Create a temporary file when
    creating a new wrapped-passphrase file and copy it to its final
    destination after the file has been fully synced to disk (LP: #1020902)
  - debian/rules: Set the executable bit on the wrap-unwrap.sh and
    v1-to-v2-wrapped-passphrase.sh test scripts that were created by
    wrapping-passphrase-salt.patch
  - CVE-2014-9687

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/include/ecryptfs.h
573
573
int ecryptfs_check_sig(char *auth_tok_sig, char *sig_cache_filename,
574
574
                       int *flags);
575
575
int ecryptfs_append_sig(char *auth_tok_sig, char *sig_cache_filename);
 
576
int __ecryptfs_detect_wrapped_passphrase_file_version(const char *filename,
 
577
                                                      uint8_t *version);
576
578
int ecryptfs_wrap_passphrase_file(char *dest, char *wrapping_passphrase,
577
579
                             char *wrapping_salt, char *src);
578
580
int ecryptfs_wrap_passphrase(char *filename, char *wrapping_passphrase,
579
 
                             char *wrapping_salt, char *decrypted_passphrase);
 
581
                             char *unused, char *decrypted_passphrase);
580
582
int ecryptfs_unwrap_passphrase(char *decrypted_passphrase, char *filename,
581
583
                               char *wrapping_passphrase, char *wrapping_salt);
582
584
int ecryptfs_insert_wrapped_passphrase_into_keyring(