87
|
|
|
Tyler Hicks |
100-0ubuntu1.1 |
11 years ago
|
|
|
86
|
|
|
Dustin Kirkland |
100-0ubuntu1 |
11 years ago
|
|
|
85
|
|
[ Dustin Kirkland ] * debian/ecryptfs-utils.postinst: LP: #936093 - ensure desktop file is executable * precise
[ Wesley Wiedenmeier ] * src/utils/mount.ecryptfs.c: LP: #329264 - remove old hack, that worked around a temporary kernel regression; ensure that all mount memory is mlocked
[ Sebastian Krahmer ] * src/pam_ecryptfs/pam_ecryptfs.c: LP: #732614 - drop group privileges in the same places that user privileges are dropped - check return status of setresuid() calls and return if they fail - drop privileges before checking for the existence of ~/.ecryptfs/auto-mount to prevent possible file existence leakage by a symlink to a path that typically would not be searchable by the user - drop privileges before reading salt from the rc file to prevent the leakage of root's salt and, more importantly, using the incorrect salt - discovered, independently, by Vasiliy Kulikov and Sebastian Krahmer * src/pam_ecryptfs/pam_ecryptfs.c: LP: #1020904 - after dropping privileges, clear the environment before executing the private eCryptfs mount helper - discovered by Sebastian Krahmer * src/utils/mount.ecryptfs_private.c: LP: #1020904 - do not allow private eCryptfs mount aliases to contain ".." characters as a preventative measure against a crafted file path being used as an alias - force the MS_NOSUID mount flag to protect against user controlled lower filesystems, such as an auto mounted USB drive, that may contain a setuid-root binary + CVE-2012-3409 - force the MS_NODEV mount flag - after dropping privileges, clear the environment before executing umount - discovered by Sebastian Krahmer
[ Tyler Hicks ] * src/libecryptfs/key_management.c: LP: #732614 - zero statically declared buffers to prevent the leakage of stack contents in the case of a short file read - discovered by Vasiliy Kulikov * src/libecryptfs/module_mgr.c, src/pam_ecryptfs/pam_ecryptfs.c: - fix compiler warnings
|
Dustin Kirkland |
99-0ubuntu1 |
11 years ago
|
|
|
84
|
|
[ Dustin Kirkland ] * debian/ecryptfs-utils.prerm: - drop the pre-removal ERRORs down to WARNINGs - these have caused a ton of trouble; whatever is causing ecryptfs-utils to be marked for removal should be fixed; but ecryptfs exiting 1 seems to be causing more trouble than it's worth - LP: #871021, #812270, #988960, #990630, #995381, #1010961 * doc/ecryptfs-faq.html: - update the frequently asked questions, which haven't seen much attention in a while now - drop a few references to sourceforge * doc/ecryptfs-pam-doc.txt, doc/manpage/fr/ecryptfs-add-passphrase.1, doc/manpage/fr/ecryptfs-generate-tpm-key.1, doc/manpage/fr/ecryptfs- insert-wrapped-passphrase-into-keyring.1, doc/manpage/fr/ecryptfs- mount-private.1, doc/manpage/fr/ecryptfs-rewrap-passphrase.1, doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs- umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1, doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs- zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1, doc/sourceforge_webpage/ecryptfs-article.pdf, doc/sourceforge_webpage/ecryptfs_design_doc_v0_1.pdf, doc/sourceforge_webpage/ecryptfs-faq.html, doc/sourceforge_webpage/ecryptfs-key-diagram-356.png, doc/sourceforge_webpage/ecryptfs-key-diagram-640.png, doc/sourceforge_webpage/ecryptfs-pageuptodate-call-graph.png, doc/sourceforge_webpage/ecryptfs-pam-doc.txt, doc/sourceforge_webpage/ecryptfs.pdf, doc/sourceforge_webpage/index.html, doc/sourceforge_webpage/README, === removed directory doc/manpage/fr, === removed directory doc/sourceforge_webpage, rpm/ecryptfs-utils.spec: - remove some deprecated documentation - fish it out of bzr, if we ever need it again, but let's quit publishing it in our release tarballs * precise
|
Dustin Kirkland |
98-0ubuntu1 |
11 years ago
|
|
|
83
|
|
[ Kees Cook ] * src/pam_ecryptfs/pam_ecryptfs.c: LP: #938326 - exit, rather than return to prevent duplicate processes
[ Andreas Raster ] * src/desktop/ecryptfs-find: - $mounts was quoted once too often
[ George Wilson ] * src/key_mod/ecryptfs_key_mod_openssl.c, src/key_mod/ecryptfs_key_mod_pkcs11_helper.c, src/key_mod/ecryptfs_key_mod_tspi.c: LP: #937331 - IBM would like to grant a license exception for key modules that require linking to OpenSSL. The change should make the modules shippable by Linux distributions
[ Dustin Kirkland ] * debian/copyright: - note the GPLv2 SSL exception granted by IBM for the key modules * debian/control, debian/copyright, doc/manpage/ecryptfs.7, doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8, doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs- insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs- manager.8, doc/manpage/ecryptfs-mount-private.1, doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap- passphrase.1, doc/manpage/ecryptfs-rewrite-file.1, doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup- swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount- private.1, doc/manpage/ecryptfs-unwrap-passphrase.1, doc/manpage/ecryptfs-wrap-passphrase.1, doc/manpage/mount.ecryptfs.8, doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8, doc/manpage/umount.ecryptfs.8, doc/manpage/umount.ecryptfs_private.1, README, src/utils/mount.ecryptfs.c: - use the new ecryptfs.org website where appropriate * debian/control: - update to suggest zescrow-client * precise
[ Sergio Peña ] * src/libecryptfs/cipher_list.c: LP: #922821 - add the new name of the blowfish cipher (linux >= 3.2) * src/include/ecryptfs.h, src/libecryptfs/main.c, src/utils/mount.ecryptfs.c: LP: #917509 - use execl() to mount ecryptfs - this allows us to support any arbitrary mount options in /etc/fstab
[ Tyler Hicks ] * doc/manpage/ecryptfs.7: - Remove the note saying that the passphrase and openssl key modules are available by default. That's true upstream but not always true in distro builds. * tests/run_tests.sh: - Make upper and lower mount point arguments optional by automatically creating directories in /tmp by default. - Make it possible to run only userspace tests without having to specify unused mount information - Accept a comma-separated list of lower filesystems to test on and loop through all kernel tests for each lower filesystem - Accept a comma-separated list of tests to run * tests/lib/etl_funcs.sh: - Unset $ETL_DISK just before etl_remove_disk() successfully returns * tests/userspace/Makefile.am: - Also build 'make check' tests when building with --enable-tests * include/ecryptfs.h, libecryptfs/Makefile.am, libecryptfs/cipher_list.c, libecryptfs/module_mgr.c, utils/io.h: LP: #994813 - remove overly complicated implementation to detect what ciphers are supported by the currently running kernel's crypto api - prompt for the entire supported cipher list, if the user selects a cipher that their kernel doesn't support, the mount will fail and the kernel will write an error message to the syslog * src/libecryptfs/module_mgr.c: - Use correct blowfish block size when displaying supported ciphers to the user * tests/kernel/lp-1009207.sh, tests/kernel/Makefile.am, tests/kernel/tests.rc: - Add simple test case for incorrect handling of umask and default POSIX ACL masks * tests/kernel/lp-994247.sh, tests/kernel/lp-994247/test.c, tests/kernel/Makefile.am, tests/kernel/tests.rc: - Add test case for incorrect handling of open /dev/ecryptfs file descriptors that are passed or inherited by other processes
[ Colin King ] * tests/lib/etl_funcs.sh: - etl_lumount() should use DST rather than SRC dir so it can run on Lucid - use file system appropriate mkfs force flag - cater for correct ext2 default mount flags * tests/kernel/lp-509180.sh, tests/kernel/lp-509180/test.c: - test for trailing garbage at end of files * tests/kernel/lp-524919.sh, tests/kernel/lp-524919/test.c: - test case for checking lstat/readlink size * tests/kernel/lp-870326.sh, tests/kernel/lp-870326/test.c: - test case for open(), mmap(), close(), modify mmap'd region * tests/kernel/lp-469664.sh: - test case for lsattr * tests/kernel/lp-613873.sh: - test case for stat modify time * tests/kernel/lp-745836.sh: - test case for clearing ECRYPTFS_NEW_FILE flag during truncate * tests/lib/etl_funcs.sh, tests/kernel/extend-file-random.sh, tests/kernel/trunc-file.sh (LP: #1007159): - Add test library function for estimating available space in lower fs - Use new library function in tests that need to create large files
[ Colin Watson ] * src/utils/ecryptfs-setup-swap: Skip /dev/zram* swap devices LP: #979350
[ Serge Hallyn ] * src/utils/mount.ecryptfs_private.c: - EoL fixes
|
Dustin Kirkland |
97-0ubuntu1 |
11 years ago
|
|
|
82
|
|
|
Colin Watson |
96-0ubuntu3 |
12 years ago
|
|
|
81
|
|
|
Kees Cook |
96-0ubuntu2 |
12 years ago
|
|
|
80
|
|
[ Dustin Kirkland ] * CONTRIBUTING: - added a new file to describe how to contribute to ecryptfs * === added directory img/old, img/old/ecryptfs_14.png, img/old/ecryptfs_192.png, img/old/ecryptfs_64.png: - saving the old logos/branding for posterity * debian/copyright, img/COPYING: - added CC-by-SA 3.0 license - use the text version * img/ecryptfs_14.png, img/ecryptfs_192.png, img/ecryptfs_64.png: - added scaled copies of images used for Launchpad.net branding * src/utils/ecryptfs-recover-private: LP: #847505 - add an option to allow user to enter the mount passphrase, in case they've recorded that, but forgotten their login passphrase * src/libecryptfs/sysfs.c: LP: #802197 - default sysfs to /sys, if not found in /etc/mtab - it seems that reading /etc/mtab for this is outdated - ensure that ecryptfs works even if there is no sysfs entry in /etc/mtab * src/key_mod/ecryptfs_key_mod_tspi.c: LP: #462225 - fix TPM and string_to_uuid 64bits issue - thanks to Janos for the patch * precise
[ Tyler Hicks ] * CONTRIBUTING: - clarified how to contribute to the ecryptfs kernel module * tests/lib/etl_funcs.sh: - created eCryptfs test library of bash functions for use in test cases and test harnesses * test/etl_add_passphrase_key_to_keyring.c: - created a C helper program to allow bash scripts to interface to the libecryptfs function that adds passphrase-based keys to the kernel keyring * tests/kernel/tests.rc, tests/userspace/tests.rc: - created a test case category files for test harnesses to source when running testcases of a certain category (destructive, safe, etc.) * tests/run_tests.sh: - created a test harness to run eCryptfs test cases * tests/kernel/miscdev-bad-count.sh, tests/kernel/miscdev-bad-count/test.c: - created test case for miscdev issue reported to mailing list * tests/kernel/lp-885744.sh: - created test case for pathconf bug * tests/kernel/lp-926292.sh: - created test case for checking stale inode attrs after setxattr * tests/new.sh: - created new test case template to copy from * tests/userspace/verify-passphrase-sig.sh, tests/userspace/verify-passphrase-sig/test.c: - created test case, for make check, to test the creation of passphrase-based fekeks and signatures * configure.ac, Makefile.am, tests/Makefile.am, tests/lib/Makefile.am, tests/kernel/Makefile.am, tests/userspace/Makefile.am: - updated and created autoconf/automake files to build the new tests directory - added make check target
[ Eddie Garcia ] * img/*: LP: #907131 - contributing a new set of logos and branding under the CC-by-SA3.0 license
[ Colin King ] * tests/kernel/extend-file-random.sh, tests/kernel/extend-file-random/test.c: - Test to randomly extend file size, read/write + unlink * tests/kernel/trunc-file.sh, tests/kernel/trunc-file/test.c: - Test to exercise file truncation * tests/kernel/directory-concurrent.sh, tests/kernel/directory-concurrent/test.c: - test for directory creation/deletion races with multiple processes * tests/kernel/file-concurrent.sh, tests/kernel/file-concurrent/test.c: - test for file creation/truncation/unlink races with multiple processes * tests/kernel/inotify.sh, tests/kernel/inotify/test.c: - test for proper inotify support * tests/kernel/mmap-dir.sh, tests/kernel/mmap-dir/test.c: - test that directory files cannot be mmap'ed * tests/kernel/read-dir.sh, tests/kernel/read-dir/test.c: - test that read() on directory files returns the right error * tests/kernel/setattr-flush-dirty.sh: - test that the modified timestamp isn't clobbered in writeback * tests/kernel/inode-race-stat.sh, tests/kernel/inode-race-stat/test.c: - test for inode initialization race condition
|
Dustin Kirkland |
96-0ubuntu1 |
12 years ago
|
|
|
79
|
|
[ Serge Hallyn ] * fix infinite loop on arm: fgetc returns an int, and -1 at end of options. Arm makes char unsigned. (LP: #884407)
[ Dustin Kirkland ] * debian/compat, debian/control, debian/ecryptfs-utils.install, debian/ecryptfs-utils.lintian-overrides, debian/libecryptfs0.install, debian/libecryptfs-dev.install, debian/lintian/ecryptfs-utils, debian/python-ecryptfs.install, debian/rules, debian/source/options, doc/ecryptfs-pam-doc.txt, doc/manpage/ecryptfs-setup-private.1, lintian/ecryptfs-utils, === removed directory debian/lintian: - merge a bunch of packaging changes from Debian's Daniel Baumann * scripts/release.sh: - minor release fixes
|
Dustin Kirkland |
95-0ubuntu1 |
12 years ago
|
|
|
78
|
|
[ Dustin Kirkland ] * scripts/release.sh: - fix release script - bump ubuntu release * doc/manpage/ecryptfs-recover-private.1, src/utils/ecryptfs-migrate- home (properties changed: -x to +x), src/utils/ecryptfs-recover- private: - add a --rw option for ecryptfs-recover-private * src/utils/ecryptfs-migrate-home: LP: #820416 - show progress on rsync * debian/ecryptfs-utils.ecryptfs-utils-restore.upstart, debian/ecryptfs-utils.ecryptfs-utils-save.upstart, src/utils/ecryptfs-migrate-home, src/utils/ecryptfs-setup-private: LP: #883238 - remove 2 upstart scripts, which attempted to "save" users who didn't login after migrating their home; instead, we now require the root user to enter user passwords at migration time * debian/copyright, debian/ecryptfs-utils.ecryptfs-utils- restore.upstart, debian/ecryptfs-utils.ecryptfs-utils-save.upstart, doc/manpage/ecryptfs.7, doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs- insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs- mount-private.1, doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-passphrase.1, doc/manpage/ecryptfs- rewrite-file.1, doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-private.1, doc/manpage/ecryptfs-unwrap- passphrase.1, doc/manpage/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-add-passphrase.1, doc/manpage/fr/ecryptfs- generate-tpm-key.1, doc/manpage/fr/ecryptfs-insert-wrapped- passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-mount-private.1, doc/manpage/fr/ecryptfs-rewrap-passphrase.1, doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs- umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1, doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs- zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1, doc/manpage/mount.ecryptfs_private.1, doc/manpage/pam_ecryptfs.8, doc/manpage/umount.ecryptfs.8, doc/manpage/umount.ecryptfs_private.1, src/pam_ecryptfs/pam_ecryptfs.c, src/utils/ecryptfs_add_passphrase.c, src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c, src/utils/ecryptfs-migrate-home, src/utils/ecryptfs-mount-private, src/utils/ecryptfs-recover-private, src/utils/ecryptfs_rewrap_passphrase.c, src/utils/ecryptfs-rewrite- file, src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup- swap, src/utils/ecryptfs-umount-private, src/utils/ecryptfs_unwrap_passphrase.c, src/utils/ecryptfs_wrap_passphrase.c: - update some email addresses, moving kirkland@canonical.com -> kirkland@ubuntu.com (which I can still read) * src/libecryptfs/key_management.c: LP: #715066 - fix 2 places where we were handling ecryptfs_add_passphrase_key_to_keyring() inconsistently - if we're trying to add a key to the keyring, and it's already there, treat that as "success" * debian/control: - ecryptfs-setup-swap is strongly recommended, which depends on cryptsetup; so promote cryptsetup from suggests -> recommends * precise
[ Stephan Ritscher and Tyler Hicks ] * src/libecryptfs/cmd_ln_parser.c: LP: #683535 - fix passphrase_passwd_fd for pipes - handle memory allocation failures - free memory in error paths
[ Arfrever Frehtes Taifersar Arahesis ] * configure.ac: LP: #893327 - no need to check for python, if --disable-pywrap is passed
|
Dustin Kirkland |
94-0ubuntu1 |
12 years ago
|
|
|
77
|
|
|
Serge Hallyn |
93-0ubuntu2 |
12 years ago
|
|
|
76
|
|
|
Dustin Kirkland |
93-0ubuntu1 |
12 years ago
|
|
|
75
|
|
|
Dustin Kirkland |
92-0ubuntu1 |
12 years ago
|
|
|
74
|
|
|
Dustin Kirkland |
91-0ubuntu1 |
12 years ago
|
|
|
73
|
|
|
Dustin Kirkland |
90-0ubuntu1 |
12 years ago
|
|
|
72
|
|
|
Marc Deslauriers |
89-0ubuntu2 |
12 years ago
|
|
|
71
|
|
|
Dustin Kirkland |
89-0ubuntu1 |
12 years ago
|
|
|
70
|
|
|
Dustin Kirkland |
88-0ubuntu1 |
12 years ago
|
|
|
69
|
|
|
Dustin Kirkland |
87-0ubuntu1 |
13 years ago
|
|
|
68
|
|
|
Dustin Kirkland |
86-0ubuntu1 |
13 years ago
|
|
|