Viewing all changes in revision 44.
- Committer: Package Import Robot
- Date: 2015-03-11 10:28:15 UTC
- mfrom: (1.1.20)
- Revision ID: package-import@ubuntu.com-20150311102815-k251sy2qe1raprj0
[ Dustin Kirkland ]
* doc/manpage/ecryptfs.7: LP: #1267640
- fix inconsistency in man page for passphrase_passwd_file format
* doc/manpage/ecryptfs-setup-private.1, src/utils/ecryptfs-setup-
private, src/utils/ecryptfs-setup-swap: LP: #1420424
- use /dev/random rather than /dev/urandom for long lived keys
* src/utils/ecryptfs-setup-private:
- use /dev/urandom for our testing, as we read a lot of info
* src/utils/ecryptfs-setup-swap: LP: #953875, #1086140
- fix a whitespace bug in a grep, that might cause us to not
comment out the old swap space in /etc/fstab
- offset the start of the encrypted swap space by 1KB, which
ensures that we don't overwrite the UUID label on the header
of the partition
- use the aes-xts block cipher, and plain64 initialization vector,
which are current best practice here
- fixed a grammar nitpick
[ Colin King ]
* src/libecryptfs/key_management.c, src/utils/mount.ecryptfs.c:
- A couple of minor fixes: Fix a memory leak and handle out of memory
error, as found by using cppcheck.
* src/utils/mount.ecryptfs.c
- fix potential double free on yesno if get_string_stdin exits early
without allocating a new buffer and we free yesno on the exit clean
up path.
* src/libecryptfs/cmd_ln_parser.c
- remove redundant if / goto statement that does nothing.
[ Anders Kaseorg ]
* src/pam_ecryptfs/pam_ecryptfs.c: exit (not return) from forked child on
error (LP: #1323421)
[ Tyler Hicks ]
* Introduce the version 2 wrapped-passphrase file format. It adds the
ability to combine a randomly generated salt with the wrapping password
(typically, a user's login password) prior to performing key
strengthening. The version 2 file format is considered to be a
intermediate step in strengthening the wrapped-passphrase files of
existing encrypted home/private users. Support for reading/writing version
2 wrapped-passphrase files and transparent migration, through
pam_ecryptfs, from version 1 to version 2 files is considered safe enough
to backport to stable distro releases. The libecryptfs ABI around
wrapped-passphrase file handling is not broken.
- CVE-2014-9687
* Run wrap-unwrap.sh test as part of the make check target.
* Add a new test, called v1-to-v2-wrapped-passphrase.sh, which is suitable
for the make check target and verifies v1 to v2 wrapped-passphrase file
migration.
* Create a temporary file when creating a new wrapped-passphrase file and
copy it to its final destination after the file has been fully synced to
disk (LP: #1020902)
* doc/manpage/ecryptfs.7: LP: #1267640
- fix inconsistency in man page for passphrase_passwd_file format
* doc/manpage/ecryptfs-setup-private.1, src/utils/ecryptfs-setup-
private, src/utils/ecryptfs-setup-swap: LP: #1420424
- use /dev/random rather than /dev/urandom for long lived keys
* src/utils/ecryptfs-setup-private:
- use /dev/urandom for our testing, as we read a lot of info
* src/utils/ecryptfs-setup-swap: LP: #953875, #1086140
- fix a whitespace bug in a grep, that might cause us to not
comment out the old swap space in /etc/fstab
- offset the start of the encrypted swap space by 1KB, which
ensures that we don't overwrite the UUID label on the header
of the partition
- use the aes-xts block cipher, and plain64 initialization vector,
which are current best practice here
- fixed a grammar nitpick
[ Colin King ]
* src/libecryptfs/key_management.c, src/utils/mount.ecryptfs.c:
- A couple of minor fixes: Fix a memory leak and handle out of memory
error, as found by using cppcheck.
* src/utils/mount.ecryptfs.c
- fix potential double free on yesno if get_string_stdin exits early
without allocating a new buffer and we free yesno on the exit clean
up path.
* src/libecryptfs/cmd_ln_parser.c
- remove redundant if / goto statement that does nothing.
[ Anders Kaseorg ]
* src/pam_ecryptfs/pam_ecryptfs.c: exit (not return) from forked child on
error (LP: #1323421)
[ Tyler Hicks ]
* Introduce the version 2 wrapped-passphrase file format. It adds the
ability to combine a randomly generated salt with the wrapping password
(typically, a user's login password) prior to performing key
strengthening. The version 2 file format is considered to be a
intermediate step in strengthening the wrapped-passphrase files of
existing encrypted home/private users. Support for reading/writing version
2 wrapped-passphrase files and transparent migration, through
pam_ecryptfs, from version 1 to version 2 files is considered safe enough
to backport to stable distro releases. The libecryptfs ABI around
wrapped-passphrase file handling is not broken.
- CVE-2014-9687
* Run wrap-unwrap.sh test as part of the make check target.
* Add a new test, called v1-to-v2-wrapped-passphrase.sh, which is suitable
for the make check target and verifies v1 to v2 wrapped-passphrase file
migration.
* Create a temporary file when creating a new wrapped-passphrase file and
copy it to its final destination after the file has been fully synced to
disk (LP: #1020902)
- files added:
- .pc
- debian/local
- debian/patches
- debian/po
- debian/source
- po
- src/desktop
- tests
- tests/kernel
- tests/kernel/directory-concurrent
- tests/kernel/enospc
- tests/kernel/extend-file-random
- tests/kernel/file-concurrent
- tests/kernel/inode-race-stat
- tests/kernel/inotify
- tests/kernel/llseek
- tests/kernel/lp-509180
- tests/kernel/lp-524919
- tests/kernel/lp-870326
- tests/kernel/lp-994247
- tests/kernel/miscdev-bad-count
- tests/kernel/mmap-bmap
- tests/kernel/mmap-close
- tests/kernel/mmap-dir
- tests/kernel/read-dir
- tests/kernel/trunc-file
- tests/kernel/xattr
- tests/lib
- tests/userspace
- tests/userspace/lfs
- tests/userspace/v1-to-v2-wrapped-passphrase
- tests/userspace/verify-passphrase-sig
- tests/userspace/wrap-unwrap
- files removed:
- debian/config
- files modified:
- ChangeLog
expand all
collapse all
added
removed
