-
Committer:
Package Import Robot
-
Author(s):
Dustin Kirkland, Dustin Kirkland, Colin King, Anders Kaseorg, Tyler Hicks
-
Date:
2015-03-11 10:28:15 UTC
-
mfrom:
(1.1.20)
-
Revision ID:
package-import@ubuntu.com-20150311102815-k251sy2qe1raprj0
Tags: 105-0ubuntu1
[ Dustin Kirkland ]
* doc/manpage/ecryptfs.7: LP: #1267640
- fix inconsistency in man page for passphrase_passwd_file format
* doc/manpage/ecryptfs-setup-private.1, src/utils/ecryptfs-setup-
private, src/utils/ecryptfs-setup-swap: LP: #1420424
- use /dev/random rather than /dev/urandom for long lived keys
* src/utils/ecryptfs-setup-private:
- use /dev/urandom for our testing, as we read a lot of info
* src/utils/ecryptfs-setup-swap: LP: #953875, #1086140
- fix a whitespace bug in a grep, that might cause us to not
comment out the old swap space in /etc/fstab
- offset the start of the encrypted swap space by 1KB, which
ensures that we don't overwrite the UUID label on the header
of the partition
- use the aes-xts block cipher, and plain64 initialization vector,
which are current best practice here
- fixed a grammar nitpick
[ Colin King ]
* src/libecryptfs/key_management.c, src/utils/mount.ecryptfs.c:
- A couple of minor fixes: Fix a memory leak and handle out of memory
error, as found by using cppcheck.
* src/utils/mount.ecryptfs.c
- fix potential double free on yesno if get_string_stdin exits early
without allocating a new buffer and we free yesno on the exit clean
up path.
* src/libecryptfs/cmd_ln_parser.c
- remove redundant if / goto statement that does nothing.
[ Anders Kaseorg ]
* src/pam_ecryptfs/pam_ecryptfs.c: exit (not return) from forked child on
error (LP: #1323421)
[ Tyler Hicks ]
* Introduce the version 2 wrapped-passphrase file format. It adds the
ability to combine a randomly generated salt with the wrapping password
(typically, a user's login password) prior to performing key
strengthening. The version 2 file format is considered to be a
intermediate step in strengthening the wrapped-passphrase files of
existing encrypted home/private users. Support for reading/writing version
2 wrapped-passphrase files and transparent migration, through
pam_ecryptfs, from version 1 to version 2 files is considered safe enough
to backport to stable distro releases. The libecryptfs ABI around
wrapped-passphrase file handling is not broken.
- CVE-2014-9687
* Run wrap-unwrap.sh test as part of the make check target.
* Add a new test, called v1-to-v2-wrapped-passphrase.sh, which is suitable
for the make check target and verifies v1 to v2 wrapped-passphrase file
migration.
* Create a temporary file when creating a new wrapped-passphrase file and
copy it to its final destination after the file has been fully synced to
disk (LP: #1020902)