[ubuntu/vivid-proposed] ecryptfs-utils 105-0ubuntu1 (Accepted)
Dustin Kirkland
kirkland at ubuntu.com
Wed Mar 11 15:35:13 UTC 2015
ecryptfs-utils (105-0ubuntu1) vivid; urgency=low
[ Dustin Kirkland ]
* doc/manpage/ecryptfs.7: LP: #1267640
- fix inconsistency in man page for passphrase_passwd_file format
* doc/manpage/ecryptfs-setup-private.1, src/utils/ecryptfs-setup-
private, src/utils/ecryptfs-setup-swap: LP: #1420424
- use /dev/random rather than /dev/urandom for long lived keys
* src/utils/ecryptfs-setup-private:
- use /dev/urandom for our testing, as we read a lot of info
* src/utils/ecryptfs-setup-swap: LP: #953875, #1086140
- fix a whitespace bug in a grep, that might cause us to not
comment out the old swap space in /etc/fstab
- offset the start of the encrypted swap space by 1KB, which
ensures that we don't overwrite the UUID label on the header
of the partition
- use the aes-xts block cipher, and plain64 initialization vector,
which are current best practice here
- fixed a grammar nitpick
[ Colin King ]
* src/libecryptfs/key_management.c, src/utils/mount.ecryptfs.c:
- A couple of minor fixes: Fix a memory leak and handle out of memory
error, as found by using cppcheck.
* src/utils/mount.ecryptfs.c
- fix potential double free on yesno if get_string_stdin exits early
without allocating a new buffer and we free yesno on the exit clean
up path.
* src/libecryptfs/cmd_ln_parser.c
- remove redundant if / goto statement that does nothing.
[ Anders Kaseorg ]
* src/pam_ecryptfs/pam_ecryptfs.c: exit (not return) from forked child on
error (LP: #1323421)
[ Tyler Hicks ]
* Introduce the version 2 wrapped-passphrase file format. It adds the
ability to combine a randomly generated salt with the wrapping password
(typically, a user's login password) prior to performing key
strengthening. The version 2 file format is considered to be a
intermediate step in strengthening the wrapped-passphrase files of
existing encrypted home/private users. Support for reading/writing version
2 wrapped-passphrase files and transparent migration, through
pam_ecryptfs, from version 1 to version 2 files is considered safe enough
to backport to stable distro releases. The libecryptfs ABI around
wrapped-passphrase file handling is not broken.
- CVE-2014-9687
* Run wrap-unwrap.sh test as part of the make check target.
* Add a new test, called v1-to-v2-wrapped-passphrase.sh, which is suitable
for the make check target and verifies v1 to v2 wrapped-passphrase file
migration.
* Create a temporary file when creating a new wrapped-passphrase file and
copy it to its final destination after the file has been fully synced to
disk (LP: #1020902)
Date: Wed, 11 Mar 2015 10:28:15 -0500
Changed-By: Dustin Kirkland <kirkland at ubuntu.com>
https://launchpad.net/ubuntu/+source/ecryptfs-utils/105-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 11 Mar 2015 10:28:15 -0500
Source: ecryptfs-utils
Binary: ecryptfs-utils ecryptfs-utils-dbg libecryptfs0 libecryptfs-dev python-ecryptfs
Architecture: source
Version: 105-0ubuntu1
Distribution: vivid
Urgency: low
Maintainer: Dustin Kirkland <kirkland at ubuntu.com>
Changed-By: Dustin Kirkland <kirkland at ubuntu.com>
Description:
ecryptfs-utils - ecryptfs cryptographic filesystem (utilities)
ecryptfs-utils-dbg - ecryptfs cryptographic filesystem (utilities; debug)
libecryptfs-dev - ecryptfs cryptographic filesystem (development)
libecryptfs0 - ecryptfs cryptographic filesystem (library)
python-ecryptfs - ecryptfs cryptographic filesystem (python)
Launchpad-Bugs-Fixed: 953875 1020902 1086140 1267640 1323421 1420424
Changes:
ecryptfs-utils (105-0ubuntu1) vivid; urgency=low
.
[ Dustin Kirkland ]
* doc/manpage/ecryptfs.7: LP: #1267640
- fix inconsistency in man page for passphrase_passwd_file format
* doc/manpage/ecryptfs-setup-private.1, src/utils/ecryptfs-setup-
private, src/utils/ecryptfs-setup-swap: LP: #1420424
- use /dev/random rather than /dev/urandom for long lived keys
* src/utils/ecryptfs-setup-private:
- use /dev/urandom for our testing, as we read a lot of info
* src/utils/ecryptfs-setup-swap: LP: #953875, #1086140
- fix a whitespace bug in a grep, that might cause us to not
comment out the old swap space in /etc/fstab
- offset the start of the encrypted swap space by 1KB, which
ensures that we don't overwrite the UUID label on the header
of the partition
- use the aes-xts block cipher, and plain64 initialization vector,
which are current best practice here
- fixed a grammar nitpick
.
[ Colin King ]
* src/libecryptfs/key_management.c, src/utils/mount.ecryptfs.c:
- A couple of minor fixes: Fix a memory leak and handle out of memory
error, as found by using cppcheck.
* src/utils/mount.ecryptfs.c
- fix potential double free on yesno if get_string_stdin exits early
without allocating a new buffer and we free yesno on the exit clean
up path.
* src/libecryptfs/cmd_ln_parser.c
- remove redundant if / goto statement that does nothing.
.
[ Anders Kaseorg ]
* src/pam_ecryptfs/pam_ecryptfs.c: exit (not return) from forked child on
error (LP: #1323421)
.
[ Tyler Hicks ]
* Introduce the version 2 wrapped-passphrase file format. It adds the
ability to combine a randomly generated salt with the wrapping password
(typically, a user's login password) prior to performing key
strengthening. The version 2 file format is considered to be a
intermediate step in strengthening the wrapped-passphrase files of
existing encrypted home/private users. Support for reading/writing version
2 wrapped-passphrase files and transparent migration, through
pam_ecryptfs, from version 1 to version 2 files is considered safe enough
to backport to stable distro releases. The libecryptfs ABI around
wrapped-passphrase file handling is not broken.
- CVE-2014-9687
* Run wrap-unwrap.sh test as part of the make check target.
* Add a new test, called v1-to-v2-wrapped-passphrase.sh, which is suitable
for the make check target and verifies v1 to v2 wrapped-passphrase file
migration.
* Create a temporary file when creating a new wrapped-passphrase file and
copy it to its final destination after the file has been fully synced to
disk (LP: #1020902)
Checksums-Sha1:
8d99d5700723965ec0f3175191048e5d413df7c7 2328 ecryptfs-utils_105-0ubuntu1.dsc
b707249cc5d3a6bd08a9336d1739857910733de9 657868 ecryptfs-utils_105.orig.tar.gz
e09f64071cb958c614d7e661b0064e0124cca2c6 27658 ecryptfs-utils_105-0ubuntu1.debian.tar.gz
Checksums-Sha256:
6fea4912dff0bde764911871643aa59584c207dcc23d5690c76612db0ffc9aeb 2328 ecryptfs-utils_105-0ubuntu1.dsc
66172145b4d809b2f2c4d8c9d9703376008134ed8044f021d46b4b4ba9198bed 657868 ecryptfs-utils_105.orig.tar.gz
c14367c5d564268dc5a25ddfeb32a97ad0a65f6f6013df3e375487ef026f6c79 27658 ecryptfs-utils_105-0ubuntu1.debian.tar.gz
Files:
c4ad738b73f50b4bef8456dfccf8d7b4 2328 misc optional ecryptfs-utils_105-0ubuntu1.dsc
e5c3dd468cdd3c08ab58d3ea707d2781 657868 misc optional ecryptfs-utils_105.orig.tar.gz
5626e92546032e3fcf5cd2ed8360d667 27658 misc optional ecryptfs-utils_105-0ubuntu1.debian.tar.gz
Original-Maintainer: Daniel Baumann <daniel at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVAF8pAAoJEJXmQ3PxUpRpKMkP/3jAFCYo+STkMkUIWHgA8dQ1
z1HoO8PIz8y5/M/92HB8PM8oJ6uuHiUd9l9PHfEMIFXRTTb0ehI9gAwkXvfq0S60
BSUremBf0F6zRh9WBgi+FF75Z9NaFTy2UaFa1FDQpbnN0B6umbXm89o7dPlBq4ba
ngCbZirUWmYftd23OIxjZWvLMkgXCIXkyN91N2oae7rDaXWUI+mZ9IumuiosJjDz
rmCR23MEXkd1tuUTIYdYDMVkjKJBcPjVnhL3y5a/79Z8KULdZJOt5rrKLw/fFz7P
ql9dmGDh4KgPbcRBRheDWg0Ahnb7WRp/cQP9Q/89oPEnM/VnKesVW99E2R9UgzU9
TVJmMISQmcjHl4ZvsawHieT1divGVnEH3AIIipIzvI6hdXN4/2Rz1/B/CrjyPgXa
WgUQ17u7KDWRTPyigNFR6w9rSoksuOYaGb5VJdEbztmZiABr8NM/jHFzqCopgqGO
81j7W9qE5mUAvQx05IRhvs5nDi3Ipcl2Pn1CombrE1nJdZ4W42zJhtjZBxGIw9w7
31FpEp3eCQRBMhwyW+rlkj//lgl8pjTTlnuMaCeKAWFC1s26qDSsXYcyf/MW50U1
d2mG+JWJdbwAJ7wf+J2CgInVrNeQqb5vXyCFP9RRdPkR6kZCSZ9+VjKYl6WU3vGH
urEZnfqRET3D1zxlMy/R
=ty+3
-----END PGP SIGNATURE-----
More information about the Vivid-changes
mailing list