Ubuntu
ecryptfs-utils package

ecryptfs-utils 105-0ubuntu1 source package in Ubuntu

Changelog

ecryptfs-utils (105-0ubuntu1) vivid; urgency=low

  [ Dustin Kirkland ]
  * doc/manpage/ecryptfs.7: LP: #1267640
    - fix inconsistency in man page for passphrase_passwd_file format
  * doc/manpage/ecryptfs-setup-private.1, src/utils/ecryptfs-setup-
    private, src/utils/ecryptfs-setup-swap: LP: #1420424
    - use /dev/random rather than /dev/urandom for long lived keys
  * src/utils/ecryptfs-setup-private:
    - use /dev/urandom for our testing, as we read a lot of info
  * src/utils/ecryptfs-setup-swap: LP: #953875, #1086140
    - fix a whitespace bug in a grep, that might cause us to not
      comment out the old swap space in /etc/fstab
    - offset the start of the encrypted swap space by 1KB, which
      ensures that we don't overwrite the UUID label on the header
      of the partition
    - use the aes-xts block cipher, and plain64 initialization vector,
      which are current best practice here
    - fixed a grammar nitpick

  [ Colin King ]
  * src/libecryptfs/key_management.c, src/utils/mount.ecryptfs.c:
    - A couple of minor fixes: Fix a memory leak and handle out of memory
      error, as found by using cppcheck.
  * src/utils/mount.ecryptfs.c
    - fix potential double free on yesno if get_string_stdin exits early
      without allocating a new buffer and we free yesno on the exit clean
      up path.
  * src/libecryptfs/cmd_ln_parser.c
    - remove redundant if / goto statement that does nothing.

  [ Anders Kaseorg ]
  * src/pam_ecryptfs/pam_ecryptfs.c: exit (not return) from forked child on
    error (LP: #1323421)

  [ Tyler Hicks ]
  * Introduce the version 2 wrapped-passphrase file format. It adds the
    ability to combine a randomly generated salt with the wrapping password
    (typically, a user's login password) prior to performing key
    strengthening. The version 2 file format is considered to be a
    intermediate step in strengthening the wrapped-passphrase files of
    existing encrypted home/private users. Support for reading/writing version
    2 wrapped-passphrase files and transparent migration, through
    pam_ecryptfs, from version 1 to version 2 files is considered safe enough
    to backport to stable distro releases. The libecryptfs ABI around
    wrapped-passphrase file handling is not broken.
    - CVE-2014-9687
  * Run wrap-unwrap.sh test as part of the make check target.
  * Add a new test, called v1-to-v2-wrapped-passphrase.sh, which is suitable
    for the make check target and verifies v1 to v2 wrapped-passphrase file
    migration.
  * Create a temporary file when creating a new wrapped-passphrase file and
    copy it to its final destination after the file has been fully synced to
    disk (LP: #1020902)
 -- Dustin Kirkland <email address hidden>   Wed, 11 Mar 2015 10:28:15 -0500

Upload details

Uploaded by:
Dustin Kirkland 
Uploaded to:
Vivid
Original maintainer:
Dustin Kirkland 
Architectures:
any
Section:
misc
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
ecryptfs-utils_105.orig.tar.gz 642.4 KiB 66172145b4d809b2f2c4d8c9d9703376008134ed8044f021d46b4b4ba9198bed
ecryptfs-utils_105-0ubuntu1.debian.tar.gz 27.0 KiB c14367c5d564268dc5a25ddfeb32a97ad0a65f6f6013df3e375487ef026f6c79
ecryptfs-utils_105-0ubuntu1.dsc 2.3 KiB 6fea4912dff0bde764911871643aa59584c207dcc23d5690c76612db0ffc9aeb

Available diffs

View changes file

Binary packages built by this source