ecryptfs-utils (83-0ubuntu3.2.10.04.6) lucid-security; urgency=medium * SECURITY UPDATE: Mount passphrase wrapped with a default salt value - src/libecryptfs/key_management.c, src/include/ecryptfs.h: Generate a random salt when wrapping the mount passphrase. - src/pam_ecryptfs/pam_ecryptfs.c: If a user has a mount passphrase that was wrapped using the default salt, their mount passphrase will be rewrapped using a random salt when they log in with their password. - src/libecryptfs/key_management.c: Create a temporary file when creating a new wrapped-passphrase file and copy it to its final destination after the file has been fully synced to disk (LP: #1020902) - CVE-2014-9687 -- Tyler Hicks Wed, 04 Mar 2015 16:26:45 -0600 ecryptfs-utils (83-0ubuntu3.2.10.04.3) lucid-proposed; urgency=low * src/libecryptfs/key_management.c: LP: #725862 - fix nasty bug affecting users who do *not* encrypt filenames; the first login works, but on logout, only one key gets cleaned out; subsequent logins do not insert the necessary key due to an early "goto out" -- Dustin Kirkland Fri, 02 Sep 2011 17:47:02 -0500 ecryptfs-utils (83-0ubuntu3.2.10.04.2) lucid-security; urgency=low * SECURITY UPDATE: wrong mtab ownership and permissions (LP: #830850) - src/utils/mount.ecryptfs_private.c: also set gid and umask before updating mtab. - CVE-2011-3145 -- Marc Deslauriers Mon, 22 Aug 2011 15:44:59 -0400 ecryptfs-utils (83-0ubuntu3.2.10.04.1) lucid-security; urgency=low * SECURITY UPDATE: privilege escalation via mountpoint race conditions (LP: #732628) - src/utils/mount.ecryptfs_private.c: chdir into mountpoint before checking permissions. Patch thanks to Dan Rosenberg. - CVE-2011-1831 - CVE-2011-1832 * SECURITY UPDATE: race condition when checking source during mount (LP: #732628) - src/utils/mount.ecryptfs_private.c: use new ecryptfs_check_dev_ruid kernel option when mounting directory. - CVE-2011-1833 * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628) - src/utils/mount.ecryptfs_private.c: modify mtab via a temp file first and make sure it succeeds before replacing the real mtab. Patch thanks to Dan Rosenberg. - CVE-2011-1834 * SECURITY UPDATE: key poisoning via insecure temp directory handling (LP: #732628) - src/utils/ecryptfs-setup-private: make sure we don't copy into a user controlled directory. - CVE-2011-1835 * SECURITY UPDATE: arbitrary file overwrite via lock counter race condition (LP: #732628) - src/utils/mount.ecryptfs_private.c: verify permissions with a file descriptor, and don't follow symlinks. - CVE-2011-1837 -- Marc Deslauriers Thu, 04 Aug 2011 10:37:00 -0400 ecryptfs-utils (83-0ubuntu3.1) lucid-proposed; urgency=low * Cherry pick upstream bzr commit r520 * src/utils/mount.ecryptfs_private.c: - fix bug LP: #313812, clear used keys on unmount - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from umount.ecryptfs behave similarly - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek -- Dustin Kirkland Fri, 11 Feb 2011 17:21:59 -0600 ecryptfs-utils (83-0ubuntu3) lucid; urgency=low * src/desktop/ecryptfs-record-passphrase: fix typo, LP: #524139 -- Dustin Kirkland Thu, 18 Feb 2010 18:07:48 -0600 ecryptfs-utils (83-0ubuntu2) lucid; urgency=low * debian/rules, debian/control: disable the gpg key module, as it's not yet functional; does more harm than good to build it; should not be in 10.04 LTS; clean up build-deps; also, not using opencryptoki either; unbreak the build for 32-bit Lucid -- Dustin Kirkland Wed, 17 Feb 2010 16:20:35 -0600 ecryptfs-utils (83-0ubuntu1) lucid; urgency=low [ David Planella ] * Makefile.am, configure.ac, debian/control, debian/po/POTFILES.sh, debian/po/ecryptfs-utils.pot, debian/po/fr.po, debian/rules, po/POTFILES.in, src/desktop/Makefile.am, src/desktop/ecryptfs-mount-private.desktop, src/desktop/ecryptfs-mount-private.desktop.in, src/desktop/ecryptfs-record-passphrase, src/desktop/ecryptfs-setup-private.desktop, src/desktop/ecryptfs-setup-private.desktop.in: - internationalization work for LP: #358283 * po/LINGUAS, po/ca.po: Catalan translation [ Yan Li ] * src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am, src/utils/ecryptfs-migrate-home: add a script and pam hooks to support automatic migration to encrypted home directory [ Dustin Kirkland ] * src/utils/ecryptfs-migrate-home: clean up for merge - use $() rather than `` - drop set -u - use = and !=, and quote vars, rather than testing with -ne, -eq, for better shell portability - improve usage statement and error text - check if already encrypted - handle migration of multiple users on boot - fix all whitespace, use tabs for indents - use quotes around variables, rather than ${} (stylistic preference) - major simplification for immediate release + remove boot and user modes; only support administrator mode for security reasons and to avoid race conditions + other modes can be re-added, if necessary, and if security concerns can be addressed - ensure running as root - drop VERBOSE option, always print useful info messages - call the user $USER_NAME rather than $USER_ID since id implies number, and here we're deailing with names - no decimals on awk calculation - mktemp on the target user, not root - check that there is enough disk space available to do the migration - ensure the user's homedir group is correct - add critical instructions, user *must* login after the migration and before the reboot, as their wrapped passphrase will be cleared on reboot (possible we should use an init script to move these to /var/tmp on reboot) - ensure permissions are set correctly - improve text at the end of the migration, organize into notes * ecryptfs-utils.ecryptfs-utils-restore.upstart, ecryptfs-utils.ecryptfs-utils-save.upstart, rules: - try to protect migrating users who don't login before the next reboot * debian/ecryptfs-utils.install: install the locale messages * src/desktop/ecryptfs-record-passphrase: improve dialog text * src/desktop/ecryptfs-record-passphrase: revert the _ bit, as it's not quite working yet, will need to talk to David to fix * Mark LP: #471725 as fixed -- Dustin Kirkland Wed, 17 Feb 2010 15:17:09 -0600 ecryptfs-utils (82) released; urgency=low * src/utils/ecryptfs-setup-private: fix bug where setup-private incorrectly assumed that the home/private dir ownerships should be owned by USER:USER; instead, default to USER:GROUP, where GROUP is the USER's primary group by default, LP: #445301 * src/utils/ecryptfs-setup-private, debian/control: LP: #456565 - fix typo, s/getext/gettext - depend on gettext-base * src/utils/ecryptfs-setup-private: fix printing of error strings, which was broken by the gettext integration, LP: #471725; in doing so, use $() in place of ``, use '' for gettext arguments, and wrap gettext in "", like this: foo="$(gettext 'blah blah')" * debian/control: one package per line, helps tremendously when looking at diffs * debian/copyright: Add new fields * debian/ecryptfs-utils.postinst: minor set -e change -- Dustin Kirkland Tue, 10 Nov 2009 11:31:25 -0600 ecryptfs-utils (81) released; urgency=low [ Michael Terry ] * src/utils/ecryptfs-setup=swap: clean up some error message reporting, LP: #430891, #430890 [ Dustin Kirkland ] * doc/manpage/ecryptfs.7: note the 64-char passphrase limit, LP: #386504 * src/utils/ecryptfs-setup-private: minor documentation change -- Dustin Kirkland Fri, 18 Sep 2009 18:46:07 -0500 ecryptfs-utils (80) released; urgency=low [ Evan Dandrea ] * src/utils/ecryptfs-setup-swap: allow for setting up encrpyted swap, without activating it immediately, necessary for livecd installations -- Dustin Kirkland Wed, 19 Aug 2009 11:31:03 -0500 ecryptfs-utils (79) released; urgency=low [ Dustin Kirkland ] * debian/control: updated bzr and browser urls, bumped standards version * src/pam_ecryptfs/pam_ecryptfs.c: silence useless, oft-shown info message * src/utils/ecryptfs-mount-private, src/utils/ecryptfs-rewrite-file, src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-swap, src/utils/ecryptfs-umount-private: use gettext for all string printing, such that we can internationalize ecryptfs * po/POTFILES.sh, po/ecryptfs-utils.pot, po/fr.po, rules: add po to the build system; for now, in the debian/ directory; this should be put in the upstream source tree eventually (but I need some help with the automake/autoconf integration) * ecryptfs-setup-swap: exit(0) if there's no swaps to encrypt, ensures that this script succeeds if there is no swap space that needs to be secured, or if the existing swap space is already secured * doc/manpage/ecryptfs-setup-swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/umount.ecryptfs.8, doc/manpage/Makefile.am: added manpagess * doc/manpage/ecryptfs.7: fix lintian warning * debian/lintian/ecryptfs-utils: added a lintian overrides file * debian/lintian/ecryptfs-utils, debian/ecryptfs-utils.install: add and install some proper lintian overrides * src/libecryptfs/module_mgr.c: fix typo, LP: #408437 [ Evan Dandrea ] * ecryptfs-setup-swap: support more than one encrypted swap device [ Dorin Scutarașu ] * src/libecryptfs/key_management.c: fix null pointer deref, LP: #409565 -- Dustin Kirkland Mon, 17 Aug 2009 11:58:35 -0500 ecryptfs-utils (78) released; urgency=low [ James Westby ] * src/libecryptfs/main.c flockfile the filehandle after checking that we were able to successfully open it (LP: #403011) * debian/libecryptfs0.shlibs: bump shlibs dep to 77 since we added new symbols there -- Dustin Kirkland Wed, 22 Jul 2009 11:28:20 -0500 ecryptfs-utils (77) released; urgency=low [ Dustin Kirkland ] * src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c: revert the zombie code removal from pam_ecryptfs as it seems this bit is still needed; fix the source of the problem introduced in commit r407; check for non-zero return codes; this problem would manifest itself as a) unable to unlock screensaver, b) unable to switch users, c) unable to mount home folder on initial login; LP: #402222, #402029 * src/utils/ecryptfs-umount-private: use for loop to loop over key ids on removal * src/utils/mount.ecryptfs_private.c: return non-zero on unmount failure due to open sessions; handle this in ecryptfs-umount-private too; make the flock() blocking; use /dev/shm for counter; add an iterator to the counter file to prevent users from DoS'ing one another from accessing their encrypted directories, LP: #402745 * debian/ecryptfs-utils.postinst: move /tmp counters to /dev/shm * configure.ac: link against pam, silence shlib warning * src/include/ecryptfs.h, src/libecryptfs/main.c, src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am, src/utils/mount.ecryptfs_private.c: move two functions from mount.ecryptfs_private to libecryptfs, namely is_mounted() and fetch_private_mnt(); use these in both pam_ecryptfs and mount.ecryptfs_private; also move PRIVATE to ECRYPTFS_PRIVATE in the ecryptfs.h headers; this will allow us to short-circuit some of the costly key-loading code on pam_auth if the private dir is already mounted, speeding up some subsequent authentications significantly, LP: #402748 * doc/ecryptfs-mount-private.txt: removed the "$" to make copy-n-paste more user friendly * src/utils/ecryptfs-setup-private: when encrypting home, put the .ecryptfs and .Private data in /home/.ecryptfs rather than /var/lib, as users are forgetting to backup /var/lib, and are often putting /home on a separate partition; furthermore, this gives users a place to access their encrypted data for backup, rather than hiding the data below $HOME, LP: #371719 [ Tyler Hicks ] * src/libecryptfs/cipher_list.c, src/libecryptfs/module_mgr.c: add blowfish/56-bytes to the list of ciphers we officially support, LP: #402790 -- Dustin Kirkland Tue, 21 Jul 2009 23:57:33 -0500 ecryptfs-utils (76) released; urgency=low [ Dustin Kirkland ] * src/utils/ecryptfs-setup-swap: switch from vol_id to blkid, LP: #376486 * debian/ecryptfs-utils.postinst, src/utils/ecryptfs-setup-private: don't echo mount passphrase if running in bootstrap mode; prune potential leakages from install log, LP: #383650 * SECURITY UPDATE: mount passphrase recorded in install log (LP: #383650). - debian/ecryptfs-utils.postinst: prune private information from installer log - src/utils/ecryptfs-setup-private: don't echo passphrase if running in bootstrap mode - CVE-2009-1296 * src/utils/ecryptfs-setup-private: make some of the lanuage more readable, (thanks, anrxc) * README, configure.ac, debian/control, debian/rules, doc/sourceforge_webpage/README, src/libecryptfs-swig/libecryptfs.py, src/libecryptfs-swig/libecryptfs_wrap.c, src/libecryptfs/key_management.c, src/libecryptfs/libecryptfs.pc.in, src/libecryptfs/main.c, src/pam_ecryptfs/Makefile.am, src/utils/manager.c, src/utils/mount.ecryptfs.c: move build from gcrypt to nss (this change has been pending for some time) * src/utils/ecryptfs-dot-private: dropped, was too hacky * ecryptfs-mount-private.1, ecryptfs-setup-private.1: align the documentation and implementation of the wrapping-independent feature, LP: #383746 * src/utils/ecryptfs-umount-private: use keyctl list @u, since keyctl show stopped working, LP: #400484, #395082 * src/utils/mount.ecryptfs_private.c: fix counter file locking; solves a longstanding bug about "random" umount caused by cronjobs, LP: #358573 [ Michal Hlavinka (edits by Dustin Kirkland) ] * doc/manpage/ecryptfs-mount-private.1, doc/manpage/ecryptfs-rewrite-file.1, doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs.7, doc/manpage/mount.ecryptfs_private.1, doc/manpage/umount.ecryptfs_private.1: documentation updated to note possible ecryptfs group membership requirements; Fix ecrypfs.7 man page and key_mod_openssl's error message; fix typo * src/libecryptfs/decision_graph.c: put a finite limit (5 tries) on interactive input; fix memory leaks when asking questions * src/libecryptfs/module_mgr.c: Don't error out with EINVAL when verbosity=0 and some options are missing. * src/utils/umount.ecryptfs.c: no error for missing key when removing it * src/libecryptfs-swig/libecryptfs.i: fix compile werror, cast char* * src/utils/ecryptfs_add_passphrase.c: fix/test/use return codes; return nonzero for --fnek when not supported but used * src/include/ecryptfs.h, src/key_mod/ecryptfs_key_mod_openssl.c, src/libecryptfs/module_mgr.c: refuse mounting with too small rsa key (key_mod_openssl) * src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c: fix return codes * src/utils/ecryptfs-rewrite-file: polish output * src/libecryptfs/key_management.c: inform about full keyring; insert fnek sig into keyring if fnek support check fails; don't fail if key already exists in keyring * src/utils/ecryptfs-setup-private: if the ecryptfs group exists, restrict ecryptfs-setup-private to members of this group * src/pam_ecryptfs/pam_ecryptfs.c: dynamically load ecryptfs module by checking ecryptfs version * src/libecryptfs/decision_graph.c, src/utils/io.c, src/utils/mount.ecryptfs.c: fix EOF handling, LP: #371587 * src/desktop/Makefile.am: make desktop files trusted, LP: #371426 [ Dustin Kirkland and Daniel Baumann ] * debian/control, debian/copyright, debian/ecryptfs-utils.dirs, debian/ecryptfs-utils.install, debian/ecryptfs-utils.postinst, debian/rules, ecryptfs-utils.pam-auth-update: sync Ubuntu's packaging with Debian; drop dpatch, drop libssl build dep, clean up extraneous debhelper bits, match cflags; remaining diff is only ecryptfs-utils.prerm [ Arfrever Frehtes Taifersar Arahesis ] * key_mod/ecryptfs_key_mod_gpg.c, key_mod/ecryptfs_key_mod_pkcs11_helper.c, libecryptfs/key_management.c, utils/ecryptfs_unwrap_passphrase.c: Fix warnings, initialize a few variables, drop unused ones [ David Hicks ] * src/lib/key_management.c: fix stray semicolon that prevents .ecryptfsrc files from working properly, LP: #372709 [ Michael Rooney ] * src/python/ecryptfsapi.py: added python api -- Dustin Kirkland Mon, 20 Jul 2009 12:12:30 -0500 ecryptfs-utils (75) released; urgency=low [ Dustin Kirkland ] * debian/rules: drop hackery that moves stuff /usr/share/ecryptfs-utils * src/utils/mount.ecryptfs_private.c: update inline documentation * debian/changelog, src/libecryptfs/cmd_ln_parser.c, src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c, src/utils/ecryptfs_add_passphrase.c, src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c, src/utils/ecryptfs_rewrap_passphrase.c, src/utils/ecryptfs_unwrap_passphrase.c, src/utils/ecryptfs_wrap_passphrase.c: silence some useless logging, LP: #313330 * include/ecryptfs.h, libecryptfs/key_management.c, utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c, utils/ecryptfs_unwrap_passphrase.c: if the file to unwrap is unspecified, try to use the default ~/.ecryptfs/wrapped-passphrase before bailing out, LP: #359997 * src/utils/ecryptfs-setup-private: unix_chkpwd is not always present (eg, gentoo), LP: #332341 [ Tyler Hicks ] * doc/manpage/ecryptfs.7: ecryptfs_encrypted_view option desription was wrong LP: #328761 [ Michal Hlavinka ] * decision_graph.c: fix uninitialized return code * mount.ecryptfs.c: don't pass verbosity option to kernel [ anrxc & Dustin Kirkland ] * doc/Makefile.am, src/desktop/Makefile.am: fix automake installation from /usr/share to /usr/share/ecryptfs-utils [ Daniel Baumann & Dustin Kirkland ] * debian/rules, debian/control: sync differences between Debian & Ubuntu's packaging [ Arfrever Frehtes Taifersar Arahesis ] * src/key_mod/ecryptfs_key_mod_gpg.c, src/key_mod/ecryptfs_key_mod_pkcs11_helper.c: fix implicit declations [ Frédéric Guihéry ] * key_mod/ecryptfs_key_mod_tspi.c, utils/ecryptfs_generate_tpm_key.c: the SRK password should be set to 20 bytes of NULL (wellknown password), in order for different tools to request key protection with the Storage Root Key -- Dustin Kirkland Fri, 01 May 2009 15:07:38 -0500 ecryptfs-utils (74) released; urgency=low [ Michal Hlavinka ] * Changes for RH/Fedora release - change error codes to be more descriptive - decision_graph.h, *: change definition of node return codes to positive values - mount.ecryptfs.c: insist for yes/no answer for unkown sigs - don't print error for removing key from keyring if it succeeded - module_mgr.c: insist on yes/no answer - use ECRYPTFS_NONEMPTY_VALUE_REQUIRED where reasonable - pam_ecryptfs.c: don't try to unwrap key for users not using pam mounting - add verbosity to man page - decision_graph.* : add ECRYPTFS_NONEMPTY_VALUE_REQUIRED flag for nodes - decision_graph.* : add WRONG_VALUE return code to nodes for asking question again [ Dustin Kirkland ] * src/utils/ecryptfs-setup-private: fix bug in grep when running with LANG in other locales, LP: #347969 * doc/manpage/ecryptfs.7: add notes about verbose option * src/desktop: add the desktop files to the dist tarball * src/utils/ecryptfs-dot-private: sourceable file for accessing your encrypted data; useful for conducting backups [ Martin Pitt and Dustin Kirkland ] Reworked the fixes for LP: #352307, remind user to record their passphrase * src/desktop/ecryptfs-record-passphrase: run if ~/.ecryptfs/.wrapped-passphrase.recorded does NOT exist; touch that file upon successful run of unwrap passphrase * debian/patches/00list, debian/patches/update-notifier-remind-passphrase.dpatch: dropped, since this was moved into PAM -- Dustin Kirkland Tue, 21 Apr 2009 18:21:30 -0500 ecryptfs-utils (73-0ubuntu1) jaunty; urgency=low [ Dustin Kirkland ] Userspace fixes for LP: #345544, CVE-2009-0787 * src/utils/ecryptfs-rewrite-file: new script, to rewrite a file, forcing it to be re-encrypted when written to disk * doc/manpage/ecryptfs-rewrite-file.1: documentation added Unrelated fixes in this release * src/utils/ecryptfs-mount-private, src/utils/ecryptfs-setup-private, src/utils/ecryptfs-setup-swap: use head/line for prompting and reading input [ Michal Hlavinka ] * ecryptfs-setup-private: don't fail with syntax error when kernel module not loaded * *.desktop: make desktop files standards compliant * umount.ecryptfs: don't sigsegv when arguments are missing -- Dustin Kirkland Fri, 20 Mar 2009 17:26:13 -0500 ecryptfs-utils (72-0ubuntu1) jaunty; urgency=low [ Dustin Kirkland ] * src/utils/ecryptfs-[u]mount-private: print message about cd $PWD, LP: #332331 * doc/manpage/*: manpage updates * debian/ecryptfs-utils.prerm: prevent removal of ecryptfs-utils package, if in use, LP: #331085 * src/utils/ecryptfs-setup-private: - allow for LDAP-based logins, LP: #317307 - add --noautomount, --noautoumount options, LP: #301759 [ Tyler Hicks ] * src/libecryptfs/cipher_list.c: ignore unknown ciphers, LP: #335632 * doc/manpage/ecryptfs.7: add key sig mount options info, LP: #329491 * src/utils/mount.ecryptfs.c: scrub unknown option [ James Dupin ] * doc/manpage/fr/*: initial cut at french manpages [ Michal Hlavinka ] * src/libecryptfs/module_mgr.c: fix mount parameter handling on interactive mounting, LP: #331948 -- Dustin Kirkland Wed, 18 Mar 2009 18:53:11 -0500 ecryptfs-utils (71-0ubuntu1) jaunty; urgency=low Upstream changes [ Dustin Kirkland ] * src/utils/ecryptfs-setup-swap: a first cut at a script that helps setup encrypted swap * debian/control: suggest cryptsetup [ Michal Hlavinka ] * improve interactive mode of mount.ecryptfs -- Dustin Kirkland Wed, 18 Feb 2009 17:34:17 -0600 ecryptfs-utils (70-0ubuntu1) jaunty; urgency=low * New upstream release, dropped all patches (included upstream) [ Michal Hlavinka ] * Auto module loading improvements * Fix nss passphrase (un)wrapping * Fix error handling when wrapping passphrase is too long * Use %m instead of strerror(errno) everywhere * Make the code compile with -Werror [ Tyler Hicks ] * umount.ecryptfs wrapper, clears keys [ Dustin Kirkland ] * Add a trailing newline to passphrase printing * Hack around glibc/kernel mlock limit issue, LP: #329176 -- Dustin Kirkland Fri, 13 Feb 2009 19:33:22 -0600 ecryptfs-utils (69-0ubuntu2) jaunty; urgency=low * debian/patches/10-remove-bashism.dpatch: fix installer bug, LP: #326184 * debian/control: Added libnss3-1d dependency (trying to cut over from openssl linkage) -- Dustin Kirkland Fri, 06 Feb 2009 17:58:11 +0100 ecryptfs-utils (69-0ubuntu1) jaunty; urgency=low * New upstream release, dropped all patches (included upstream) * This release includes support for filename encryption (LP: #264977) * This release promotes keyutils from a 'recommends' to a 'depends, for access to the keyctl command, which is used by the helper scripts to clear the keyring on unmount (LP: #313812) -- Dustin Kirkland Mon, 26 Jan 2009 13:51:21 -0500 ecryptfs-utils (68-1ubuntu2) jaunty; urgency=low * debian/patches/05-mount_opts.dpatch: Clean up mount options, LP: #277723 -- Dustin Kirkland Mon, 05 Jan 2009 15:34:05 -0600 ecryptfs-utils (68-1ubuntu1) jaunty; urgency=low * Merge from debian unstable (LP: #311193), remaining changes: - debian/ecryptfs-utils.postinst: handle pam-auth-update - debian/control: keep the dpatch build dep; libpam-runtime dep for pam-auth-update - debian/ecryptfs-utils.install: install the pam-auth-update file - debian/rules:keep the dpatch infrastructure around as we'll likely need it again; install the pam-auth-update file - debian/ecryptfs-utils.pam-auth-update: pam stack configuration - debian/ecryptfs-utils.dirs: usr share install dirs - debian/ecryptfs-utils.prerm: remove pam-auth-update configuration * Upstream merge also fixes LP: #304043. -- Dustin Kirkland Wed, 24 Dec 2008 10:24:53 -0600 ecryptfs-utils (68-1) unstable; urgency=high * Merging upstream version 68: - Contains upstream changelog (Closes: #507942). - Fixes syntax error in ecryptfs-setup-private (Closes: #509339). * Updating rules to install changelog. -- Daniel Baumann Tue, 23 Dec 2008 08:04:00 +0100 ecryptfs-utils (67-1ubuntu1) jaunty; urgency=low * Merge from debian unstable, remaining changes (Debian Bug: #506172): - debian/ecryptfs-utils.postinst: handle pam-auth-update - debian/rules:keep the dpatch infrastructure around as we'll likely need it again; install the pam-auth-update file - debian/ecryptfs-utils.install: install the pam-auth-update file - debian/control: keep the dpatch build dep; libpam-runtime dep for pam-auth-update - debian/ecryptfs-utils.pam-auth-update: pam stack configuration - debian/ecryptfs-utils.dirs: usr share install dirs - debian/ecryptfs-utils.prerm: remove pam-auth-update configuration * Dropped changes - debian/patches/10-counter_increment_fix.dpatch: included upstream - debian/ecryptfs-mount-private.desktop: included upstream - debian/ecryptfs-mount-private.txt: included upstream - debian/rules: desktop, readme files installed by upstream - debian/ecryptfs-utils.install: desktop, readme installed by upstream -- Dustin Kirkland Thu, 04 Dec 2008 12:09:35 -0600 ecryptfs-utils (67-1) unstable; urgency=low * Merging upstream version 67. -- Daniel Baumann Wed, 3 Dec 2008 09:54:00 +0100 ecryptfs-utils (66-2ubuntu3) jaunty; urgency=low * debian/patches/10-counter_increment_fix.dpatch: fix broken mount counter for encrypted home users (LP: #301085). -- Dustin Kirkland Sat, 22 Nov 2008 14:59:52 -0600 ecryptfs-utils (66-2ubuntu2) jaunty; urgency=low * debian/control: depend on python-dev and swig to fix FTBFS (LP: #299888) * debian/changelog: fix references to Debian bugs -- Dustin Kirkland Wed, 19 Nov 2008 07:09:19 -0600 ecryptfs-utils (66-2ubuntu1) jaunty; urgency=low * Merge from debian unstable, (LP: #259631, #293433, #286265, #247421, #294888, #298421) * Remaining changes: - debian/ecryptfs-utils.postinst: handle pam-auth-update (Debian Bug: #506172) - debian/rules: + keep the dpatch infrastructure around, as we'll likely need it again at some point soon + install the desktop, readme, and pam-auth-update files () - debian/ecryptfs-utils.install: install the desktop, readme shared files (Debian Bug: #506172) - debian/control: + keep the dpatch build dep + depend on libpam-runtime (Debian Bug: #506172) - debian/ecryptfs-utils.prerm: remove pam-auth-update configuration (Debian Bug: #506172) - debian/ecryptfs-mount-private.txt: readme to install in unmounted private dir (Debian Bug: #506172) - debian/ecryptfs-mount-private.desktop: desktop link to install in unmounted private dir (Debian Bug: #506172) - debian/ecryptfs-utils.dirs: usr share install dirs (Debian Bug: #506172) - debian/ecryptfs-utils.pam-auth-update: pam stack configuration (Debian Bug: #506172) -- Dustin Kirkland Tue, 18 Nov 2008 22:55:19 -0600 ecryptfs-utils (66-2) unstable; urgency=low * Removing auth-client-config support, no longer used. * Adding ecryptfs-utils recommends to keyutils. * Building without ssl, ecryptfs_key_mod_openssl.c has incompatible license (GPL-2+). * Building without pkcs11 helper, ecryptfs_key_mod_pkcs11_helper.c links against openssl and has incompatible license (GPL-2+). * Building without pkcs11 helper, ecryptfs_key_mod_tspi.c links against openssl and has incompatible license (GPL-2+). -- Daniel Baumann Tue, 18 Nov 2008 20:02:00 +0100 ecryptfs-utils (66-1) unstable; urgency=low * Manually adding second line of the commit message when merging upstream version 65 to changelog. * Merging upstream version 66. * Adding ecryptfs-utils.postinst to create /var/lib/ecryptfs on package installation time. -- Daniel Baumann Tue, 18 Nov 2008 12:39:00 +0100 ecryptfs-utils (65-1) unstable; urgency=low * Merging upstream version 65: - Adds --wrapping option to ecryptfs-setup-private command to use an independent wrapping passphrase, different from the login passphrase (Closes: #505008). * Removing pam-doc.dpatch, went upstream. * Adding build-depends to swig. * Adding build-depends to python-dev. * Including python bindings in libecryptfs0. -- Daniel Baumann Sat, 15 Nov 2008 07:49:00 +0100 ecryptfs-utils (64-3) unstable; urgency=low * Replacing obsolete dh_clean -k with dh_prep. * Adding patch from Osamu Aoki to update ecryptfs-pam-doc.txt contents with s/Confidential/Private/ (Closes: #504934). * Updating homepage and download location in control and copyright (Closes: #504930). * Updating author information in copyright. * Installing desktop shortcut and readme to /usr/share/ecryptfs-utils. Together with the fixes of upstream version 64, this interactively prompts for passwords now (Closes: #504370). -- Daniel Baumann Sat, 8 Nov 2008 07:01:00 +0100 ecryptfs-utils (64-2) unstable; urgency=low * Adding build-depends to python (Closes: #504719). -- Daniel Baumann Thu, 6 Nov 2008 17:45:00 +0100 ecryptfs-utils (64-1) unstable; urgency=low * Removing sbin-path.dpatch, not needed anymore. * Building with --enable-static, was default previously. -- Daniel Baumann Wed, 5 Nov 2008 20:45:00 +0100 ecryptfs-utils (63-1) unstable; urgency=low * Merging upstream version 63. -- Daniel Baumann Fri, 24 Oct 2008 06:42:00 +0200 ecryptfs-utils (61-1) unstable; urgency=low * Using patch-stamp rather than patch in rules file. * Merging upstream version 61. * Rediffing sbin-path.dpatch. -- Daniel Baumann Thu, 23 Oct 2008 19:42:00 +0200 ecryptfs-utils (58-2) unstable; urgency=low * Adding patch from situert to call ecryptfs helper scripts in /sbin with full path to avoid problem if /sbin is not in PATH (Closes: #498543). -- Daniel Baumann Thu, 11 Sep 2008 08:11:00 +0200 ecryptfs-utils (58-1) unstable; urgency=low * Merging upstream version 58. -- Daniel Baumann Tue, 9 Sep 2008 07:08:00 +0200 ecryptfs-utils (57-1) unstable; urgency=low * Updating vcs fields in control file. * Merging upstream version 57. -- Daniel Baumann Mon, 8 Sep 2008 13:44:00 +0200 ecryptfs-utils (56-1) unstable; urgency=low * Setting permissions for ecryptfs.acc when installing it in rules. * Merging upstream version 56. -- Daniel Baumann Mon, 25 Aug 2008 01:25:00 +0200 ecryptfs-utils (55-1) unstable; urgency=low * Merging upstream version 55. -- Daniel Baumann Mon, 25 Aug 2008 01:19:00 +0200 ecryptfs-utils (53-2) unstable; urgency=low * Adding auth-client-config support, thanks to Dustin Kirkland . -- Daniel Baumann Tue, 5 Aug 2008 23:59:00 +0200 ecryptfs-utils (53-1ubuntu13) intrepid-proposed; urgency=low Fixes for LP: #259631, add interactive mounting capability * debian/rules, debian/ecryptfs-utils.dirs, debian/ecryptfs-utils.install, debian/ecryptfs-mount-private.desktop, debian/ecryptfs-mount-private.txt: install the new desktop shortcut file and readme.txt to /usr/share/ecryptfs-utils * debian/patches/60_interactive_mount.dpatch: modify ecryptfs-mount-private utility to interactively prompt for password * debian/patches/00list: updated accordingly -- Dustin Kirkland Tue, 04 Nov 2008 09:34:41 -0600 ecryptfs-utils (53-1ubuntu12) intrepid-proposed; urgency=low * debian/patches/55_check_password_and_remove_from_proc.dpatch: use the printf function properly (LP: #290445) -- Dustin Kirkland Tue, 28 Oct 2008 16:50:11 -0500 ecryptfs-utils (53-1ubuntu11) intrepid; urgency=low * debian/patches/55_check_password_and_remove_from_proc.dpatch: Fix ecryptfs-add-passphrase and ecryptfs-wrap-passphrase to take passphrases on standard, to protect from disclosure on the process table; fix callers in ecryptfs-setup-private (LP: #287908). Validate that the user password is correct with unix_chkpwd (LP: #287906). * debian/patches/00list: updated accordingly -- Dustin Kirkland Thu, 23 Oct 2008 12:53:30 -0500 ecryptfs-utils (53-1ubuntu10) intrepid; urgency=low [Dustin Kirkland] * debian/patches/45-mount_private_counter.dpatch: implement a counter to track mounts/unmounts of the private directory; unmount if the counter is 0; allow a -f override to force unmount. LP: #259293. [Steve Langasek] * debian/patches/50-error-on-empty-password.dpatch: return PAM_AUTHTOK_RECOVER_ERR from the password changing module if we didn't get a password from the other modules in the stack, instead of returning success. LP: #272232. -- Dustin Kirkland Sun, 19 Oct 2008 10:30:08 -0500 ecryptfs-utils (53-1ubuntu9) intrepid; urgency=low * debian/patches/35-silence_useless_mount_messages.dpatch: silence error messages (LP: #277343) * debian/patches/40-zero_out_grep_options.dpatch: zero out GREP_OPTIONS (LP: #257984) * debian/patches/00list: updated accordingly -- Dustin Kirkland Fri, 03 Oct 2008 12:58:21 -0500 ecryptfs-utils (53-1ubuntu8) intrepid; urgency=low * debian/rules: change the installed permissions of pam-auth-update config to r--r--r-- (LP: #260458). -- Dustin Kirkland Fri, 22 Aug 2008 18:45:09 +0100 ecryptfs-utils (53-1ubuntu7) intrepid; urgency=low * debian/00list: added 30-ecryptfs-setup-private_empty-dir-check.dpatch (LP: #260346). * debian/30-ecryptfs-setup-private_empty-dir-check.dpatch: Patch checks that ~/Private and ~/.Private are empty before proceeding. -- Dustin Kirkland Fri, 22 Aug 2008 12:16:50 +0100 ecryptfs-utils (53-1ubuntu6) intrepid; urgency=low * Fixes (LP: #259915). * debian/control: drop suggests of auth-client-config, add depends on libpam-runtime. * debian/ecryptfs-utils.postinst: initial creation, use pam-auth-update, be sure to 'force' if pam stack was precisely written by auth-client-config. * debian/ecryptfs-utils.prerm: remove pam-auth-update config on uninstall * debian/ecryptfs-utils.pam-auth-update: initial creation of pam-auth-update configuration. * debian/ecryptfs.acc: drop auth-client-config profile. * debian/rules, debian/ecryptfs-utils.install, debian/ecryptfs-utils.dirs: remove auth-client-config installation, add pam-auth-update. -- Dustin Kirkland Fri, 22 Aug 2008 01:22:48 +0100 ecryptfs-utils (53-1ubuntu5) intrepid; urgency=low * debian/patches/00list: add 25-ecryptfs-setup-private_fix-pw-echo.dpatch (LP: #259746). * debian/patches/25-ecryptfs-setup-private_fix-pw-echo.dpatch: comment out mostly-debugish echo's; conditionally print randomly generated passphrase; always remind the user to print/record the mount passphrase for data recovery. -- Dustin Kirkland Wed, 20 Aug 2008 23:20:36 +0100 ecryptfs-utils (53-1ubuntu4) intrepid; urgency=low * debian/patches/00list: add 20-ecryptfs-setup-private-force.dpatch. * debian/patches/20-ecryptfs-setup-private-force.dpatch: error out if a pre-existing ecryptfs setup is found, allow for a --force override, * (LP: #258388). -- Dustin Kirkland Fri, 15 Aug 2008 13:54:03 -0500 ecryptfs-utils (53-1ubuntu3) intrepid; urgency=low * debian/patches/00list: add 15-pam_ecryptfs-auth_fork_exit.dpatch. * debian/patches/15-pam_ecryptfs-auth_fork_exit.dpatch: fix broken exit condition causing screensaver unlocking to fail (LP: #255795). -- Dustin Kirkland Mon, 11 Aug 2008 13:50:59 -0500 ecryptfs-utils (53-1ubuntu2) intrepid; urgency=low * debian/control: add build dependency on dpatch. * debian/rules: add relevant patch bits. * debian/patches/00list: add 10-pam_ecryptfs-automount.dpatch. * debian/patches/10-pam_ecryptfs-automount.dpatch: patch pam_ecryptfs to respect ~/.ecryptfs/auto-mount and ~/.ecryptfs/auto-umount files (LP: #256154). -- Dustin Kirkland Fri, 08 Aug 2008 13:00:53 -0500 ecryptfs-utils (53-1ubuntu1) intrepid; urgency=low * Merge from debian unstable (LP: #254714, #251245), remaining changes: - debian/rules: install ecryptfs auth-client-config profile - debian/control: Update maintainer, suggest auth-client-config - debian/ecryptfs.acc: define auth-client-config profile - debian/ecryptfs-utils.install: install auth-client-config profile * Dropped changes: - debian/ecryptfs-utils.dirs: handled by install -D rule * Additional changes - debian/ecryptfs.acc: Add to common-password stack, make all pam_ecryptfs entries optional (LP: #253816). -- Dustin Kirkland Mon, 04 Aug 2008 15:58:24 -0500 ecryptfs-utils (53-1) unstable; urgency=low * Updating to install newly added manpages. * Removing 01-manpage.dpatch, not required anymore. * Merging upstream version 53. -- Daniel Baumann Sun, 3 Aug 2008 00:11:00 +0200 ecryptfs-utils (52-1) unstable; urgency=low * Merging upstream version 52. -- Daniel Baumann Fri, 1 Aug 2008 03:50:00 +0200 ecryptfs-utils (51-1) unstable; urgency=low * Merging upstream version 51. -- Daniel Baumann Fri, 1 Aug 2008 01:22:00 +0200 ecryptfs-utils (50-4ubuntu2) intrepid; urgency=low * debian/patches/00list, debian/patches/05-pam_ecryptfs_waitpid.dpatch: Cherry pick this patch from upstream, which fixes gdm/kdm hangs on logout (LP: #250988). -- Dustin Kirkland Tue, 22 Jul 2008 18:34:59 -0500 ecryptfs-utils (50-4ubuntu1) intrepid; urgency=low * Merge from debian unstable (LP: #249503), remaining changes: - debian/control: Update maintainer, suggest auth-client-config - debian/ecryptfs-utils.dirs: add etc/auth-client-config/profile.d - debian/ecryptfs-utils.install: add ecryptfs auth-client-config profile - debian/ecryptfs.acc: define auth-client-config profile - debian/rules: support ecryptfs auth-client-config profile * Dropped changes: - debian/libecryptfs0.dirs: moved auth-client-config bit to debian/ecryptfs-utils.dirs - debian/libecryptfs.install: moved auth-client-config bit to debian/ecryptfs-utils.install -- Dustin Kirkland Thu, 17 Jul 2008 10:39:51 -0500 ecryptfs-utils (50-4) unstable; urgency=medium * Adding /usr/lib/libecryptfs.so.0.0 symlink. * Moving /lib/security/pam_ecryptfs.so and /usr/lib/ecryptfs/*.so from libecryptfs0 to ecryptfs-utils. -- Daniel Baumann Wed, 16 Jul 2008 20:34:00 +0200 ecryptfs-utils (50-3ubuntu1) intrepid; urgency=low * Merge from debian unstable (LP: #248420), remaining changes: - debian/libecryptfs0.install: add ecryptfs auth-client-config profile - debian/rules: support ecryptfs auth-client-config profile - debian/control: Update maintainer, suggest auth-client-config - debian/libecryptfs0.dirs: add etc/auth-client-config/profile.d - debian/ecryptfs.acc: define auth-client-config profile -- Dustin Kirkland Mon, 14 Jul 2008 09:48:23 -0500 ecryptfs-utils (50-3) unstable; urgency=low * Adding missing build-depends to pkg-config (Closes: #490415). -- Daniel Baumann Sat, 12 Jul 2008 11:12:00 +0200 ecryptfs-utils (50-2) unstable; urgency=low * Removing currently unused libgtk2.0-dev from build-depends (Closes:#490233). * Building ecryptfs-utils with TPM support on all supported Debian architectures, except s390. * Installing /sbin/mount.ecryptfs_private with suid root. -- Daniel Baumann Thu, 10 Jul 2008 23:48:00 +0200 ecryptfs-utils (50-1ubuntu1) intrepid; urgency=low * auth-client-config support (LP: #247641) + debian/ecryptfs.acc: create an auth-client-config profile + debian/libecryptfs0.install: install the auth-client-config profile + debian/control: modify maintainer value; add auth-client-config to Suggests + debian/libecryptfs0.dirs: create with etc/auth-client-config/profile.d -- Dustin Kirkland Fri, 11 Jul 2008 12:00:36 -0500 ecryptfs-utils (50-1) unstable; urgency=low * Merging upstream version 50. -- Daniel Baumann Sun, 29 Jun 2008 22:19:00 +0200 ecryptfs-utils (49-1) unstable; urgency=low * Merging upstream version 49. -- Daniel Baumann Sun, 29 Jun 2008 22:09:00 +0200 ecryptfs-utils (48-1) unstable; urgency=medium * Updating debhelper shlibs file. * Updating rules fileto reflect upstreams removal of documentation. * Merging upstream version 48. -- Daniel Baumann Mon, 16 Jun 2008 21:35:00 +0200 ecryptfs-utils (47-1) unstable; urgency=low * Merging upstream version 47. -- Daniel Baumann Mon, 16 Jun 2008 20:39:00 +0200 ecryptfs-utils (46-1) unstable; urgency=low * Removing superfluous empty line from rules file. * Removing trailing slash in install debhelper file. * Merging upstream version 46. * Updating to standards 3.8.0. -- Daniel Baumann Tue, 10 Jun 2008 08:06:00 +0200 ecryptfs-utils (45-1) unstable; urgency=low * Merging upstream version 45. -- Daniel Baumann Fri, 16 May 2008 08:22:00 +0200 ecryptfs-utils (44-1) unstable; urgency=low * Reordering rules file. * Updating debhelper shlibs file. * Rewriting copyright file in machine-interpretable format. * Adding vcs fields in control file. * Upgrading package to debhelper 7. * Merging upstream version 44. -- Daniel Baumann Sat, 3 May 2008 12:17:00 +0200 ecryptfs-utils (43-1) unstable; urgency=low * New upstream release. * Removing watch file. -- Daniel Baumann Wed, 9 Apr 2008 09:54:00 +0200 ecryptfs-utils (41-1) unstable; urgency=low * New upstream release. -- Daniel Baumann Tue, 1 Apr 2008 11:25:00 +0200 ecryptfs-utils (40-1) unstable; urgency=low * New upstream release. -- Daniel Baumann Sun, 24 Feb 2008 22:09:00 +0100 ecryptfs-utils (38-2) unstable; urgency=low * Temporarily only use tpm toolchain on i386 (Closes: #461233). * Current upstream should build without patches on amd64 (Closes: #445619). * Added --fail-missing to dh_install call in rules. * Updated .install files to cover additional files. -- Daniel Baumann Thu, 17 Jan 2008 23:47:00 +0100 ecryptfs-utils (38-1) unstable; urgency=low * New upstream release. -- Daniel Baumann Sat, 12 Jan 2008 17:14:00 +0100 ecryptfs-utils (37-1) unstable; urgency=low * New upstream release (Closes: #457316). * Compling with trousers support now. * Bumping to new policy. -- Daniel Baumann Fri, 21 Dec 2007 14:54:00 +0100 ecryptfs-utils (30-1) unstable; urgency=low * New upstream release. -- Daniel Baumann Fri, 16 Nov 2007 12:10:00 +0100 ecryptfs-utils (27-1) unstable; urgency=low * New upstream release. -- Daniel Baumann Fri, 19 Oct 2007 21:50:00 +0200 ecryptfs-utils (26-1) unstable; urgency=low * New upstream release. * Dropped 02-ia64.dpatch; not required anymore. * Building with --disable-tspi for the time beeing until trousers is uploaded. * Downgrading recommends to opencryptoki to a suggests for the time beeing until opencryptoki is uploaded. -- Daniel Baumann Sun, 14 Oct 2007 11:17:00 +0200 ecryptfs-utils (24-2) unstable; urgency=low * Enforcing libdir (Closes: #445619). -- Daniel Baumann Wed, 10 Oct 2007 23:41:00 +0200 ecryptfs-utils (24-1) unstable; urgency=low * New upstream release. -- Daniel Baumann Tue, 9 Oct 2007 12:03:00 +0200 ecryptfs-utils (23-1) unstable; urgency=low * New upstream release. * Added libgpgme11-dev to build-depends. * Rediffed 02-ia64.dpatch. -- Daniel Baumann Mon, 27 Aug 2007 16:32:00 +0200 ecryptfs-utils (21-1) unstable; urgency=low * Initial release (Closes: #401800). * Added patch from William Lima to fix FTBFS on ia64. -- Daniel Baumann Sun, 12 Aug 2007 15:20:00 +0200