Hello community,
here is the log from the commit of package ecryptfs-utils
checked in at Fri Oct 24 15:42:54 CEST 2008.
--------
--- ecryptfs-utils/ecryptfs-utils.changes 2008-09-19 11:56:20.000000000 +0200
+++ /mounts/work_src_done/STABLE/ecryptfs-utils/ecryptfs-utils.changes 2008-10-24 13:58:18.000000000 +0200
@@ -1,0 +2,7 @@
+Fri Oct 24 13:58:01 CEST 2008 - meissner@suse.de
+
+- Upgraded to version 61
+ - starts of filename encryption
+ - bugfixes
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
ecryptfs-utils-58.tar.bz2
New:
----
ecryptfs-utils-61.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ecryptfs-utils.spec ++++++
--- /var/tmp/diff_new_pack.i30790/_old 2008-10-24 15:42:46.000000000 +0200
+++ /var/tmp/diff_new_pack.i30790/_new 2008-10-24 15:42:46.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package ecryptfs-utils (Version 58)
+# spec file for package ecryptfs-utils (Version 61)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -24,7 +24,7 @@
Group: Productivity/Security
AutoReqProv: on
Summary: Userspace Utilities for ecryptfs
-Version: 58
+Version: 61
Release: 1
Source0: http://downloads.sourceforge.net/ecryptfs/%{name}-%{version}.tar.bz2
Patch0: ecryptfs-utils-fixes.patch
@@ -87,6 +87,10 @@
/%_lib/security/pam_ecryptfs.so
%changelog
+* Fri Oct 24 2008 meissner@suse.de
+- Upgraded to version 61
+ - starts of filename encryption
+ - bugfixes
* Fri Sep 19 2008 meissner@suse.de
- Upgraded to version 58
- config file changes yet again
++++++ ecryptfs-utils-58.tar.bz2 -> ecryptfs-utils-61.tar.bz2 ++++++
++++ 4822 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ecryptfs-utils-58/AUTHORS new/ecryptfs-utils-61/AUTHORS
--- old/ecryptfs-utils-58/AUTHORS 2008-01-19 05:58:42.000000000 +0100
+++ new/ecryptfs-utils-61/AUTHORS 2008-10-22 19:51:38.000000000 +0200
@@ -4,3 +4,10 @@
Mike Halcrow designed and implemented eCryptfs, which is a fork from
Cryptfs. Erez Zadok, along with the fileystem research lab at Stony
Brook University, designed and implemented Cryptfs.
+
+Dustin Kirkland implemented a scheme by which a user can have an
+encrypted private directory, ~/Private, automatically mounted at login
+and unmounted at logout by pam_ecryptfs.
+
+Eric Sandeen has provided various bugfixes to both the kernel and the
+userspace components of eCryptfs.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ecryptfs-utils-58/configure.ac new/ecryptfs-utils-61/configure.ac
--- old/ecryptfs-utils-58/configure.ac 2008-09-09 00:21:11.000000000 +0200
+++ new/ecryptfs-utils-61/configure.ac 2008-10-22 19:51:47.000000000 +0200
@@ -10,7 +10,7 @@
AC_PREREQ(2.59)
-AC_INIT([ecryptfs-utils],[58])
+AC_INIT([ecryptfs-utils],[61])
AC_CANONICAL_HOST
AC_CANONICAL_TARGET
AM_INIT_AUTOMAKE([${PACKAGE_NAME}], [${PACKAGE_VERSION}])
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ecryptfs-utils-58/src/include/ecryptfs.h new/ecryptfs-utils-61/src/include/ecryptfs.h
--- old/ecryptfs-utils-58/src/include/ecryptfs.h 2008-08-05 17:09:39.000000000 +0200
+++ new/ecryptfs-utils-61/src/include/ecryptfs.h 2008-10-15 22:56:01.000000000 +0200
@@ -484,6 +484,7 @@
int ecryptfs_supports_pubkey(uint32_t version);
int ecryptfs_supports_plaintext_passthrough(uint32_t version);
int ecryptfs_supports_hmac(uint32_t version);
+int ecryptfs_supports_filename_encryption(uint32_t version);
int ecryptfs_supports_policy(uint32_t version);
#define ECRYPTFS_ASK_FOR_ALL_MOUNT_OPTIONS 0
#define ECRYPTFS_KEY_MODULE_ONLY 1
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ecryptfs-utils-58/src/libecryptfs/miscdev.c new/ecryptfs-utils-61/src/libecryptfs/miscdev.c
--- old/ecryptfs-utils-58/src/libecryptfs/miscdev.c 2008-06-11 22:07:43.000000000 +0200
+++ new/ecryptfs-utils-61/src/libecryptfs/miscdev.c 2008-10-22 19:02:56.000000000 +0200
@@ -43,8 +43,8 @@
uint16_t msg_flags, uint32_t msg_seq)
{
uint32_t miscdev_msg_data_size;
- uint32_t packet_len_size;
- uint32_t packet_len;
+ size_t packet_len_size;
+ size_t packet_len;
uint32_t msg_seq_be32;
uint32_t i;
ssize_t written;
@@ -259,7 +259,7 @@
}
reply->index = emsg->index;
rc = ecryptfs_send_miscdev(miscdev_ctx, reply,
- ECRYPTFS_MSG_RESPONSE, 0, msg_seq);
+ ECRYPTFS_MSG_RESPONSE, 0, msg_seq);
if (rc < 0) {
syslog(LOG_ERR, "Failed to send netlink "
"message in response to kernel "
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ecryptfs-utils-58/src/libecryptfs/module_mgr.c new/ecryptfs-utils-61/src/libecryptfs/module_mgr.c
--- old/ecryptfs-utils-58/src/libecryptfs/module_mgr.c 2008-05-28 21:40:51.000000000 +0200
+++ new/ecryptfs-utils-61/src/libecryptfs/module_mgr.c 2008-10-15 22:56:01.000000000 +0200
@@ -149,7 +149,7 @@
return 0;
}
-static struct param_node ecryptfs_version_support_node = {
+static struct param_node end_param_node = {
.num_mnt_opt_names = 1,
.mnt_opt_names = {"end"},
.prompt = "end",
@@ -158,14 +158,124 @@
.display_opts = NULL,
.default_val = NULL,
.flags = ECRYPTFS_PARAM_FLAG_NO_VALUE,
- .num_transitions = 1,
+ .num_transitions = 0,
.tl = {{.val = "default",
.pretty_val = "default",
.next_token = NULL,
.trans_func = NULL}}
};
-static struct param_node end_param_node = {
+static struct param_node enable_filename_crypto_param_node;
+
+static int filename_crypto_fnek_sig_callback(struct ecryptfs_ctx *ctx,
+ struct param_node *node,
+ struct val_node **head, void **foo)
+{
+ char *param;
+ int rc = 0;
+
+ if (!node->val) {
+ node->flags = ECRYPTFS_PARAM_FLAG_ECHO_INPUT;
+ enable_filename_crypto_param_node.tl[0].next_token =
+ node->tl[0].next_token;
+ node->tl[0].next_token = &enable_filename_crypto_param_node;
+ goto out;
+ }
+ if (strcmp(node->val, "NULL") == 0) {
+ node->flags = ECRYPTFS_PARAM_FLAG_ECHO_INPUT;
+ enable_filename_crypto_param_node.tl[0].next_token =
+ node->tl[0].next_token;
+ node->tl[0].next_token = &enable_filename_crypto_param_node;
+ goto out;
+ }
+ rc = asprintf(¶m, "ecryptfs_fnek_sig=%s", node->val);
+ if (rc == -1) {
+ rc = -ENOMEM;
+ syslog(LOG_ERR, "Out of memory\n");
+ goto out;
+ }
+ stack_push(head, param);
+out:
+ return rc;
+}
+
+static struct param_node filename_crypto_fnek_sig_param_node = {
+ .num_mnt_opt_names = 1,
+ .mnt_opt_names = {"ecryptfs_fnek_sig"},
+ .prompt = "Filname Encryption Key (FNEK) Signature",
+ .val_type = VAL_STR,
+ .val = NULL,
+ .display_opts = NULL,
+ .default_val = NULL,
+ .suggested_val = NULL,
+ .flags = ECRYPTFS_PARAM_FLAG_NO_VALUE | ECRYPTFS_NO_AUTO_TRANSITION,
+ .num_transitions = 1,
+ .tl = {{.val = "default",
+ .pretty_val = "default",
+ .next_token = &end_param_node,
+ .trans_func = filename_crypto_fnek_sig_callback}}
+};
+
+static int get_enable_filename_crypto(struct ecryptfs_ctx *ctx,
+ struct param_node *node,
+ struct val_node **head, void **foo)
+{
+ int rc = 0;
+
+ if ((node->val && (*(node->val) == 'y'))
+ || (node->flags & PARAMETER_SET)) {
+ int i;
+ struct val_node *val_node;
+
+ for (i = 0;
+ i < filename_crypto_fnek_sig_param_node.num_transitions;
+ i++)
+ filename_crypto_fnek_sig_param_node.tl[i].next_token =
+ node->tl[0].next_token;
+ node->tl[0].next_token = &filename_crypto_fnek_sig_param_node;
+ val_node = (*head);
+ while (val_node) {
+ if (strncmp(val_node->val, "ecryptfs_sig=", 13) == 0) {
+ rc = asprintf(&filename_crypto_fnek_sig_param_node.suggested_val,
+ "%s",
+ &((char *)val_node->val)[13]);
+ if (rc == -1) {
+ rc = -ENOMEM;
+ syslog(LOG_ERR,
+ "%s: No memory whilst "
+ "attempting to write [%s]\n",
+ __FUNCTION__,
+ &((char *)val_node->val)[13]);
+ goto out_free;
+ }
+ break;
+ }
+ val_node = val_node->next;
+ }
+ }
+out_free:
+ if (node->val)
+ free(node->val);
+ return rc;
+}
+
+static struct param_node enable_filename_crypto_param_node = {
+ .num_mnt_opt_names = 1,
+ .mnt_opt_names = {"ecryptfs_enable_filename_crypto"},
+ .prompt = "Enable filename encryption (y/n)",
+ .val_type = VAL_STR,
+ .val = NULL,
+ .display_opts = NULL,
+ .default_val = NULL,
+ .flags = ECRYPTFS_PARAM_FLAG_ECHO_INPUT,
+ .num_transitions = 1,
+ .tl = {{.val = "default",
+ .pretty_val = "default",
+ .next_token = &filename_crypto_fnek_sig_param_node,
+ .trans_func = get_enable_filename_crypto}}
+};
+
+static struct param_node ecryptfs_version_support_node = {
.num_mnt_opt_names = 1,
.mnt_opt_names = {"end"},
.prompt = "end",
@@ -174,7 +284,7 @@
.display_opts = NULL,
.default_val = NULL,
.flags = ECRYPTFS_PARAM_FLAG_NO_VALUE,
- .num_transitions = 0,
+ .num_transitions = 1,
.tl = {{.val = "default",
.pretty_val = "default",
.next_token = NULL,
@@ -184,7 +294,7 @@
static struct param_node encrypted_passthrough_param_node = {
.num_mnt_opt_names = 1,
.mnt_opt_names = {"ecryptfs_encrypted_view"},
- .prompt = "Pass through encrypted versions of all files (y/n)",
+ .prompt = "Pass through encrypted versions of all files (y/N)",
.val_type = VAL_STR,
.val = NULL,
.display_opts = NULL,
@@ -200,7 +310,7 @@
static struct param_node xattr_param_node = {
.num_mnt_opt_names = 1,
.mnt_opt_names = {"ecryptfs_xattr"},
- .prompt = "Write metadata to extended attribute region (y/n)",
+ .prompt = "Write metadata to extended attribute region (y/N)",
.val_type = VAL_STR,
.val = NULL,
.display_opts = NULL,
@@ -232,7 +342,7 @@
static struct param_node hmac_param_node = {
.num_mnt_opt_names = 1,
.mnt_opt_names = {"ecryptfs_hmac"},
- .prompt = "Enable HMAC integrity verification (y/n)",
+ .prompt = "Enable HMAC integrity verification (y/N)",
.val_type = VAL_STR,
.val = NULL,
.display_opts = NULL,
@@ -595,6 +705,21 @@
&encrypted_passthrough_param_node;
last_param_node = &encrypted_passthrough_param_node;
}
+ if (ecryptfs_supports_filename_encryption(version)) {
+ int i;
+
+ rc = asprintf(&enable_filename_crypto_param_node.suggested_val,
+ "n");
+ if (rc == -1) {
+ rc = -ENOMEM;
+ goto out;
+ }
+ rc = 0;
+ for (i = 0; i < last_param_node->num_transitions; i++)
+ last_param_node->tl[i].next_token =
+ &filename_crypto_fnek_sig_param_node;
+ last_param_node = &filename_crypto_fnek_sig_param_node;
+ }
out:
return rc;
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ecryptfs-utils-58/src/libecryptfs/sysfs.c new/ecryptfs-utils-61/src/libecryptfs/sysfs.c
--- old/ecryptfs-utils-58/src/libecryptfs/sysfs.c 2008-04-11 21:57:29.000000000 +0200
+++ new/ecryptfs-utils-61/src/libecryptfs/sysfs.c 2008-10-15 22:56:01.000000000 +0200
@@ -142,6 +142,11 @@
return (version & ECRYPTFS_VERSIONING_HMAC);
}
+int ecryptfs_supports_filename_encryption(uint32_t version)
+{
+ return (version & ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION);
+}
+
int ecryptfs_supports_policy(uint32_t version)
{
return (version & ECRYPTFS_VERSIONING_POLICY);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ecryptfs-utils-58/src/utils/ecryptfs-setup-private new/ecryptfs-utils-61/src/utils/ecryptfs-setup-private
--- old/ecryptfs-utils-58/src/utils/ecryptfs-setup-private 2008-09-08 17:55:30.000000000 +0200
+++ new/ecryptfs-utils-61/src/utils/ecryptfs-setup-private 2008-10-09 00:48:06.000000000 +0200
@@ -9,8 +9,11 @@
PRIVATE_DIR="Private"
+# Zero out user-defined GREP_OPTIONS, such as --line-number
+GREP_OPTIONS=
+
usage() {
- echo
+ echo
echo "Usage:"
echo "# $0 [--username USER]"
echo " [--loginpass LOGINPASS] [--mountpass MOUNTPASS]"
@@ -44,7 +47,7 @@
error_testing() {
rm -f "$1" >/dev/null
- umount.ecryptfs_private >/dev/null
+ /sbin/umount.ecryptfs_private >/dev/null
error "$2"
exit 1
}
@@ -251,16 +254,16 @@
# Now let's perform some basic mount/write/umount/read sanity testing...
echo "Testing mount/write/umount/read..."
-mount.ecryptfs_private || error "Could not mount private ecryptfs directory"
+/sbin/mount.ecryptfs_private || error "Could not mount private ecryptfs directory"
temp=`mktemp "$HOME/$PRIVATE_DIR/ecryptfs.test.XXXXXX"` || error_testing "$temp" "Could not create empty file"
random_data=`head -c 16000 /dev/urandom | od -x` || error_testing "$temp" "Could not generate random data"
echo "$random_data" > "$temp" || error_testing "$temp" "Could not write encrypted file"
md5sum1=`md5sum "$temp"` || error_testing "$temp" "Could not read encrypted file"
-umount.ecryptfs_private || error_testing "$temp" "Could not unmount private ecryptfs directory"
-mount.ecryptfs_private || error_testing "$temp" "Could not mount private ecryptfs directory (2)"
+/sbin/umount.ecryptfs_private || error_testing "$temp" "Could not unmount private ecryptfs directory"
+/sbin/mount.ecryptfs_private || error_testing "$temp" "Could not mount private ecryptfs directory (2)"
md5sum2=`md5sum "$temp"` || error_testing "$temp" "Could not read encrypted file (2)"
rm -f "$temp"
-umount.ecryptfs_private || error_testing "$temp" "Could not unmount private ecryptfs directory (2)"
+/sbin/umount.ecryptfs_private || error_testing "$temp" "Could not unmount private ecryptfs directory (2)"
if [ "$md5sum1" != "$md5sum2" ]; then
error "Testing failed."
else
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ecryptfs-utils-58/src/utils/mount.ecryptfs_private.c new/ecryptfs-utils-61/src/utils/mount.ecryptfs_private.c
--- old/ecryptfs-utils-58/src/utils/mount.ecryptfs_private.c 2008-06-24 19:13:22.000000000 +0200
+++ new/ecryptfs-utils-61/src/utils/mount.ecryptfs_private.c 2008-10-09 00:48:31.000000000 +0200
@@ -35,7 +35,7 @@
#include