From 75b89e161c52d3a5f6b047f6f997a9f4751fae9a Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Jul 23 2014 13:57:25 +0000 Subject: ecryptfs-utils updated to 104 --- diff --git a/ecryptfs-utils-75-werror.patch b/ecryptfs-utils-75-werror.patch index ce9fd8c..bdf1d1d 100644 --- a/ecryptfs-utils-75-werror.patch +++ b/ecryptfs-utils-75-werror.patch @@ -1,7 +1,7 @@ -diff -up ecryptfs-utils-103/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror ecryptfs-utils-103/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c ---- ecryptfs-utils-103/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror 2013-01-28 17:34:48.159138688 +0100 -+++ ecryptfs-utils-103/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c 2013-01-28 17:34:48.173138799 +0100 -@@ -99,7 +99,7 @@ static int ecryptfs_pkcs11h_deserialize( +diff -up ecryptfs-utils-104/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.FGZkyg ecryptfs-utils-104/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c +--- ecryptfs-utils-104/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.FGZkyg 2014-07-22 16:14:00.424530180 +0200 ++++ ecryptfs-utils-104/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c 2014-07-22 16:37:53.863680991 +0200 +@@ -98,7 +98,7 @@ static int ecryptfs_pkcs11h_deserialize( pkcs11h_data->serialized_id = NULL; } else { @@ -10,7 +10,7 @@ diff -up ecryptfs-utils-103/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror i += serialized_id_length; } pkcs11h_data->certificate_blob_size = blob[i++] % 256; -@@ -117,12 +117,11 @@ static int ecryptfs_pkcs11h_deserialize( +@@ -116,12 +116,11 @@ static int ecryptfs_pkcs11h_deserialize( pkcs11h_data->passphrase = NULL; } else { @@ -24,7 +24,7 @@ diff -up ecryptfs-utils-103/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror return rc; } -@@ -359,14 +358,14 @@ static int ecryptfs_pkcs11h_get_key_sig( +@@ -358,14 +357,14 @@ static int ecryptfs_pkcs11h_get_key_sig( data[i++] = '\02'; data[i++] = (char)(nbits >> 8); data[i++] = (char)nbits; @@ -43,7 +43,7 @@ diff -up ecryptfs-utils-103/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror sig[ECRYPTFS_SIG_SIZE_HEX] = '\0'; rc = 0; -@@ -424,8 +423,8 @@ static int ecryptfs_pkcs11h_encrypt(char +@@ -423,8 +422,8 @@ static int ecryptfs_pkcs11h_encrypt(char if ( (rc = RSA_public_encrypt( from_size, @@ -54,7 +54,7 @@ diff -up ecryptfs-utils-103/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror rsa, RSA_PKCS1_PADDING )) == -1 -@@ -519,9 +518,9 @@ static int ecryptfs_pkcs11h_decrypt(char +@@ -518,9 +517,9 @@ static int ecryptfs_pkcs11h_decrypt(char (rv = pkcs11h_certificate_decryptAny ( certificate, CKM_RSA_PKCS, @@ -66,7 +66,7 @@ diff -up ecryptfs-utils-103/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror to_size )) != CKR_OK ) { -@@ -547,9 +546,9 @@ static int ecryptfs_pkcs11h_decrypt(char +@@ -546,9 +545,9 @@ static int ecryptfs_pkcs11h_decrypt(char pkcs11h_certificate_decryptAny ( certificate, CKM_RSA_PKCS, @@ -78,7 +78,7 @@ diff -up ecryptfs-utils-103/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror to_size ); -@@ -864,7 +863,7 @@ static int ecryptfs_pkcs11h_process_key( +@@ -863,7 +862,7 @@ static int ecryptfs_pkcs11h_process_key( rc = MOUNT_ERROR; goto out; } @@ -87,7 +87,7 @@ diff -up ecryptfs-utils-103/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror &subgraph_key_ctx->key_mod->blob_size, pkcs11h_data))) { syslog(LOG_ERR, "PKCS#11: Error serializing pkcs11; rc=[%d]\n", rc); -@@ -943,7 +942,7 @@ static int tf_pkcs11h_global_loglevel(st +@@ -942,7 +941,7 @@ static int tf_pkcs11h_global_loglevel(st rc = DEFAULT_TOK; node->val = NULL; @@ -96,7 +96,7 @@ diff -up ecryptfs-utils-103/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror return rc; } -@@ -956,7 +955,7 @@ static int tf_pkcs11h_global_pincache(st +@@ -955,7 +954,7 @@ static int tf_pkcs11h_global_pincache(st rc = DEFAULT_TOK; node->val = NULL; @@ -105,7 +105,7 @@ diff -up ecryptfs-utils-103/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror return rc; } -@@ -1026,7 +1025,7 @@ static int tf_pkcs11h_provider_prot_auth +@@ -1025,7 +1024,7 @@ static int tf_pkcs11h_provider_prot_auth sscanf (node->val, "%x", &subgraph_provider_ctx->allow_protected_authentication); rc = DEFAULT_TOK; node->val = NULL; @@ -114,7 +114,7 @@ diff -up ecryptfs-utils-103/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror return rc; } -@@ -1040,7 +1039,7 @@ static int tf_pkcs11h_provider_cert_priv +@@ -1039,7 +1038,7 @@ static int tf_pkcs11h_provider_cert_priv sscanf (node->val, "%x", &subgraph_provider_ctx->certificate_is_private); rc = DEFAULT_TOK; node->val = NULL; @@ -123,7 +123,7 @@ diff -up ecryptfs-utils-103/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror return rc; } -@@ -1055,7 +1054,7 @@ static int tf_pkcs11h_provider_private_m +@@ -1054,7 +1053,7 @@ static int tf_pkcs11h_provider_private_m rc = DEFAULT_TOK; node->val = NULL; @@ -132,7 +132,7 @@ diff -up ecryptfs-utils-103/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror return rc; } -@@ -1086,7 +1085,7 @@ static int tf_pkcs11h_provider_end(struc +@@ -1085,7 +1084,7 @@ static int tf_pkcs11h_provider_end(struc free(subgraph_provider_ctx); *foo = NULL; rc = DEFAULT_TOK; @@ -141,7 +141,7 @@ diff -up ecryptfs-utils-103/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror return rc; } -@@ -1133,7 +1132,7 @@ static int tf_pkcs11h_key_x509file(struc +@@ -1132,7 +1131,7 @@ static int tf_pkcs11h_key_x509file(struc X509 *x509 = NULL; unsigned char *p = NULL; FILE *fp = NULL; @@ -150,65 +150,12 @@ diff -up ecryptfs-utils-103/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror subgraph_key_ctx = (struct pkcs11h_subgraph_key_ctx *)(*foo); -diff -up ecryptfs-utils-103/src/libecryptfs/ecryptfs-stat.c.werror ecryptfs-utils-103/src/libecryptfs/ecryptfs-stat.c ---- ecryptfs-utils-103/src/libecryptfs/ecryptfs-stat.c.werror 2012-05-18 21:06:17.000000000 +0200 -+++ ecryptfs-utils-103/src/libecryptfs/ecryptfs-stat.c 2013-01-28 17:34:48.173138799 +0100 -@@ -146,7 +146,7 @@ int ecryptfs_parse_stat(struct ecryptfs_ - if (buf_size < (ECRYPTFS_FILE_SIZE_BYTES - + MAGIC_ECRYPTFS_MARKER_SIZE_BYTES - + 4)) { -- printf("%s: Invalid metadata size; must have at least [%lu] " -+ printf("%s: Invalid metadata size; must have at least [%zu] " - "bytes; there are only [%zu] bytes\n", __FUNCTION__, - (ECRYPTFS_FILE_SIZE_BYTES - + MAGIC_ECRYPTFS_MARKER_SIZE_BYTES -diff -up ecryptfs-utils-103/src/libecryptfs/key_management.c.werror ecryptfs-utils-103/src/libecryptfs/key_management.c ---- ecryptfs-utils-103/src/libecryptfs/key_management.c.werror 2013-01-28 17:34:48.155138657 +0100 -+++ ecryptfs-utils-103/src/libecryptfs/key_management.c 2013-01-28 17:34:48.173138799 +0100 -@@ -228,7 +228,6 @@ int ecryptfs_wrap_passphrase_file(char * - int rc = 0; - ssize_t size; - int fd; -- int i; - char *p = NULL; - char decrypted_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES + 1]; - -diff -up ecryptfs-utils-103/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils-103/src/pam_ecryptfs/pam_ecryptfs.c ---- ecryptfs-utils-103/src/pam_ecryptfs/pam_ecryptfs.c.werror 2012-08-02 15:20:17.000000000 +0200 -+++ ecryptfs-utils-103/src/pam_ecryptfs/pam_ecryptfs.c 2013-01-28 17:34:48.174138807 +0100 -@@ -47,31 +47,6 @@ - - #define PRIVATE_DIR "Private" - --static void error(const char *msg) --{ -- syslog(LOG_ERR, "pam_ecryptfs: errno = [%i]; strerror = [%m]\n", errno); -- switch (errno) { -- case ENOKEY: -- syslog(LOG_ERR, "pam_ecryptfs: %s: Requested key not available\n", msg); -- return; -- -- case EKEYEXPIRED: -- syslog(LOG_ERR, "pam_ecryptfs: %s: Key has expired\n", msg); -- return; -- -- case EKEYREVOKED: -- syslog(LOG_ERR, "pam_ecryptfs: %s: Key has been revoked\n", msg); -- return; -- -- case EKEYREJECTED: -- syslog(LOG_ERR, "pam_ecryptfs: %s: Key was rejected by service\n", msg); -- return; -- default: -- syslog(LOG_ERR, "pam_ecryptfs: %s: Unknown key error\n", msg); -- return; -- } --} -- - /* returns: 0 if file does not exist, 1 if it exists, <0 for error */ - static int file_exists_dotecryptfs(const char *homedir, char *filename) - { -@@ -110,9 +85,7 @@ static int wrap_passphrase_if_necessary( +diff -up ecryptfs-utils-104/src/libecryptfs/ecryptfs-stat.c.FGZkyg ecryptfs-utils-104/src/libecryptfs/ecryptfs-stat.c +diff -up ecryptfs-utils-104/src/libecryptfs/key_management.c.FGZkyg ecryptfs-utils-104/src/libecryptfs/key_management.c +diff -up ecryptfs-utils-104/src/pam_ecryptfs/pam_ecryptfs.c.FGZkyg ecryptfs-utils-104/src/pam_ecryptfs/pam_ecryptfs.c +--- ecryptfs-utils-104/src/pam_ecryptfs/pam_ecryptfs.c.FGZkyg 2014-01-23 19:09:48.000000000 +0100 ++++ ecryptfs-utils-104/src/pam_ecryptfs/pam_ecryptfs.c 2014-07-22 16:40:13.429006708 +0200 +@@ -84,9 +84,7 @@ static int wrap_passphrase_if_necessary( stat(wrapped_pw_filename, &s) != 0 && passphrase != NULL && *passphrase != '\0' && username != NULL && *username != '\0') { @@ -219,61 +166,16 @@ diff -up ecryptfs-utils-103/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-util syslog(LOG_ERR, "pam_ecryptfs: Error wrapping cleartext password; " "rc = [%d]\n", rc); } return rc; -@@ -211,8 +184,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_h - if ((argc == 1) - && (memcmp(argv[0], "unwrap\0", 7) == 0)) { - char *wrapped_pw_filename; -- char *unwrapped_pw_filename; -- struct stat s; - - rc = asprintf( - &wrapped_pw_filename, "%s/.ecryptfs/%s", -@@ -304,8 +275,6 @@ static int private_dir(pam_handle_t *pam - char *autoumount = "auto-umount"; - struct stat s; - pid_t pid; -- struct utmp *u; -- int count = 0; - - if ((pwd = fetch_pwd(pamh)) == NULL) { - /* fetch_pwd() logged a message */ -@@ -351,7 +320,7 @@ static int private_dir(pam_handle_t *pam +@@ -324,7 +322,7 @@ static int private_dir(pam_handle_t *pam if (stat(recorded, &s) != 0 && stat("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", &s) == 0) { /* User has not recorded their passphrase */ unlink("/var/lib/update-notifier/user.d/ecryptfs-record-passphrase"); - symlink("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", "/var/lib/update-notifier/user.d/ecryptfs-record-passphrase"); + rc=symlink("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", "/var/lib/update-notifier/user.d/ecryptfs-record-passphrase"); fd = open("/var/lib/update-notifier/dpkg-run-stamp", O_WRONLY|O_CREAT|O_NONBLOCK, 0666); - close(fd); - } -@@ -430,7 +399,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand - char *old_passphrase = NULL; - char *new_passphrase = NULL; - char *wrapped_pw_filename; -- char *name = NULL; - char salt[ECRYPTFS_SALT_SIZE]; - char salt_hex[ECRYPTFS_SALT_SIZE_HEX]; - pid_t child_pid, tmp_pid; -@@ -445,15 +413,15 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand - uid = pwd->pw_uid; - gid = pwd->pw_gid; - homedir = pwd->pw_dir; -- name = pwd->pw_name; - } - } else { - syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%d]\n", username, rc); - goto out; - } - -- if ((oeuid = geteuid()) < 0 || (oegid = getegid()) < 0 || -- (ngids = getgroups(sizeof(groups)/sizeof(gid_t), groups)) < 0) { -+ oeuid = geteuid(); -+ oegid = getegid(); -+ if ((ngids = getgroups(sizeof(groups)/sizeof(gid_t), groups)) < 0) { - syslog(LOG_ERR, "pam_ecryptfs: geteuid error"); - goto outnouid; - } -@@ -512,7 +480,10 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand + if (fd != -1) + close(fd); +@@ -485,7 +483,10 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand char passphrase[ECRYPTFS_MAX_PASSWORD_LENGTH + 1]; /* temp regain uid 0 to drop privs */ @@ -285,7 +187,7 @@ diff -up ecryptfs-utils-103/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-util /* setgroups() already called */ if (setgid(gid) < 0 || setuid(uid) < 0) goto out_child; -@@ -537,9 +508,9 @@ out_child: +@@ -510,9 +511,9 @@ out_child: free(wrapped_pw_filename); out: @@ -298,38 +200,11 @@ diff -up ecryptfs-utils-103/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-util outnouid: return rc; -diff -up ecryptfs-utils-103/src/utils/mount.ecryptfs.c.werror ecryptfs-utils-103/src/utils/mount.ecryptfs.c ---- ecryptfs-utils-103/src/utils/mount.ecryptfs.c.werror 2013-01-28 17:34:48.170138776 +0100 -+++ ecryptfs-utils-103/src/utils/mount.ecryptfs.c 2013-01-28 17:34:48.174138807 +0100 -@@ -34,6 +34,7 @@ - #include - #include - #include -+#include - #include "config.h" - #include "ecryptfs.h" - #include "decision_graph.h" -diff -up ecryptfs-utils-103/src/utils/mount.ecryptfs_private.c.werror ecryptfs-utils-103/src/utils/mount.ecryptfs_private.c ---- ecryptfs-utils-103/src/utils/mount.ecryptfs_private.c.werror 2013-01-28 17:34:48.165138736 +0100 -+++ ecryptfs-utils-103/src/utils/mount.ecryptfs_private.c 2013-01-28 17:34:48.175138815 +0100 -@@ -42,6 +42,7 @@ - #include - #include - #include -+#include - #include "../include/ecryptfs.h" - - /* Perhaps a future version of this program will allow these to be configurable -@@ -93,7 +94,7 @@ int read_config(char *pw_dir, int uid, c - *s = strdup(e->mnt_fsname); - if (!*s) - return -2; --out: -+ - return 0; - } - -@@ -702,8 +703,8 @@ int main(int argc, char *argv[]) { +diff -up ecryptfs-utils-104/src/utils/mount.ecryptfs.c.FGZkyg ecryptfs-utils-104/src/utils/mount.ecryptfs.c +diff -up ecryptfs-utils-104/src/utils/mount.ecryptfs_private.c.FGZkyg ecryptfs-utils-104/src/utils/mount.ecryptfs_private.c +--- ecryptfs-utils-104/src/utils/mount.ecryptfs_private.c.FGZkyg 2014-07-22 16:17:57.372415281 +0200 ++++ ecryptfs-utils-104/src/utils/mount.ecryptfs_private.c 2014-07-22 16:44:17.969827960 +0200 +@@ -710,8 +710,8 @@ int main(int argc, char *argv[]) { * update mtab for us, and replace the current process. * Do not use the umount.ecryptfs helper (-i). */ @@ -340,197 +215,34 @@ diff -up ecryptfs-utils-103/src/utils/mount.ecryptfs_private.c.werror ecryptfs-u clearenv(); /* Since we're doing a lazy unmount anyway, just unmount the current -diff -up ecryptfs-utils-103/src/utils/test.c.werror ecryptfs-utils-103/src/utils/test.c ---- ecryptfs-utils-103/src/utils/test.c.werror 2012-05-18 21:06:17.000000000 +0200 -+++ ecryptfs-utils-103/src/utils/test.c 2013-01-28 17:34:48.175138815 +0100 -@@ -281,7 +281,7 @@ int ecryptfs_encrypt_page(int page_cache - struct inode *lower_inode; - struct ecryptfs_crypt_stat *crypt_stat; - int rc = 0; -- int lower_byte_offset; -+ int lower_byte_offset = 0; - int orig_byte_offset = 0; - int num_extents_per_page; - #define ECRYPTFS_PAGE_STATE_UNREAD 0 -diff -up ecryptfs-utils-103/tests/kernel/directory-concurrent/test.c.werror ecryptfs-utils-103/tests/kernel/directory-concurrent/test.c ---- ecryptfs-utils-103/tests/kernel/directory-concurrent/test.c.werror 2012-05-18 21:06:17.000000000 +0200 -+++ ecryptfs-utils-103/tests/kernel/directory-concurrent/test.c 2013-01-28 17:34:48.175138815 +0100 -@@ -149,7 +149,7 @@ int hang_check(int option, const char *f - - int test_dirs(const char *path, const int max_dirs) - { -- int i, j; -+ int i/*, j*/; - char *filename; - size_t len = strlen(path) + 32; - int ret = TEST_PASSED; -diff -up ecryptfs-utils-103/tests/kernel/enospc/test.c.werror ecryptfs-utils-103/tests/kernel/enospc/test.c ---- ecryptfs-utils-103/tests/kernel/enospc/test.c.werror 2012-08-02 15:20:17.000000000 +0200 -+++ ecryptfs-utils-103/tests/kernel/enospc/test.c 2013-01-28 17:34:48.175138815 +0100 -@@ -37,9 +37,6 @@ - int test_exercise(char *filename, ssize_t size) - { - int fd; -- ssize_t i; -- ssize_t n; -- struct stat statbuf; - ssize_t nbytes = size; - int ret = TEST_FAILED; - -diff -up ecryptfs-utils-103/tests/kernel/extend-file-random/test.c.werror ecryptfs-utils-103/tests/kernel/extend-file-random/test.c ---- ecryptfs-utils-103/tests/kernel/extend-file-random/test.c.werror 2012-05-18 21:06:17.000000000 +0200 -+++ ecryptfs-utils-103/tests/kernel/extend-file-random/test.c 2013-01-28 17:34:48.176138823 +0100 -@@ -48,7 +48,7 @@ int test_write(int fd, char *buffer, siz - } - - if (write(fd, buffer, len) != len) { -- fprintf(stderr, "Failed to write %lu bytes, position %lu: %s\n", -+ fprintf(stderr, "Failed to write %zu bytes, position %lu: %s\n", - len, offset, strerror(errno)); - return TEST_FAILED; - } -@@ -58,13 +58,13 @@ int test_write(int fd, char *buffer, siz - int test_read(int fd, char *buffer, size_t len, off_t offset) - { - if (lseek(fd, offset, SEEK_SET) < 0) { -- fprintf(stderr, "Failed to seek to position %lu: %s\n", -+ fprintf(stderr, "Failed to seek to position %ld: %s\n", - offset, strerror(errno)); - return TEST_FAILED; - } - - if (read(fd, buffer, len) != len) { -- fprintf(stderr, "Failed to read %lu bytes, position %lu: %s\n", -+ fprintf(stderr, "Failed to read %zu bytes, position %lu: %s\n", - len, offset, strerror(errno)); - return TEST_FAILED; - } -diff -up ecryptfs-utils-103/tests/kernel/file-concurrent/test.c.werror ecryptfs-utils-103/tests/kernel/file-concurrent/test.c ---- ecryptfs-utils-103/tests/kernel/file-concurrent/test.c.werror 2012-05-18 21:06:17.000000000 +0200 -+++ ecryptfs-utils-103/tests/kernel/file-concurrent/test.c 2013-01-28 17:34:48.176138823 +0100 -@@ -177,7 +177,7 @@ int hang_check(int option, const char *f - - int test_files(const char *path, const int max_files) - { -- int i, j; -+ int i; - char *filename; - size_t len = strlen(path) + 32; - int ret = TEST_PASSED; -diff -up ecryptfs-utils-103/tests/kernel/inode-race-stat/test.c.werror ecryptfs-utils-103/tests/kernel/inode-race-stat/test.c ---- ecryptfs-utils-103/tests/kernel/inode-race-stat/test.c.werror 2012-08-02 15:20:17.000000000 +0200 -+++ ecryptfs-utils-103/tests/kernel/inode-race-stat/test.c 2013-01-28 17:34:48.176138823 +0100 -@@ -106,7 +106,6 @@ static void do_test(const int fdin, cons - { - for (;;) { - int n; -- int ret; - char cmd[32]; - - if ((n = read(fdin, cmd, sizeof(cmd))) < 1) { -@@ -122,7 +121,7 @@ static void do_test(const int fdin, cons - if (cmd[0] == CMD_TEST) { - int ret; - off_t sz; -- sscanf(cmd+1, "%zd", &sz); -+ sscanf(cmd+1, "%ld", &sz); - - ret = check_size(filename, sz); - switch (ret) { -@@ -307,7 +306,7 @@ int main(int argc, char **argv) - } - - /* Now tell children to stat the file */ -- snprintf(cmd, sizeof(cmd), "%c%zd", CMD_TEST, sz); -+ snprintf(cmd, sizeof(cmd), "%c%ld", CMD_TEST, sz); - for (i = 0; i < threads; i++) { - if (write(pipe_to[i][1], cmd, strlen(cmd)+1) < 0) { - fprintf(stderr, "write to pipe failed: %s\n", -@@ -364,6 +363,7 @@ abort: - int ret; - - ret = write(pipe_to[i][1], cmd, 1); +diff -up ecryptfs-utils-104/src/utils/test.c.FGZkyg ecryptfs-utils-104/src/utils/test.c +diff -up ecryptfs-utils-104/tests/kernel/directory-concurrent/test.c.FGZkyg ecryptfs-utils-104/tests/kernel/directory-concurrent/test.c +diff -up ecryptfs-utils-104/tests/kernel/enospc/test.c.FGZkyg ecryptfs-utils-104/tests/kernel/enospc/test.c +diff -up ecryptfs-utils-104/tests/kernel/extend-file-random/test.c.FGZkyg ecryptfs-utils-104/tests/kernel/extend-file-random/test.c +diff -up ecryptfs-utils-104/tests/kernel/file-concurrent/test.c.FGZkyg ecryptfs-utils-104/tests/kernel/file-concurrent/test.c +diff -up ecryptfs-utils-104/tests/kernel/inode-race-stat/test.c.FGZkyg ecryptfs-utils-104/tests/kernel/inode-race-stat/test.c +--- ecryptfs-utils-104/tests/kernel/inode-race-stat/test.c.FGZkyg 2014-07-22 16:37:53.872680948 +0200 ++++ ecryptfs-utils-104/tests/kernel/inode-race-stat/test.c 2014-07-23 13:28:23.053997232 +0200 +@@ -364,6 +364,7 @@ abort: + + if (write(pipe_to[i][1], cmd, 1) != 1) + continue; + (void)ret; (void)waitpid(pids[i], &status, 0); (void)close(pipe_to[i][1]); -diff -up ecryptfs-utils-103/tests/kernel/lp-509180/test.c.werror ecryptfs-utils-103/tests/kernel/lp-509180/test.c ---- ecryptfs-utils-103/tests/kernel/lp-509180/test.c.werror 2012-05-18 21:06:17.000000000 +0200 -+++ ecryptfs-utils-103/tests/kernel/lp-509180/test.c 2013-01-28 17:34:48.177138831 +0100 -@@ -48,7 +48,6 @@ int main(int argc, char **argv) - int fd; - int opt, flags = 0; - int rc = 0; -- unsigned int *ptr; - char *file; - unsigned char buffer[1]; - -diff -up ecryptfs-utils-103/tests/kernel/trunc-file/test.c.werror ecryptfs-utils-103/tests/kernel/trunc-file/test.c ---- ecryptfs-utils-103/tests/kernel/trunc-file/test.c.werror 2012-05-18 21:06:17.000000000 +0200 -+++ ecryptfs-utils-103/tests/kernel/trunc-file/test.c 2013-01-28 17:34:48.177138831 +0100 -@@ -39,7 +39,7 @@ - - int write_buff(int fd, unsigned char *data, ssize_t size) - { -- char *ptr = data; -+ unsigned char *ptr = data; - ssize_t n; - ssize_t sz = size; - -@@ -55,7 +55,7 @@ int write_buff(int fd, unsigned char *da - - int read_buff(int fd, unsigned char *data, ssize_t size) - { -- char *ptr = data; -+ unsigned char *ptr = data; - ssize_t n; - ssize_t sz = size; - -@@ -88,6 +88,7 @@ int test_write_random(char *filename, in - } - buflen -= n; - } -+ return TEST_PASSED; - } - - int test_read_random(char *filename, int fd, unsigned char *buff, ssize_t size) -@@ -157,9 +158,6 @@ int test_read_rest(char *filename, int f - int test_exercise(char *filename, ssize_t size) - { - int fd; -- ssize_t i; -- ssize_t n; -- ssize_t buflen; - int ret = TEST_FAILED; - ssize_t trunc_size = size / 2; - struct stat statbuf; -@@ -254,8 +252,6 @@ void sighandler(int dummy) - int main(int argc, char **argv) - { - off_t len = DEFAULT_SIZE; -- int i; -- int ret; - - if (argc < 2) { - fprintf(stderr, "Syntax: %s filename [size_in_K]\n", argv[0]); -@@ -272,7 +268,7 @@ int main(int argc, char **argv) - - len *= 1024; - if (len > SSIZE_MAX) { -- fprintf(stderr, "size should be < %zd\n", SSIZE_MAX / 1024); -+ fprintf(stderr, "size should be < %zd\n", (size_t)SSIZE_MAX / 1024); - exit(TEST_ERROR); - } - -diff -up ecryptfs-utils-103/tests/userspace/wrap-unwrap/test.c.werror ecryptfs-utils-103/tests/userspace/wrap-unwrap/test.c ---- ecryptfs-utils-103/tests/userspace/wrap-unwrap/test.c.werror 2012-11-30 16:41:02.000000000 +0100 -+++ ecryptfs-utils-103/tests/userspace/wrap-unwrap/test.c 2013-01-28 17:35:13.503339943 +0100 -@@ -101,7 +101,7 @@ int main(int argc, char *argv[]) - passphrase_size = strlen(passphrase); - if ((rc = ecryptfs_wrap_passphrase(path, "testwrappw", salt, - passphrase)) == 0) { -- fprintf(stderr, "ecryptfs_wrap_passphrase() returned rc = 0; " -+ fprintf(stderr, "ecryptfs_wrap_passphrase() returned rc = %d; " - "expected error result instead\n", rc); - rc = 1; - goto out; +diff -up ecryptfs-utils-104/tests/kernel/lp-509180/test.c.FGZkyg ecryptfs-utils-104/tests/kernel/lp-509180/test.c +diff -up ecryptfs-utils-104/tests/kernel/trunc-file/test.c.FGZkyg ecryptfs-utils-104/tests/kernel/trunc-file/test.c +diff -up ecryptfs-utils-104/tests/userspace/wrap-unwrap/test.c.FGZkyg ecryptfs-utils-104/tests/userspace/wrap-unwrap/test.c +diff -up ecryptfs-utils-104/src/utils/ecryptfs_generate_tpm_key.c.werror ecryptfs-utils-104/src/utils/ecryptfs_generate_tpm_key.c +--- ecryptfs-utils-104/src/utils/ecryptfs_generate_tpm_key.c.werror 2014-07-23 15:30:36.790862415 +0200 ++++ ecryptfs-utils-104/src/utils/ecryptfs_generate_tpm_key.c 2014-07-23 15:30:36.847862115 +0200 +@@ -89,7 +89,7 @@ int main(int argc, char **argv) + int i, c, *pcrsSelected = NULL, numPcrsSelected = 0; + TSS_UUID *uuid; + BYTE wellknown[] = TSS_WELL_KNOWN_SECRET; +- char *tmp_pcrs; ++ int *tmp_pcrs; + + while (1) { + c = getopt(argc, argv, "p:"); diff --git a/ecryptfs-utils-86-manpage.patch b/ecryptfs-utils-86-manpage.patch index be7e243..58e7902 100644 --- a/ecryptfs-utils-86-manpage.patch +++ b/ecryptfs-utils-86-manpage.patch @@ -1,6 +1,6 @@ -diff -up ecryptfs-utils-87/doc/manpage/ecryptfs.7.manfix ecryptfs-utils-87/doc/manpage/ecryptfs.7 ---- ecryptfs-utils-87/doc/manpage/ecryptfs.7.manfix 2011-03-09 14:30:32.000000000 +0100 -+++ ecryptfs-utils-87/doc/manpage/ecryptfs.7 2011-05-24 08:56:38.288877849 +0200 +diff -up ecryptfs-utils-104/doc/manpage/ecryptfs.7.GQgRwl ecryptfs-utils-104/doc/manpage/ecryptfs.7 +--- ecryptfs-utils-104/doc/manpage/ecryptfs.7.GQgRwl 2014-01-23 19:09:48.000000000 +0100 ++++ ecryptfs-utils-104/doc/manpage/ecryptfs.7 2014-07-22 16:16:08.040929713 +0200 @@ -1,6 +1,6 @@ .TH ecryptfs 7 2009-03-24 ecryptfs-utils "eCryptfs" .SH NAME @@ -9,12 +9,12 @@ diff -up ecryptfs-utils-87/doc/manpage/ecryptfs.7.manfix ecryptfs-utils-87/doc/m .SH SYNOPSIS .BI "mount -t ecryptfs [SRC DIR] [DST DIR] -o [OPTIONS]" -@@ -67,7 +67,7 @@ Parameters that apply to individual key +@@ -67,7 +67,7 @@ Parameters that apply to individual key The actual password is passphrase. Since the password is visible to utilities (like ps under Unix) this form should only be used where security is not important. .TP .B passphrase_passwd_file=(filename) --The password should be specified in a file with passwd=(passphrase). It is highly reccomended that the file be stored on a secure medium such as a personal usb key. -+The password should be specified in a file with passwd=(passphrase). It is highly reccomended that the file be stored on a secure medium such as a personal USB key. +-The password should be specified in a file with passwd=(passphrase). It is highly recommended that the file be stored on a secure medium such as a personal usb key. ++The password should be specified in a file with passwd=(passphrase). It is highly recommended that the file be stored on a secure medium such as a personal USB key. .TP .B passphrase_passwd_fd=(file descriptor) The password is specified through the specified file descriptor. @@ -22,14 +22,14 @@ diff -up ecryptfs-utils-87/doc/manpage/ecryptfs.7.manfix ecryptfs-utils-87/doc/m The filename should be the filename of a file containing an RSA SSL key. .TP .B openssl_passwd_file=(filename) --The password should be specified in a file with openssl_passwd=(openssl-password). It is highly reccomended that the file be stored on a secure medium such as a personal usb key. +-The password should be specified in a file with openssl_passwd=(openssl-password). It is highly recommended that the file be stored on a secure medium such as a personal usb key. +The password should be specified in a file with openssl_passwd=(openssl-password). It is highly recommended that the file be stored on a secure medium such as a personal USB key. .TP .B openssl_passwd_fd=(file descriptor) The password is specified through the specified file descriptor. -diff -up ecryptfs-utils-87/doc/manpage/ecryptfs-rewrite-file.1.manfix ecryptfs-utils-87/doc/manpage/ecryptfs-rewrite-file.1 ---- ecryptfs-utils-87/doc/manpage/ecryptfs-rewrite-file.1.manfix 2011-03-09 14:30:32.000000000 +0100 -+++ ecryptfs-utils-87/doc/manpage/ecryptfs-rewrite-file.1 2011-05-24 08:55:41.279482521 +0200 +diff -up ecryptfs-utils-104/doc/manpage/ecryptfs-rewrite-file.1.GQgRwl ecryptfs-utils-104/doc/manpage/ecryptfs-rewrite-file.1 +--- ecryptfs-utils-104/doc/manpage/ecryptfs-rewrite-file.1.GQgRwl 2014-01-23 19:09:48.000000000 +0100 ++++ ecryptfs-utils-104/doc/manpage/ecryptfs-rewrite-file.1 2014-07-22 16:14:00.434530133 +0200 @@ -14,7 +14,7 @@ This script may be combined with \fBfind ecryptfs-umount-private sync diff --git a/ecryptfs-utils-87-nozombies.patch b/ecryptfs-utils-87-nozombies.patch index 61d316e..88be4c9 100644 --- a/ecryptfs-utils-87-nozombies.patch +++ b/ecryptfs-utils-87-nozombies.patch @@ -1,6 +1,6 @@ -diff -up ecryptfs-utils-103/src/include/ecryptfs.h.nozombies ecryptfs-utils-103/src/include/ecryptfs.h ---- ecryptfs-utils-103/src/include/ecryptfs.h.nozombies 2012-11-30 16:41:02.000000000 +0100 -+++ ecryptfs-utils-103/src/include/ecryptfs.h 2013-01-28 17:24:14.407103573 +0100 +diff -up ecryptfs-utils-104/src/include/ecryptfs.h.bNmPrV ecryptfs-utils-104/src/include/ecryptfs.h +--- ecryptfs-utils-104/src/include/ecryptfs.h.bNmPrV 2014-01-23 19:09:48.000000000 +0100 ++++ ecryptfs-utils-104/src/include/ecryptfs.h 2014-07-23 13:31:32.329095017 +0200 @@ -530,10 +530,6 @@ int ecryptfs_validate_keyring(void); #define ECRYPTFS_SHM_KEY 0x3c81b7f5 #define ECRYPTFS_SEM_KEY 0x3c81b7f6 @@ -12,10 +12,10 @@ diff -up ecryptfs-utils-103/src/include/ecryptfs.h.nozombies ecryptfs-utils-103/ int ecryptfs_build_linear_subgraph_from_nvp(struct transition_node **trans_node, struct ecryptfs_key_mod *key_mod); int ecryptfs_build_linear_subgraph(struct transition_node **trans_node, -diff -up ecryptfs-utils-103/src/libecryptfs/main.c.nozombies ecryptfs-utils-103/src/libecryptfs/main.c ---- ecryptfs-utils-103/src/libecryptfs/main.c.nozombies 2012-05-18 21:06:17.000000000 +0200 -+++ ecryptfs-utils-103/src/libecryptfs/main.c 2013-01-28 17:24:14.407103573 +0100 -@@ -380,487 +380,6 @@ out: +diff -up ecryptfs-utils-104/src/libecryptfs/main.c.bNmPrV ecryptfs-utils-104/src/libecryptfs/main.c +--- ecryptfs-utils-104/src/libecryptfs/main.c.bNmPrV 2014-07-23 13:31:32.331095008 +0200 ++++ ecryptfs-utils-104/src/libecryptfs/main.c 2014-07-23 13:33:09.872630059 +0200 +@@ -383,495 +383,6 @@ out: return rc; } @@ -134,6 +134,14 @@ diff -up ecryptfs-utils-103/src/libecryptfs/main.c.nozombies ecryptfs-utils-103/ - else { - char *shm_virt; - +- if (rc == -1) { +- syslog(LOG_ERR, "Error allocating shared memory; " +- "errno string = [%m]\n"); +- rc = -EIO; +- zombie_semaphore_unlock((*sem_id)); +- goto out; +- } +- - (*shm_id) = rc; - shm_virt = shmat((*shm_id), NULL, 0); - if (shm_virt == (void *)-1) { @@ -503,9 +511,9 @@ diff -up ecryptfs-utils-103/src/libecryptfs/main.c.nozombies ecryptfs-utils-103/ static struct ecryptfs_ctx_ops ctx_ops; struct ecryptfs_ctx_ops *cryptfs_get_ctx_opts (void) -diff -up ecryptfs-utils-103/src/pam_ecryptfs/pam_ecryptfs.c.nozombies ecryptfs-utils-103/src/pam_ecryptfs/pam_ecryptfs.c ---- ecryptfs-utils-103/src/pam_ecryptfs/pam_ecryptfs.c.nozombies 2013-01-28 17:24:14.400103517 +0100 -+++ ecryptfs-utils-103/src/pam_ecryptfs/pam_ecryptfs.c 2013-01-28 17:24:14.408103580 +0100 +diff -up ecryptfs-utils-104/src/pam_ecryptfs/pam_ecryptfs.c.bNmPrV ecryptfs-utils-104/src/pam_ecryptfs/pam_ecryptfs.c +--- ecryptfs-utils-104/src/pam_ecryptfs/pam_ecryptfs.c.bNmPrV 2014-07-23 13:31:32.310095109 +0200 ++++ ecryptfs-utils-104/src/pam_ecryptfs/pam_ecryptfs.c 2014-07-23 13:31:32.332095003 +0200 @@ -214,11 +214,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_h syslog(LOG_ERR, "pam_ecryptfs: Error adding passphrase key token to user session keyring; rc = [%ld]\n", rc); goto out_child; diff --git a/ecryptfs-utils-87-pamdata.patch b/ecryptfs-utils-87-pamdata.patch index bc8319d..60ac3f4 100644 --- a/ecryptfs-utils-87-pamdata.patch +++ b/ecryptfs-utils-87-pamdata.patch @@ -1,7 +1,7 @@ -diff -up ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c ---- ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c.pamdata 2012-09-27 15:00:56.127148058 +0200 -+++ ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c 2012-09-27 15:03:45.105625179 +0200 -@@ -47,6 +47,26 @@ +diff -up ecryptfs-utils-104/src/pam_ecryptfs/pam_ecryptfs.c.ekHssg ecryptfs-utils-104/src/pam_ecryptfs/pam_ecryptfs.c +--- ecryptfs-utils-104/src/pam_ecryptfs/pam_ecryptfs.c.ekHssg 2014-07-23 13:31:32.332095003 +0200 ++++ ecryptfs-utils-104/src/pam_ecryptfs/pam_ecryptfs.c 2014-07-23 14:49:05.903394057 +0200 +@@ -46,6 +46,26 @@ #define PRIVATE_DIR "Private" @@ -28,7 +28,7 @@ diff -up ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-uti /* returns: 0 if file does not exist, 1 if it exists, <0 for error */ static int file_exists_dotecryptfs(const char *homedir, char *filename) { -@@ -66,7 +86,7 @@ out: +@@ -65,7 +85,7 @@ out: return rc; } @@ -37,7 +37,7 @@ diff -up ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-uti { char *unwrapped_pw_filename = NULL; struct stat s; -@@ -96,138 +116,66 @@ static int wrap_passphrase_if_necessary( +@@ -95,143 +115,68 @@ static int wrap_passphrase_if_necessary( PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -50,7 +50,7 @@ diff -up ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-uti - char *passphrase = NULL; - char salt[ECRYPTFS_SALT_SIZE]; char salt_hex[ECRYPTFS_SALT_SIZE_HEX]; -- char *auth_tok_sig; +- char *auth_tok_sig = NULL; char *private_mnt = NULL; - pid_t child_pid, tmp_pid; long rc; @@ -78,6 +78,13 @@ diff -up ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-uti - } else { - syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n", username, rc); - goto out; +- } +- +- oeuid = geteuid(); +- oegid = getegid(); +- if ((ngids = getgroups(sizeof(groups)/sizeof(gid_t), groups)) < 0) { +- syslog(LOG_ERR, "pam_ecryptfs: geteuid error"); +- goto outnouid; + epd->uid = pwd->pw_uid; + epd->gid = pwd->pw_gid; + epd->homedir = pwd->pw_dir; @@ -85,12 +92,6 @@ diff -up ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-uti + } else rc = errno; } - -- if ((oeuid = geteuid()) < 0 || (oegid = getegid()) < 0 || -- (ngids = getgroups(sizeof(groups)/sizeof(gid_t), groups)) < 0) { -- syslog(LOG_ERR, "pam_ecryptfs: geteuid error"); -- goto outnouid; -- } -- - if (setegid(gid) < 0 || setgroups(1, &gid) < 0 || seteuid(uid) < 0) { - syslog(LOG_ERR, "pam_ecryptfs: seteuid error"); + if (!epd->homedir) { @@ -206,8 +207,12 @@ diff -up ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-uti +out: if (private_mnt != NULL) free(private_mnt); +- if (auth_tok_sig != NULL) +- free(auth_tok_sig); return PAM_SUCCESS; -@@ -372,10 +320,119 @@ static int umount_private_dir(pam_handle + } + +@@ -375,10 +320,120 @@ static int umount_private_dir(pam_handle return private_dir(pamh, 0); } @@ -220,7 +225,7 @@ diff -up ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-uti + int ngids = 0; + int rc = 0; + const struct ecryptfs_pam_data *epd; -+ char *auth_tok_sig; ++ char *auth_tok_sig = NULL; + auth_tok_sig = malloc(ECRYPTFS_SIG_SIZE_HEX + 1); + + if ((rc=pam_get_data(pamh, ECRYPTFS_PAM_DATA, (const void **)&epd)) != PAM_SUCCESS) @@ -314,7 +319,8 @@ diff -up ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-uti + rc = setgroups(ngids, groups); + +outnouid: -+ ++ if (auth_tok_sig != NULL) ++ free(auth_tok_sig); + return 0; +} + diff --git a/ecryptfs-utils.spec b/ecryptfs-utils.spec index 6b31834..2496866 100644 --- a/ecryptfs-utils.spec +++ b/ecryptfs-utils.spec @@ -4,8 +4,8 @@ %global _sbindir /sbin Name: ecryptfs-utils -Version: 103 -Release: 5%{?dist} +Version: 104 +Release: 1%{?dist} Summary: The eCryptfs mount helper and support libraries Group: System Environment/Base License: GPLv2+ @@ -108,7 +108,7 @@ the interface supplied by the ecryptfs-utils library. %patch8 -p1 -b .manfix %patch9 -p1 -b .autoload %patch11 -p1 -b .authconfig -%patch12 -p1 -b .memcpyfix +#%patch12 -p1 -b .memcpyfix %patch999 -p1 -b .werror %patch14 -p1 -b .fixpamfork %patch15 -p1 -b .fixexecgid @@ -269,6 +269,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/ecryptfs-utils/_libecryptfs.so %changelog +* Wed Jul 23 2014 Michal Hlavinka - 104-1 +- ecryptfs-utils updated to 104 + * Sat Jun 07 2014 Fedora Release Engineering - 103-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild