From bc1c8867406657e55bcfa1e75df763e2428558b9 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= Date: Sat, 5 Feb 2011 03:15:16 +0000 Subject: [PATCH] - rel 2; patches from fc Changed files: ecryptfs-utils-75-werror.patch -> 1.1 ecryptfs-utils-83-fixsalt.patch -> 1.1 ecryptfs-utils-83-splitnss.patch -> 1.1 ecryptfs-utils-84-fgetc.patch -> 1.1 ecryptfs-utils-84-fixsigness.patch -> 1.1 ecryptfs-utils.spec -> 1.21 --- ecryptfs-utils-75-werror.patch | 291 +++++++++++++++++++++++++++++ ecryptfs-utils-83-fixsalt.patch | 12 ++ ecryptfs-utils-83-splitnss.patch | 86 +++++++++ ecryptfs-utils-84-fgetc.patch | 13 ++ ecryptfs-utils-84-fixsigness.patch | 21 +++ ecryptfs-utils.spec | 12 +- 6 files changed, 434 insertions(+), 1 deletion(-) create mode 100644 ecryptfs-utils-75-werror.patch create mode 100644 ecryptfs-utils-83-fixsalt.patch create mode 100644 ecryptfs-utils-83-splitnss.patch create mode 100644 ecryptfs-utils-84-fgetc.patch create mode 100644 ecryptfs-utils-84-fixsigness.patch diff --git a/ecryptfs-utils-75-werror.patch b/ecryptfs-utils-75-werror.patch new file mode 100644 index 0000000..54fb587 --- /dev/null +++ b/ecryptfs-utils-75-werror.patch @@ -0,0 +1,291 @@ +diff -up ecryptfs-utils-85/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror ecryptfs-utils-85/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c +--- ecryptfs-utils-85/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror 2010-12-17 18:34:04.000000000 +0100 ++++ ecryptfs-utils-85/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c 2011-02-01 11:12:14.813646937 +0100 +@@ -86,7 +86,7 @@ static int ecryptfs_pkcs11h_deserialize( + pkcs11h_data->serialized_id = NULL; + } + else { +- pkcs11h_data->serialized_id = blob + i; ++ pkcs11h_data->serialized_id = (char *)blob + i; + i += serialized_id_length; + } + pkcs11h_data->certificate_blob_size = blob[i++] % 256; +@@ -104,12 +104,11 @@ static int ecryptfs_pkcs11h_deserialize( + pkcs11h_data->passphrase = NULL; + } + else { +- pkcs11h_data->passphrase = blob + i; ++ pkcs11h_data->passphrase = (char *)blob + i; + i += passphrase_length; + } + + rc = 0; +-out: + return rc; + } + +@@ -346,14 +345,14 @@ static int ecryptfs_pkcs11h_get_key_sig( + data[i++] = '\02'; + data[i++] = (char)(nbits >> 8); + data[i++] = (char)nbits; +- BN_bn2bin(rsa->n, &(data[i])); ++ BN_bn2bin(rsa->n, (unsigned char *)&(data[i])); + i += nbytes; + data[i++] = (char)(ebits >> 8); + data[i++] = (char)ebits; +- BN_bn2bin(rsa->e, &(data[i])); ++ BN_bn2bin(rsa->e, (unsigned char *)&(data[i])); + i += ebytes; +- SHA1(data, len + 3, hash); +- to_hex(sig, hash, ECRYPTFS_SIG_SIZE); ++ SHA1((unsigned char *)data, len + 3, (unsigned char *)hash); ++ to_hex((char *)sig, hash, ECRYPTFS_SIG_SIZE); + sig[ECRYPTFS_SIG_SIZE_HEX] = '\0'; + + rc = 0; +@@ -411,8 +410,8 @@ static int ecryptfs_pkcs11h_encrypt(char + if ( + (rc = RSA_public_encrypt( + from_size, +- from, +- to, ++ (unsigned char *)from, ++ (unsigned char *)to, + rsa, + RSA_PKCS1_PADDING + )) == -1 +@@ -506,9 +505,9 @@ static int ecryptfs_pkcs11h_decrypt(char + (rv = pkcs11h_certificate_decryptAny ( + certificate, + CKM_RSA_PKCS, +- from, ++ (unsigned char *)from, + from_size, +- to, ++ (unsigned char *)to, + to_size + )) != CKR_OK + ) { +@@ -534,9 +533,9 @@ static int ecryptfs_pkcs11h_decrypt(char + pkcs11h_certificate_decryptAny ( + certificate, + CKM_RSA_PKCS, +- from, ++ (unsigned char *)from, + from_size, +- tmp, ++ (unsigned char *)tmp, + to_size + ); + +@@ -851,7 +850,7 @@ static int ecryptfs_pkcs11h_process_key( + rc = MOUNT_ERROR; + goto out; + } +- if ((rc = ecryptfs_pkcs11h_serialize(subgraph_key_ctx->key_mod->blob, ++ if ((rc = ecryptfs_pkcs11h_serialize((unsigned char *)subgraph_key_ctx->key_mod->blob, + &subgraph_key_ctx->key_mod->blob_size, + pkcs11h_data))) { + syslog(LOG_ERR, "PKCS#11: Error serializing pkcs11; rc=[%d]\n", rc); +@@ -930,7 +929,7 @@ static int tf_pkcs11h_global_loglevel(st + + rc = DEFAULT_TOK; + node->val = NULL; +-out: ++// out: + return rc; + } + +@@ -943,7 +942,7 @@ static int tf_pkcs11h_global_pincache(st + + rc = DEFAULT_TOK; + node->val = NULL; +-out: ++// out: + return rc; + } + +@@ -1013,7 +1012,7 @@ static int tf_pkcs11h_provider_prot_auth + sscanf (node->val, "%x", &subgraph_provider_ctx->allow_protected_authentication); + rc = DEFAULT_TOK; + node->val = NULL; +-out: ++ + return rc; + } + +@@ -1027,7 +1026,7 @@ static int tf_pkcs11h_provider_cert_priv + sscanf (node->val, "%x", &subgraph_provider_ctx->certificate_is_private); + rc = DEFAULT_TOK; + node->val = NULL; +-out: ++ + return rc; + } + +@@ -1042,7 +1041,7 @@ static int tf_pkcs11h_provider_private_m + + rc = DEFAULT_TOK; + node->val = NULL; +-out: ++ + return rc; + } + +@@ -1073,7 +1072,7 @@ static int tf_pkcs11h_provider_end(struc + free(subgraph_provider_ctx); + *foo = NULL; + rc = DEFAULT_TOK; +-out: ++ + return rc; + } + +@@ -1120,7 +1119,7 @@ static int tf_pkcs11h_key_x509file(struc + X509 *x509 = NULL; + unsigned char *p = NULL; + FILE *fp = NULL; +- int rc; ++ int rc = 0; + + subgraph_key_ctx = (struct pkcs11h_subgraph_key_ctx *)(*foo); + +diff -up ecryptfs-utils-85/src/libecryptfs/ecryptfs-stat.c.werror ecryptfs-utils-85/src/libecryptfs/ecryptfs-stat.c +--- ecryptfs-utils-85/src/libecryptfs/ecryptfs-stat.c.werror 2010-12-17 18:34:04.000000000 +0100 ++++ ecryptfs-utils-85/src/libecryptfs/ecryptfs-stat.c 2011-02-01 11:12:14.813646937 +0100 +@@ -146,7 +146,7 @@ int ecryptfs_parse_stat(struct ecryptfs_ + if (buf_size < (ECRYPTFS_FILE_SIZE_BYTES + + MAGIC_ECRYPTFS_MARKER_SIZE_BYTES + + 4)) { +- printf("%s: Invalid metadata size; must have at least [%lu] " ++ printf("%s: Invalid metadata size; must have at least [%zu] " + "bytes; there are only [%zu] bytes\n", __FUNCTION__, + (ECRYPTFS_FILE_SIZE_BYTES + + MAGIC_ECRYPTFS_MARKER_SIZE_BYTES +diff -up ecryptfs-utils-85/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils-85/src/pam_ecryptfs/pam_ecryptfs.c +--- ecryptfs-utils-85/src/pam_ecryptfs/pam_ecryptfs.c.werror 2010-12-17 18:34:04.000000000 +0100 ++++ ecryptfs-utils-85/src/pam_ecryptfs/pam_ecryptfs.c 2011-02-01 11:12:18.061664154 +0100 +@@ -43,31 +43,6 @@ + + #define PRIVATE_DIR "Private" + +-static void error(const char *msg) +-{ +- syslog(LOG_ERR, "errno = [%i]; strerror = [%m]\n", errno); +- switch (errno) { +- case ENOKEY: +- syslog(LOG_ERR, "%s: Requested key not available\n", msg); +- return; +- +- case EKEYEXPIRED: +- syslog(LOG_ERR, "%s: Key has expired\n", msg); +- return; +- +- case EKEYREVOKED: +- syslog(LOG_ERR, "%s: Key has been revoked\n", msg); +- return; +- +- case EKEYREJECTED: +- syslog(LOG_ERR, "%s: Key was rejected by service\n", msg); +- return; +- default: +- syslog(LOG_ERR, "%s: Unknown key error\n", msg); +- return; +- } +-} +- + /* returns: 0 for pam automounting not set, 1 for set, <0 for error */ + static int ecryptfs_pam_automount_set(const char *homedir) + { +@@ -87,7 +62,7 @@ out: + return rc; + } + +-static int wrap_passphrase_if_necessary(char *username, uid_t uid, char *wrapped_pw_filename, char *passphrase, char *salt) ++static int wrap_passphrase_if_necessary(const char *username, uid_t uid, char *wrapped_pw_filename, char *passphrase, char *salt) + { + char *unwrapped_pw_filename = NULL; + struct stat s; +@@ -198,8 +173,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_h + if ((argc == 1) + && (memcmp(argv[0], "unwrap\0", 7) == 0)) { + char *wrapped_pw_filename; +- char *unwrapped_pw_filename; +- struct stat s; + + rc = asprintf( + &wrapped_pw_filename, "%s/.ecryptfs/%s", +@@ -291,8 +264,6 @@ static int private_dir(pam_handle_t *pam + char *autoumount = "auto-umount"; + struct stat s; + pid_t pid; +- struct utmp *u; +- int count = 0; + + if ((pwd = fetch_pwd(pamh)) == NULL) { + /* fetch_pwd() logged a message */ +@@ -339,7 +310,7 @@ static int private_dir(pam_handle_t *pam + if (stat(recorded, &s) != 0 && stat("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", &s) == 0) { + /* User has not recorded their passphrase */ + unlink("/var/lib/update-notifier/user.d/ecryptfs-record-passphrase"); +- symlink("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", "/var/lib/update-notifier/user.d/ecryptfs-record-passphrase"); ++ rc=symlink("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", "/var/lib/update-notifier/user.d/ecryptfs-record-passphrase"); + fd = open("/var/lib/update-notifier/dpkg-run-stamp", O_WRONLY|O_CREAT|O_NONBLOCK, 0666); + close(fd); + } +@@ -410,7 +381,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand + char *old_passphrase = NULL; + char *new_passphrase = NULL; + char *wrapped_pw_filename; +- char *name = NULL; ++// char *name = NULL; + char salt[ECRYPTFS_SALT_SIZE]; + char salt_hex[ECRYPTFS_SALT_SIZE_HEX]; + pid_t child_pid, tmp_pid; +@@ -424,11 +395,11 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand + if (pwd) { + uid = pwd->pw_uid; + homedir = pwd->pw_dir; +- name = pwd->pw_name; ++// name = pwd->pw_name; + } + } else { + syslog(LOG_ERR, "Error getting passwd info for user [%s]; " +- "rc = [%ld]\n", username, rc); ++ "rc = [%d]\n", username, rc); + goto out; + } + saved_uid = geteuid(); +diff -up ecryptfs-utils-85/src/utils/mount.ecryptfs.c.werror ecryptfs-utils-85/src/utils/mount.ecryptfs.c +--- ecryptfs-utils-85/src/utils/mount.ecryptfs.c.werror 2010-12-17 18:34:04.000000000 +0100 ++++ ecryptfs-utils-85/src/utils/mount.ecryptfs.c 2011-02-01 11:12:14.818646964 +0100 +@@ -461,7 +461,7 @@ static int ecryptfs_do_mount(int argc, c + { + int rc; + int flags = 0; +- int num_opts = 0; ++// int num_opts = 0; + char *src = NULL, *targ = NULL, *opts = NULL, *new_opts = NULL, *temp; + char *val; + +@@ -472,7 +472,7 @@ static int ecryptfs_do_mount(int argc, c + rc = strip_userland_opts(opts); + if (rc) + goto out; +- num_opts = ecryptfs_generate_mount_flags(opts, &flags); ++ ecryptfs_generate_mount_flags(opts, &flags); + if (!(temp = strdup("ecryptfs_unlink_sigs"))) { + rc = -ENOMEM; + goto out; +diff -up ecryptfs-utils-85/src/utils/test.c.werror ecryptfs-utils-85/src/utils/test.c +--- ecryptfs-utils-85/src/utils/test.c.werror 2010-12-17 18:34:04.000000000 +0100 ++++ ecryptfs-utils-85/src/utils/test.c 2011-02-01 11:12:14.818646964 +0100 +@@ -281,7 +281,7 @@ int ecryptfs_encrypt_page(int page_cache + struct inode *lower_inode; + struct ecryptfs_crypt_stat *crypt_stat; + int rc = 0; +- int lower_byte_offset; ++ int lower_byte_offset = 0; + int orig_byte_offset = 0; + int num_extents_per_page; + #define ECRYPTFS_PAGE_STATE_UNREAD 0 diff --git a/ecryptfs-utils-83-fixsalt.patch b/ecryptfs-utils-83-fixsalt.patch new file mode 100644 index 0000000..01f3e50 --- /dev/null +++ b/ecryptfs-utils-83-fixsalt.patch @@ -0,0 +1,12 @@ +diff -up ecryptfs-utils-83/src/key_mod/ecryptfs_key_mod_passphrase.c.fixsalt ecryptfs-utils-83/src/key_mod/ecryptfs_key_mod_passphrase.c +--- ecryptfs-utils-83/src/key_mod/ecryptfs_key_mod_passphrase.c.fixsalt 2009-10-20 20:49:55.000000000 +0200 ++++ ecryptfs-utils-83/src/key_mod/ecryptfs_key_mod_passphrase.c 2010-04-14 16:18:43.273398808 +0200 +@@ -105,7 +105,7 @@ static int tf_pass_file(struct ecryptfs_ + out: + free(node->val); + node->val = NULL; +- return rc; ++ return rc ? rc : DEFAULT_TOK; + } + + static int tf_salt(struct ecryptfs_ctx *ctx, struct param_node *node, diff --git a/ecryptfs-utils-83-splitnss.patch b/ecryptfs-utils-83-splitnss.patch new file mode 100644 index 0000000..5041d3a --- /dev/null +++ b/ecryptfs-utils-83-splitnss.patch @@ -0,0 +1,86 @@ +diff -up ecryptfs-utils-83/src/libecryptfs/key_management.c.splitnss ecryptfs-utils-83/src/libecryptfs/key_management.c +--- ecryptfs-utils-83/src/libecryptfs/key_management.c.splitnss 2010-02-16 17:59:21.000000000 +0100 ++++ ecryptfs-utils-83/src/libecryptfs/key_management.c 2010-05-04 11:08:19.875872481 +0200 +@@ -133,28 +133,8 @@ out: + } + + +-int ecryptfs_remove_auth_tok_from_keyring(char *auth_tok_sig) +-{ +- int rc; ++#include "key_management.inc.c" + +- rc = (int)keyctl_search(KEY_SPEC_USER_KEYRING, "user", auth_tok_sig, 0); +- if (rc < 0) { +- rc = errno; +- syslog(LOG_ERR, "Failed to find key with sig [%s]: %m\n", +- auth_tok_sig); +- goto out; +- } +- rc = keyctl_unlink(rc, KEY_SPEC_USER_KEYRING); +- if (rc < 0) { +- rc = errno; +- syslog(LOG_ERR, "Failed to unlink key with sig [%s]: %s\n", +- auth_tok_sig, strerror(rc)); +- goto out; +- } +- rc = 0; +-out: +- return rc; +-} + int ecryptfs_add_auth_tok_to_keyring(struct ecryptfs_auth_tok *auth_tok, + char *auth_tok_sig) + { +diff -up ecryptfs-utils-83/src/libecryptfs/key_management.inc.c.splitnss ecryptfs-utils-83/src/libecryptfs/key_management.inc.c +--- ecryptfs-utils-83/src/libecryptfs/key_management.inc.c.splitnss 2010-05-04 11:08:19.875872481 +0200 ++++ ecryptfs-utils-83/src/libecryptfs/key_management.inc.c 2010-05-04 11:08:19.875872481 +0200 +@@ -0,0 +1,22 @@ ++int ecryptfs_remove_auth_tok_from_keyring(char *auth_tok_sig) ++{ ++ int rc; ++ ++ rc = (int)keyctl_search(KEY_SPEC_USER_KEYRING, "user", auth_tok_sig, 0); ++ if (rc < 0) { ++ rc = errno; ++ syslog(LOG_ERR, "Failed to find key with sig [%s]: %m\n", ++ auth_tok_sig); ++ goto out; ++ } ++ rc = keyctl_unlink(rc, KEY_SPEC_USER_KEYRING); ++ if (rc < 0) { ++ rc = errno; ++ syslog(LOG_ERR, "Failed to unlink key with sig [%s]: %s\n", ++ auth_tok_sig, strerror(rc)); ++ goto out; ++ } ++ rc = 0; ++out: ++ return rc; ++} +diff -up ecryptfs-utils-83/src/utils/Makefile.am.splitnss ecryptfs-utils-83/src/utils/Makefile.am +--- ecryptfs-utils-83/src/utils/Makefile.am.splitnss 2010-05-04 11:09:05.176554494 +0200 ++++ ecryptfs-utils-83/src/utils/Makefile.am 2010-05-04 11:09:05.200991500 +0200 +@@ -36,7 +36,7 @@ mount_ecryptfs_CFLAGS = $(AM_CFLAGS) $(K + mount_ecryptfs_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la $(KEYUTILS_LIBS) $(LIBGCRYPT_LIBS) + umount_ecryptfs_SOURCES = umount.ecryptfs.c + umount_ecryptfs_CFLAGS = $(AM_CFLAGS) $(KEYUTILS_CFLAGS) +-umount_ecryptfs_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la ++umount_ecryptfs_LDADD = -lkeyutils + ecryptfs_manager_SOURCES = manager.c io.c io.h gen_key.c + ecryptfs_manager_CFLAGS = $(AM_CFLAGS) $(KEYUTILS_CFLAGS) $(LIBGCRYPT_CFLAGS) + ecryptfs_manager_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la $(KEYUTILS_LIBS) $(LIBGCRYPT_LIBS) +diff -up ecryptfs-utils-83/src/utils/umount.ecryptfs.c.splitnss ecryptfs-utils-83/src/utils/umount.ecryptfs.c +--- ecryptfs-utils-83/src/utils/umount.ecryptfs.c.splitnss 2009-10-20 20:49:55.000000000 +0200 ++++ ecryptfs-utils-83/src/utils/umount.ecryptfs.c 2010-05-04 11:08:19.893867192 +0200 +@@ -24,7 +24,10 @@ + #include + #include + #include +-#include "ecryptfs.h" ++#include ++#include ++ ++#include "../libecryptfs/key_management.inc.c" + + static void usage() + { diff --git a/ecryptfs-utils-84-fgetc.patch b/ecryptfs-utils-84-fgetc.patch new file mode 100644 index 0000000..9a6a4b4 --- /dev/null +++ b/ecryptfs-utils-84-fgetc.patch @@ -0,0 +1,13 @@ +diff -up ecryptfs-utils-84/src/utils/mount.ecryptfs_private.c.fgetc ecryptfs-utils-84/src/utils/mount.ecryptfs_private.c +--- ecryptfs-utils-84/src/utils/mount.ecryptfs_private.c.fgetc 2011-01-11 10:44:20.000000000 +0100 ++++ ecryptfs-utils-84/src/utils/mount.ecryptfs_private.c 2011-01-11 10:44:32.000000000 +0100 +@@ -88,7 +88,8 @@ char *fetch_sig(char *pw_dir, int entry) + /* Read ecryptfs signature from file and validate + * Return signature as a string, or NULL on failure + */ +- char *sig_file, c; ++ char *sig_file; ++ int c; + FILE *fh; + char *sig; + int i; diff --git a/ecryptfs-utils-84-fixsigness.patch b/ecryptfs-utils-84-fixsigness.patch new file mode 100644 index 0000000..5a07520 --- /dev/null +++ b/ecryptfs-utils-84-fixsigness.patch @@ -0,0 +1,21 @@ +diff -up ecryptfs-utils-84/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.fixsigness ecryptfs-utils-84/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c +--- ecryptfs-utils-84/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.fixsigness 2011-01-04 14:15:58.711761181 +0100 ++++ ecryptfs-utils-84/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c 2011-01-04 14:15:58.744761153 +0100 +@@ -1144,7 +1144,7 @@ static int tf_pkcs11h_key_x509file(struc + goto out; + } + +- if ((subgraph_key_ctx->pkcs11h_data.certificate_blob_size = i2d_X509 (x509, NULL)) < 0 ) { ++ if ((ssize_t)(subgraph_key_ctx->pkcs11h_data.certificate_blob_size = i2d_X509 (x509, NULL)) < 0 ) { + syslog(LOG_ERR, "PKCS#11: Cannot read decode certificate"); + rc = -EIO; + goto out; +@@ -1165,7 +1165,7 @@ static int tf_pkcs11h_key_x509file(struc + */ + p = subgraph_key_ctx->pkcs11h_data.certificate_blob; + +- if ((subgraph_key_ctx->pkcs11h_data.certificate_blob_size = i2d_X509 (x509, &p)) < 0) { ++ if ((ssize_t)(subgraph_key_ctx->pkcs11h_data.certificate_blob_size = i2d_X509 (x509, &p)) < 0) { + syslog(LOG_ERR, "PKCS#11: Cannot read decode certificate"); + goto out; + } diff --git a/ecryptfs-utils.spec b/ecryptfs-utils.spec index 377056f..d75965e 100644 --- a/ecryptfs-utils.spec +++ b/ecryptfs-utils.spec @@ -2,12 +2,17 @@ Summary: The eCryptfs mount helper and support libraries Summary(pl.UTF-8): Narzędzie pomocnicze i biblioteki do montowania eCryptfs Name: ecryptfs-utils Version: 85 -Release: 1 +Release: 2 License: GPL v2+ Group: Base Source0: http://launchpad.net/ecryptfs/trunk/%{version}/+download/%{name}_%{version}.orig.tar.gz # Source0-md5: eacf9488681d99651da544a4c261f784 Patch0: %{name}-sh.patch +Patch1: %{name}-83-fixsalt.patch +Patch2: %{name}-83-splitnss.patch +Patch3: %{name}-84-fgetc.patch +Patch4: %{name}-84-fixsigness.patch +Patch5: %{name}-75-werror.patch URL: http://ecryptfs.sourceforge.net/ BuildRequires: autoconf >= 2.59 BuildRequires: automake @@ -105,6 +110,11 @@ ecryptfs-utils. %prep %setup -q %patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 %build %{__libtoolize} -- 2.43.0