rpms / ecryptfs-utils

Clone
Source Code
GIT

Files

epel7 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 fc6 main rawhide
  1.   f20
  2.   ecryptfs-utils-75-werror.patch
Blob Blame History Raw 
diff -up ecryptfs-utils-104/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.FGZkyg ecryptfs-utils-104/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c
--- ecryptfs-utils-104/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.FGZkyg	2014-07-22 16:14:00.424530180 +0200
+++ ecryptfs-utils-104/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c	2014-07-22 16:37:53.863680991 +0200
@@ -98,7 +98,7 @@ static int ecryptfs_pkcs11h_deserialize(
 		pkcs11h_data->serialized_id = NULL;
 	}
 	else {
-		pkcs11h_data->serialized_id = blob + i;
+		pkcs11h_data->serialized_id = (char *)blob + i;
 		i += serialized_id_length;
 	}
 	pkcs11h_data->certificate_blob_size = blob[i++] % 256;
@@ -116,12 +116,11 @@ static int ecryptfs_pkcs11h_deserialize(
 		pkcs11h_data->passphrase = NULL;
 	}
 	else {
-		pkcs11h_data->passphrase = blob + i;
+		pkcs11h_data->passphrase = (char *)blob + i;
 		i += passphrase_length;
 	}
 
 	rc = 0;
-out:
 	return rc;
 }
 
@@ -358,14 +357,14 @@ static int ecryptfs_pkcs11h_get_key_sig(
 	data[i++] = '\02';
 	data[i++] = (char)(nbits >> 8);
 	data[i++] = (char)nbits;
-	BN_bn2bin(rsa->n, &(data[i]));
+	BN_bn2bin(rsa->n, (unsigned char *)&(data[i]));
 	i += nbytes;
 	data[i++] = (char)(ebits >> 8);
 	data[i++] = (char)ebits;
-	BN_bn2bin(rsa->e, &(data[i]));
+	BN_bn2bin(rsa->e, (unsigned char *)&(data[i]));
 	i += ebytes;
-	SHA1(data, len + 3, hash);
-	to_hex(sig, hash, ECRYPTFS_SIG_SIZE);
+	SHA1((unsigned char *)data, len + 3, (unsigned char *)hash);
+	to_hex((char *)sig, hash, ECRYPTFS_SIG_SIZE);
 	sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
 
 	rc = 0;
@@ -423,8 +422,8 @@ static int ecryptfs_pkcs11h_encrypt(char
 		if (
 			(rc = RSA_public_encrypt(
 				from_size,
-				from,
-				to,
+				(unsigned char *)from,
+				(unsigned char *)to,
 				rsa,
 				RSA_PKCS1_PADDING
 			)) == -1
@@ -518,9 +517,9 @@ static int ecryptfs_pkcs11h_decrypt(char
 		(rv = pkcs11h_certificate_decryptAny (
 			certificate,
 			CKM_RSA_PKCS,
-			from,
+			(unsigned char *)from,
 			from_size,
-			to,
+			(unsigned char *)to,
 			to_size
 		)) != CKR_OK
 	) {
@@ -546,9 +545,9 @@ static int ecryptfs_pkcs11h_decrypt(char
 		pkcs11h_certificate_decryptAny (
 			certificate,
 			CKM_RSA_PKCS,
-			from,
+			(unsigned char *)from,
 			from_size,
-			tmp,
+			(unsigned char *)tmp,
 			to_size
 		);
 
@@ -863,7 +862,7 @@ static int ecryptfs_pkcs11h_process_key(
 		rc = MOUNT_ERROR;
 		goto out;
 	}
-	if ((rc = ecryptfs_pkcs11h_serialize(subgraph_key_ctx->key_mod->blob,
+	if ((rc = ecryptfs_pkcs11h_serialize((unsigned char *)subgraph_key_ctx->key_mod->blob,
 					     &subgraph_key_ctx->key_mod->blob_size, 
 					     pkcs11h_data))) {
 		syslog(LOG_ERR, "PKCS#11: Error serializing pkcs11; rc=[%d]\n", rc);
@@ -942,7 +941,7 @@ static int tf_pkcs11h_global_loglevel(st
 
 	rc = DEFAULT_TOK;
 	node->val = NULL;
-out:
+// out:
 	return rc;
 }
 
@@ -955,7 +954,7 @@ static int tf_pkcs11h_global_pincache(st
 
 	rc = DEFAULT_TOK;
 	node->val = NULL;
-out:
+// out:
 	return rc;
 }
 
@@ -1025,7 +1024,7 @@ static int tf_pkcs11h_provider_prot_auth
 	sscanf (node->val, "%x", &subgraph_provider_ctx->allow_protected_authentication);
 	rc = DEFAULT_TOK;
 	node->val = NULL;
-out:
+
 	return rc;
 }
 
@@ -1039,7 +1038,7 @@ static int tf_pkcs11h_provider_cert_priv
 	sscanf (node->val, "%x", &subgraph_provider_ctx->certificate_is_private);
 	rc = DEFAULT_TOK;
 	node->val = NULL;
-out:
+
 	return rc;
 }
 
@@ -1054,7 +1053,7 @@ static int tf_pkcs11h_provider_private_m
 
 	rc = DEFAULT_TOK;
 	node->val = NULL;
-out:
+
 	return rc;
 }
 
@@ -1085,7 +1084,7 @@ static int tf_pkcs11h_provider_end(struc
 	free(subgraph_provider_ctx);
 	*foo = NULL;
 	rc = DEFAULT_TOK;
-out:
+
 	return rc;
 }
 
@@ -1132,7 +1131,7 @@ static int tf_pkcs11h_key_x509file(struc
 	X509 *x509 = NULL;
 	unsigned char *p = NULL;
 	FILE *fp = NULL;
-	int rc;
+	int rc = 0;
 
 	subgraph_key_ctx = (struct pkcs11h_subgraph_key_ctx *)(*foo);
 
diff -up ecryptfs-utils-104/src/libecryptfs/ecryptfs-stat.c.FGZkyg ecryptfs-utils-104/src/libecryptfs/ecryptfs-stat.c
diff -up ecryptfs-utils-104/src/libecryptfs/key_management.c.FGZkyg ecryptfs-utils-104/src/libecryptfs/key_management.c
diff -up ecryptfs-utils-104/src/pam_ecryptfs/pam_ecryptfs.c.FGZkyg ecryptfs-utils-104/src/pam_ecryptfs/pam_ecryptfs.c
--- ecryptfs-utils-104/src/pam_ecryptfs/pam_ecryptfs.c.FGZkyg	2014-01-23 19:09:48.000000000 +0100
+++ ecryptfs-utils-104/src/pam_ecryptfs/pam_ecryptfs.c	2014-07-22 16:40:13.429006708 +0200
@@ -84,9 +84,7 @@ static int wrap_passphrase_if_necessary(
 	    stat(wrapped_pw_filename, &s) != 0  &&
 	    passphrase != NULL && *passphrase != '\0' &&
 	    username != NULL && *username != '\0') {
-		setuid(uid);
-		rc = ecryptfs_wrap_passphrase_file(wrapped_pw_filename, passphrase, salt, unwrapped_pw_filename);
-		if (rc != 0) {
+		if ((rc = setuid(uid))<0 || ((rc = ecryptfs_wrap_passphrase_file(wrapped_pw_filename, passphrase, salt, unwrapped_pw_filename)) != 0)) {
 			syslog(LOG_ERR, "pam_ecryptfs: Error wrapping cleartext password; " "rc = [%d]\n", rc);
 		}
 		return rc;
@@ -324,7 +322,7 @@ static int private_dir(pam_handle_t *pam
 			if (stat(recorded, &s) != 0 && stat("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", &s) == 0) {
 				/* User has not recorded their passphrase */
 				unlink("/var/lib/update-notifier/user.d/ecryptfs-record-passphrase");
-				symlink("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", "/var/lib/update-notifier/user.d/ecryptfs-record-passphrase");
+				rc=symlink("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", "/var/lib/update-notifier/user.d/ecryptfs-record-passphrase");
 				fd = open("/var/lib/update-notifier/dpkg-run-stamp", O_WRONLY|O_CREAT|O_NONBLOCK, 0666);
 				if (fd != -1)
 					close(fd);
@@ -485,7 +483,10 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
 		char passphrase[ECRYPTFS_MAX_PASSWORD_LENGTH + 1];
 
 		/* temp regain uid 0 to drop privs */
-		seteuid(oeuid);
+		if (seteuid(oeuid) < 0) {
+			syslog(LOG_ERR, "pam_ecryptfs: seteuid error");
+			goto out_child;
+		}
 		/* setgroups() already called */
 		if (setgid(gid) < 0 || setuid(uid) < 0)
 			goto out_child;
@@ -510,9 +511,9 @@ out_child:
 	free(wrapped_pw_filename);
 out:
 
-	seteuid(oeuid);
-	setegid(oegid);
-	setgroups(ngids, groups);
+	rc = seteuid(oeuid);
+	rc = setegid(oegid);
+	rc = setgroups(ngids, groups);
 
 outnouid:
 	return rc;
diff -up ecryptfs-utils-104/src/utils/mount.ecryptfs.c.FGZkyg ecryptfs-utils-104/src/utils/mount.ecryptfs.c
diff -up ecryptfs-utils-104/src/utils/mount.ecryptfs_private.c.FGZkyg ecryptfs-utils-104/src/utils/mount.ecryptfs_private.c
--- ecryptfs-utils-104/src/utils/mount.ecryptfs_private.c.FGZkyg	2014-07-22 16:17:57.372415281 +0200
+++ ecryptfs-utils-104/src/utils/mount.ecryptfs_private.c	2014-07-22 16:44:17.969827960 +0200
@@ -710,8 +710,8 @@ int main(int argc, char *argv[]) {
  		 * update mtab for us, and replace the current process.
 		 * Do not use the umount.ecryptfs helper (-i).
  		 */
-		setresuid(0,0,0);
-		setresgid(0,0,0);
+		rc=setresuid(0,0,0);
+		rc=setresgid(0,0,0);
 		clearenv();
 
 		/* Since we're doing a lazy unmount anyway, just unmount the current
diff -up ecryptfs-utils-104/src/utils/test.c.FGZkyg ecryptfs-utils-104/src/utils/test.c
diff -up ecryptfs-utils-104/tests/kernel/directory-concurrent/test.c.FGZkyg ecryptfs-utils-104/tests/kernel/directory-concurrent/test.c
diff -up ecryptfs-utils-104/tests/kernel/enospc/test.c.FGZkyg ecryptfs-utils-104/tests/kernel/enospc/test.c
diff -up ecryptfs-utils-104/tests/kernel/extend-file-random/test.c.FGZkyg ecryptfs-utils-104/tests/kernel/extend-file-random/test.c
diff -up ecryptfs-utils-104/tests/kernel/file-concurrent/test.c.FGZkyg ecryptfs-utils-104/tests/kernel/file-concurrent/test.c
diff -up ecryptfs-utils-104/tests/kernel/inode-race-stat/test.c.FGZkyg ecryptfs-utils-104/tests/kernel/inode-race-stat/test.c
--- ecryptfs-utils-104/tests/kernel/inode-race-stat/test.c.FGZkyg	2014-07-22 16:37:53.872680948 +0200
+++ ecryptfs-utils-104/tests/kernel/inode-race-stat/test.c	2014-07-23 13:28:23.053997232 +0200
@@ -364,6 +364,7 @@ abort:
 
 		if (write(pipe_to[i][1], cmd, 1) != 1)
 			continue;
+		(void)ret;
 		(void)waitpid(pids[i], &status, 0);
 
 		(void)close(pipe_to[i][1]);
diff -up ecryptfs-utils-104/tests/kernel/lp-509180/test.c.FGZkyg ecryptfs-utils-104/tests/kernel/lp-509180/test.c
diff -up ecryptfs-utils-104/tests/kernel/trunc-file/test.c.FGZkyg ecryptfs-utils-104/tests/kernel/trunc-file/test.c
diff -up ecryptfs-utils-104/tests/userspace/wrap-unwrap/test.c.FGZkyg ecryptfs-utils-104/tests/userspace/wrap-unwrap/test.c
diff -up ecryptfs-utils-104/src/utils/ecryptfs_generate_tpm_key.c.werror ecryptfs-utils-104/src/utils/ecryptfs_generate_tpm_key.c
--- ecryptfs-utils-104/src/utils/ecryptfs_generate_tpm_key.c.werror	2014-07-23 15:30:36.790862415 +0200
+++ ecryptfs-utils-104/src/utils/ecryptfs_generate_tpm_key.c	2014-07-23 15:30:36.847862115 +0200
@@ -89,7 +89,7 @@ int main(int argc, char **argv)
 	int i, c, *pcrsSelected = NULL, numPcrsSelected = 0;
 	TSS_UUID *uuid;
 	BYTE wellknown[] = TSS_WELL_KNOWN_SECRET;
-	char *tmp_pcrs;
+	int *tmp_pcrs;
 
 	while (1) {
 		c = getopt(argc, argv, "p:");
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.