On Wed, Feb 01, 2017 at 09:36:47PM -0500, David Steele wrote: > Package: encfs > Version: 1.9.1-3 > Severity: serious > thanks > > > Recently, a change in Encfs was found to have broken cryptkeeper, causing it > to use the password 'p' for all operations, regardless of user input > (#852751)[3]. > The bug was closed by removing cryptkeeper from Debian. > > The issue, however, remains. Sirikali, which manages multiple userspace > filesystems including Encfs, suffers from the same failure (#853874). > An upstream Encfs representative has indicated that the problem will be fixed > there [1], though no change has been pushed to date [2].
Seems that change has been pushed, [Revert "-S" ABI change #282] https://github.com/vgough/encfs/pull/282 including [Revert "Fix a segfault when password is zero length.] https://github.com/vgough/encfs/pull/282/commits/e9592fade4a452b189ffe10cc980f82115c75313 and [Exit with a fatal error on empty password ] https://github.com/vgough/encfs/pull/282/commits/5994b28542e7f551b71ac471ff9aacf6dcd5a3b0 -- Agustin