File CVE-2015-8946.patch of Package ecryptfs-utils.6434

Index: src/utils/ecryptfs-setup-swap
===================================================================
--- src/utils/ecryptfs-setup-swap.orig
+++ src/utils/ecryptfs-setup-swap
@@ -158,6 +158,24 @@ for swap in $swaps; do
 		i=$((i+1))
 		[ -e "/dev/mapper/cryptswap$i" ] || break
 	done
+
+	# If this is a GPT partition, mark it as no-auto mounting, to avoid
+	# auto-activating it on boot
+	if [ "$(blkid -p -s PART_ENTRY_SCHEME -o value "$swap")" = "gpt" ]; then
+		drive="${swap%[0-9]*}"
+		partno="${swap#$drive}"
+		if [ -b "$drive" ]; then
+			if printf "x\np\n" | fdisk "$drive" | grep -q "^$swap .* GUID:.*\b63\b"; then
+				echo "$swap is already marked as no-auto"
+			else
+				# toggle flag 63 ("no auto")
+				echo "marking GPT swap partition $swap as no-auto..."
+				# unfortunately fdisk fails on "cannot re-read part table" and is very verbose
+				printf "x\nS\n$partno\n63\nr\nw\n" | fdisk "$drive" >/dev/null 2>&1 || true
+			fi
+		fi
+	fi
+
 	# Add crypttab entry
 	echo "cryptswap$i $swap /dev/urandom swap,cipher=aes-cbc-essiv:sha256" >> /etc/crypttab