Accepting request 56499 from security

Accepted submit request 56499 from user lnussel OBS-URL: https://build.opensuse.org/request/show/56499 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=55
2010-12-28 22:57:45 +00:00 · 2010-12-28 22:57:45 +00:00 · 5021439e52
commit 5021439e52
parent f0ebacb640 83843b8936
6 changed files with 100 additions and 15 deletions
--- a/cryptsetup-1.1.3.tar.bz2
+++ b/cryptsetup-1.1.3.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9c8e68a272f6d9cfb6cd65cc0743f4c44a2096c61f74e0602bf40208b5e69c0a
-size 499276
--- a/cryptsetup-1.1.3.tar.bz2.asc
+++ b/cryptsetup-1.1.3.tar.bz2.asc
@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.10 (GNU/Linux)
-
-iEYEABECAAYFAkwvQUAACgkQf1Jlc7shgi/UvgCfasORC/TsVH3svv5F/f2WEw+X
-XXoAnRhz0xfzQT/xhhoZgg+Jv4sChd2C
-=cWbV
-----END PGP SIGNATURE-----
--- a/cryptsetup-1.2.0.tar.bz2
+++ b/cryptsetup-1.2.0.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:411129817ff29e6a957bcbdcd9a2c4c953c1539acd8af912c383262ba901b5ea
+size 523859
--- a/cryptsetup-1.2.0.tar.bz2.asc
+++ b/cryptsetup-1.2.0.tar.bz2.asc
@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (GNU/Linux)
+
+iEYEABECAAYFAk0PQJUACgkQf1Jlc7shgi93yQCfdC+Z1aMb8NdBC8Zx/R/P6d8x
+0d4AoJPO28ny/LmCRa3mCrh155YW6rZT
+=UGVC
+-----END PGP SIGNATURE-----
--- a/cryptsetup.changes
+++ b/cryptsetup.changes
@ -1,3 +1,89 @@
+-------------------------------------------------------------------
+Mon Dec 20 13:01:54 UTC 2010 - lnussel@suse.de
+
+- new version 1.2.0
+  * Add selection of random/urandom number generator for luksFormat
+ (option --use-random and --use-urandom).
+
+ * Fix luksRemoveKey to not ask for remaining keyslot passphrase,
+ only for removed one.
+
+ * No longer support luksDelKey (replaced with luksKillSlot).
+  * if you want to remove particular passphrase, use luksKeyRemove
+  * if you want to remove particular keyslot, use luksKillSlot
+
+ Note that in batch mode luksKillSlot allows removing of any keyslot
+ without question, in normal mode requires passphrase or keyfile from
+ other keyslot.
+
+ * Default alignment for device (if not overridden by topology info)
+ is now (multiple of) *1MiB*.
+ This reflects trends in storage technologies and aligns to the same
+ defaults for partitions and volume management.
+
+ * Allow explicit UUID setting in luksFormat and allow change it later
+ in luksUUID (--uuid parameter).
+
+ * All commands using key file now allows limited read from keyfile using
+ --keyfile-size and --new-keyfile-size parameters (in bytes).
+
+ This change also disallows overloading of --key-size parameter which
+ is now exclusively used for key size specification (in bits.)
+
+ * luksFormat using pre-generated master key now properly allows
+ using key file (only passphrase was allowed prior to this update).
+
+ * Add --dump-master-key option for luksDump to perform volume (master)
+ key dump. Note that printed information allows accessing device without
+ passphrase so it must be stored encrypted.
+
+ This operation is useful for simple Key Escrow function (volume key and
+ encryption parameters printed on paper on safe place).
+
+ This operation requires passphrase or key file.
+
+ * The reload command is no longer supported.
+ (Use dmsetup reload instead if needed. There is no real use for this
+ function except explicit data corruption:-)
+
+ * Cryptsetup now properly checks if underlying device is in use and
+ disallows *luksFormat*, luksOpen and create commands on open
+ (e.g. already mapped or mounted) device.
+
+ * Option --non-exclusive (already deprecated) is removed.
+
+Libcryptsetup API additions:
+
+ * new functions
+  * crypt_get_type() - explicit query to crypt device context type
+  * crypt_resize() - new resize command using context
+  * crypt_keyslot_max() - helper to get number of supported keyslots
+  * crypt_get_active_device() - get active device info
+  * crypt_set/get_rng_type() - random/urandom RNG setting
+  * crypt_set_uuid() - explicit UUID change of existing device
+  * crypt_get_device_name() - get underlying device name
+
+ * Fix optional password callback handling.
+
+ * Allow to activate by internally cached volume key immediately after
+ crypt_format() without active slot (for temporary devices with
+ on-disk metadata)
+
+ * libcryptsetup is binary compatible with 1.1.x release and still
+ supports legacy API calls
+
+ * cryptsetup binary now uses only new API calls.
+
+ * Static compilation of both library (--enable-static) and cryptsetup
+ binary (--enable-static-cryptsetup) is now properly implemented by common
+ libtool logic.
+
+ Prior to this it produced miscompiled dynamic cryptsetup binary with
+ statically linked libcryptsetup.
+
+ The static binary is compiled as src/cryptsetup.static in parallel
+ with dynamic build if requested.
+
 -------------------------------------------------------------------
 Tue Nov 30 14:16:07 UTC 2010 - lnussel@suse.de

--- a/cryptsetup.spec
+++ b/cryptsetup.spec
@ -29,8 +29,8 @@ BuildRequires:  libselinux-devel pkgconfig
 License:        GPLv2+
 Group:          System/Base
 AutoReqProv:    on
-Version:        1.1.3
-Release:        3
+Version:        1.2.0
+Release:        1
 Summary:        Set Up dm-crypt Based Encrypted Block Devices
 Source:         http://cryptsetup.googlecode.com/files/cryptsetup-%{version}.tar.bz2
 Source1:        http://cryptsetup.googlecode.com/files/cryptsetup-%{version}.tar.bz2.asc
@ -153,7 +153,7 @@ popd

 %install
 make install DESTDIR=$RPM_BUILD_ROOT
-# move devel stuff to %{libdir}
+# move devel stuff to %%{libdir}
 rm -f $RPM_BUILD_ROOT/%{_lib}/libcryptsetup.so
 mkdir -p $RPM_BUILD_ROOT%{_libdir}
 ln -s /%{_lib}/libcryptsetup.so.1 $RPM_BUILD_ROOT%{_libdir}/libcryptsetup.so
@ -224,8 +224,7 @@ rm -rf $RPM_BUILD_ROOT

 %files -n libcryptsetup1
 %defattr(-,root,root)
-/%_lib/libcryptsetup.so.1
-/%_lib/libcryptsetup.so.1.0.0
+/%_lib/libcryptsetup.so.1*

 %files -n libcryptsetup-devel
 %defattr(-,root,root)