From 8873d8f729a39a95f67b7571e46c4c0883e1a5a1f1fafbdf547fe976baf0e602 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <lnussel@suse.com>
Date: Thu, 2 Apr 2020 14:27:54 +0000
Subject: [PATCH] - New version to 2.3.1   * Support VeraCrypt 128 bytes
 passwords.     VeraCrypt now allows passwords of maximal length 128 bytes    
 (compared to legacy TrueCrypt where it was limited by 64 bytes).   * Strip
 extra newline from BitLocker recovery keys     There might be a trailing
 newline added by the text editor when     the recovery passphrase was passed
 using the --key-file option.   * Detect separate libiconv library.     It
 should fix compilation issues on distributions with iconv     implemented in
 a separate library.   * Various fixes and workarounds to build on old Linux
 distributions.   * Split lines with hexadecimal digest printing for large
 key-sizes.   * Do not wipe the device with no integrity profile.     With
 --integrity none we performed useless full device wipe.   * Workaround for
 dm-integrity kernel table bug.     Some kernels show an invalid dm-integrity
 mapping table     if superblock contains the "recalculate" bit. This causes  
   integritysetup to not recognize the dm-integrity device.     Integritysetup
 now specifies kernel options such a way that     even on unpatched kernels
 mapping table is correct.   * Print error message if LUKS1 keyslot cannot be
 processed.     If the crypto backend is missing support for hash algorithms  
   used in PBKDF2, the error message was not visible.   * Properly align LUKS2
 keyslots area on conversion.     If the LUKS1 payload offset (data offset) is
 not aligned     to 4 KiB boundary, new LUKS2 keyslots area in now aligned
 properly.   * Validate LUKS2 earlier on conversion to not corrupt the device 
    if binary keyslots areas metadata are not correct.

OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=155
---
 cryptsetup-2.3.0.tar.sign | 16 ----------------
 cryptsetup-2.3.0.tar.xz   |  3 ---
 cryptsetup-2.3.1.tar.sign | 16 ++++++++++++++++
 cryptsetup-2.3.1.tar.xz   |  3 +++
 cryptsetup.changes        | 32 ++++++++++++++++++++++++++++++++
 cryptsetup.spec           |  2 +-
 6 files changed, 52 insertions(+), 20 deletions(-)
 delete mode 100644 cryptsetup-2.3.0.tar.sign
 delete mode 100644 cryptsetup-2.3.0.tar.xz
 create mode 100644 cryptsetup-2.3.1.tar.sign
 create mode 100644 cryptsetup-2.3.1.tar.xz

diff --git a/cryptsetup-2.3.0.tar.sign b/cryptsetup-2.3.0.tar.sign
deleted file mode 100644
index b05b15e..0000000
--- a/cryptsetup-2.3.0.tar.sign
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAl42+b4ACgkQ2bBXe9k+
-mPyC+w/+JY0R3jpt+iCfDjp/Terjwm+Q1NqOjTJ1pSps9ZzZF5vgqxDqF4IljxNX
-zM4YtEN9HUUoE0U12FXmFTYlfoD4rj1AzR4Er9oX+P4YlGVQ0dmkGGr9gsmh+mpY
-m9fZg3jLp+ebhkhIQqMgsUj2xjgQlYoc7hcRcNq9weatLBAidHIdd0JR/0ot2yAS
-eLRodVOtfMvLDGhatMgwxm+FEXbPbgQXYrOemcqlHYPzKLv6xir9ZsLowZxABRaB
-41LZ8o6+4VGqpoNA0r4M1XFqcJ0mDYLdLib7uNNFY97A5bZTUEmALuiHOBNdEygG
-AgBUPnZPJUgSRKmJP4QL2CM6U3si3eNLDwrIjwp0cFtqnZB3bUzGfeu0h/XXSkrV
-b6Yja7zneZNeWaxz8GWCiZwVVBtM2n7PamdVV4xqQF6GE0o84EkJ91oZBim+a/5B
-PUOgcctQaYUAKkuvYXVhZQBaL5D4ppBWaFthENZSQ4sSlEILtsz5LYvWq1oMLWkv
-rZN9lftPd5GqASkTIDQcTNL0GNdJR+P+0kMCNiWOCJzZNzEIk2D6tlyxjnJV8qrk
-rFcShE9R3dADDJ9Ew+91JRk8C2XSG9gOS29K3fF2Hdnv7nfiTns3dh2V6kz/821W
-E39CREgh0A67zppzKWyHnH1BayDeREgRA/TatjZWDAZOHWRM+Ig=
-=cfqp
------END PGP SIGNATURE-----
diff --git a/cryptsetup-2.3.0.tar.xz b/cryptsetup-2.3.0.tar.xz
deleted file mode 100644
index 2df831e..0000000
--- a/cryptsetup-2.3.0.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:395690de99509428354d3cd15cf023bed01487e6f1565b2181e013dc847bbc85
-size 11035660
diff --git a/cryptsetup-2.3.1.tar.sign b/cryptsetup-2.3.1.tar.sign
new file mode 100644
index 0000000..05333ea
--- /dev/null
+++ b/cryptsetup-2.3.1.tar.sign
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAl5p+RgACgkQ2bBXe9k+
+mPyBoQ//fK3nWpug0VJpWhxwoe0SOj0x/2CYP9bJAwkT33davLiDkkM0pfvq9Y5L
+rdbX0JRJemwFwS6V0DuZNDK2b88xEeJpvnNmDWXtKQ2HS9BPNesJJmzgBRY4P06q
+bwxUvndnDLP7fAZtEMiLQJYCzuLkGwnEQFMh1GLfAM2H8FM9YZYz/HvezTlDTLYi
+9SJ0iF8UF+VR8jPl3hqGQXkiHPVopvMEhwL9kpP1dJdYmeMFVYH/l+3jQ0Qw5de7
+YaqEitsKaT/JT236vSfR/RCFEifswbea+fplQE5a0kVuVmAkaEnL65fS1S9+18Ol
+7Vo/8JaXxN6kjVpBVwn57RpWpGiLYXYjTzOtRrAQx7Q0oX3ycCwnii1TEzDvFcJL
+aPsZsbNMf6Cgj+iw0htPCoXInaZW52GHIGJc8rR5WKdl3v5Md2vgGV6TTVcMYee+
+KQ2RuQtiDXC9+4OhfTPZ5Rpxn+Dns9xl0hfsmbRJDH1THJncaX1B/0qN8gHtsvMG
+/+p9tZ7Ox6EpiIh8CcsyJT83bzgq0FO0Ut8jsh8fM+YKHEISvEFkkGAmykLim/e+
+ef6aYpkxHoGA+jpwmDaXF0LBPY2jAxs6OQxQwuD9i+BDkyMH1arO/AkRkEMqQMY6
+2yyVfu6doOVEACX51zZmB3bBvQLUtjPJh/5hS/0InGOP2Nm3lwA=
+=1LIc
+-----END PGP SIGNATURE-----
diff --git a/cryptsetup-2.3.1.tar.xz b/cryptsetup-2.3.1.tar.xz
new file mode 100644
index 0000000..57e2d57
--- /dev/null
+++ b/cryptsetup-2.3.1.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:92aba4d559a2cf7043faed92e0f22c5addea36bd63f8c039ba5a8f3a159fe7d2
+size 11041592
diff --git a/cryptsetup.changes b/cryptsetup.changes
index 6bd68f5..6f17bf9 100644
--- a/cryptsetup.changes
+++ b/cryptsetup.changes
@@ -1,3 +1,35 @@
+-------------------------------------------------------------------
+Thu Apr  2 14:27:18 UTC 2020 - Ludwig Nussel <lnussel@suse.de>
+
+- New version to 2.3.1
+  * Support VeraCrypt 128 bytes passwords.
+    VeraCrypt now allows passwords of maximal length 128 bytes
+    (compared to legacy TrueCrypt where it was limited by 64 bytes).
+  * Strip extra newline from BitLocker recovery keys
+    There might be a trailing newline added by the text editor when
+    the recovery passphrase was passed using the --key-file option.
+  * Detect separate libiconv library.
+    It should fix compilation issues on distributions with iconv
+    implemented in a separate library.
+  * Various fixes and workarounds to build on old Linux distributions.
+  * Split lines with hexadecimal digest printing for large key-sizes.
+  * Do not wipe the device with no integrity profile.
+    With --integrity none we performed useless full device wipe.
+  * Workaround for dm-integrity kernel table bug.
+    Some kernels show an invalid dm-integrity mapping table
+    if superblock contains the "recalculate" bit. This causes
+    integritysetup to not recognize the dm-integrity device.
+    Integritysetup now specifies kernel options such a way that
+    even on unpatched kernels mapping table is correct.
+  * Print error message if LUKS1 keyslot cannot be processed.
+    If the crypto backend is missing support for hash algorithms
+    used in PBKDF2, the error message was not visible.
+  * Properly align LUKS2 keyslots area on conversion.
+    If the LUKS1 payload offset (data offset) is not aligned
+    to 4 KiB boundary, new LUKS2 keyslots area in now aligned properly.
+  * Validate LUKS2 earlier on conversion to not corrupt the device
+    if binary keyslots areas metadata are not correct.
+
 -------------------------------------------------------------------
 Tue Feb  4 07:59:24 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>
 
diff --git a/cryptsetup.spec b/cryptsetup.spec
index 3151a68..a4b3eb0 100644
--- a/cryptsetup.spec
+++ b/cryptsetup.spec
@@ -22,7 +22,7 @@ Name:           cryptsetup2
 %else
 Name:           cryptsetup
 %endif
-Version:        2.3.0
+Version:        2.3.1
 Release:        0
 Summary:        Setup program for dm-crypt Based Encrypted Block Devices
 License:        SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later