Accepting request 1142596 from home:pmonrealgonzalez:branches:security
- Update to 2.7.0: * Full changelog in: mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes * Introduce support for hardware OPAL disk encryption. * plain mode: Set default cipher to aes-xts-plain64 and password hashing to sha256. * Allow activation (open), luksResume, and luksAddKey to use the volume key stored in a keyring. * Allow to store volume key to a user-specified keyring in open and luksResume commands. * Do not flush IO operations if resize grows the device. This can help performance in specific cases where the encrypted device is extended automatically while running many IO operations. * Use only half of detected free memory for Argon2 PBKDF on systems without swap (for LUKS2 new keyslot or format operations). * Add the possibility to specify a directory for external LUKS2 token handlers (plugins). * Do not allow reencryption/decryption on LUKS2 devices with authenticated encryption or hardware (OPAL) encryption. * Do not fail LUKS format if the operation was interrupted on subsequent device wipe. * Fix the LUKS2 keyslot option to be used while activating the device by a token. * Properly report if the dm-verity device cannot be activated due to the inability to verify the signed root hash (ENOKEY). * Fix to check passphrase for selected keyslot only when adding new keyslot. * Fix to not wipe the keyslot area before in-place overwrite. * bitlk: Fix segfaults when attempting to verify the volume key. * Add --disable-blkid command line option to avoid blkid device check. OBS-URL: https://build.opensuse.org/request/show/1142596 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=192
This commit is contained in:
parent
82af2dfa2d
commit
9a7370c09b
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmPlHwIACgkQ2bBXe9k+
|
||||
mPwtxg/+PohA6Ygk3e61i0IZmLdvHO2PJG3JefLxf1QDqImkKcALgUdNrt/qv1SZ
|
||||
CBtM4pmYXfhIpYzavSPZdAC0nLvKkx66PpQRCk/ZmUSNZJ8IzmoM5MPZhWLspYtK
|
||||
Z4mVXJz+UVdCAf7ayK7li9A+a947jpVKFlc5hSiQ8SnmkT8X0MhqGPLsO9Z6ndNK
|
||||
+VpBPozZ1YQ6THYp2so5lF3BW9G6YAkm5XhN6IQreDCdZwF0Y4lff6G9PNHFSLpC
|
||||
k9yLmvUgDsDNTcEjXeKbtvIlOzjjHfhJkEmyo9jNDWNUSU6wt5RqnCZmd1VbCQyB
|
||||
HVCKb9Y0Yoz9rvzFBWnU6d1ZCe3aKLrVF89yK6mJ7CYh4CVURMJmIJ+1rEeg2z5n
|
||||
NhXSLrMMF+Q9P/VNupOMec1DOg2OMRKExps5r7kvDeVOz9FmJoguMxAu1+dt0Ze8
|
||||
4b86ii2F+Py2tOy5OzQu7PvQkKbl8dvi8qJM8cEovKIsWiHTp/2Heo0gjXaLJ/kK
|
||||
v/821T9v3ZO7dmtlhgps9q4xEjWV/u3kWwXXFgEtKby48UVzTGNXsDDdkrVEdy2J
|
||||
jKBnqO31mGa8ButNRQvZ6rEOPFaCmdpy95/u5v22LhlACdkEwt5Cky0t6NMKSpvp
|
||||
sSgVzYmU6Pk5RdOzZCt1pyIPwEfJa1y5N1k/kuBasdqPw95RRsM=
|
||||
=m/Re
|
||||
-----END PGP SIGNATURE-----
|
BIN
cryptsetup-2.6.1.tar.xz
(Stored with Git LFS)
BIN
cryptsetup-2.6.1.tar.xz
(Stored with Git LFS)
Binary file not shown.
16
cryptsetup-2.7.0.tar.sign
Normal file
16
cryptsetup-2.7.0.tar.sign
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmWw5zoACgkQ2bBXe9k+
|
||||
mPztwhAAh8ieUWCcw7WwW4lc00ZH77sLc7Ro5J2/0ZAg/HpowOqGqhzJQZ+KJdeF
|
||||
b6mebw7mKq4PHyzUS7Rba4wQiVEUD2kAQuoyXZJljsxegFOc1LxL/DSOCt7IFJyc
|
||||
WB+525kPoRrpBWJhGXMn4OcVaelmIJAgDFHcYAccJJTKNgPjDrivpkTAxUsfdTTf
|
||||
a1F/4I2o7eP5zkWkPqqQIvXzlwQnfD5ulZvnJ30t8E/07CZJ5Hf9iLRa6vruo7Rg
|
||||
8cJHcOu4MhjuMu+oDvuefj8hM4FyfLU+tt0L7Z3iOZXAGffe+iQUQUyChvN/waEI
|
||||
R8mpdc89amTHkMTCjYOo2X4sAH9a7mo5L2v+rm5NTZTZn53Gy1Ytbzy2agXY+ebf
|
||||
DeKTVL3KTMe6KvQUfIqMSrM9oub6o8JDfO+0La9GSkNU/1VvHU5LK3FIomuP8Top
|
||||
BPfdL8IxSgIityBbby1ZQD97aIgzPZkGsC7/5bVY7mj/LUZxJK61p49U0dlolwss
|
||||
uzJarjAtDY0iNCfOv/AKZGnVzHAc2cEmVKJ6X243h2NRB5z1snFP8lDtB2AIdcUf
|
||||
0vEZz1HcwW1de1C0jjQsf9elkeVJfrsFhRhRrEEiHyplR3/uaVwUtrDGOxPsRE+J
|
||||
SE2sSfURqQPuBKeTO/ymVDt7G0iPd8Ts/BOhQYTn94rsjhONiz8=
|
||||
=6sya
|
||||
-----END PGP SIGNATURE-----
|
3
cryptsetup-2.7.0.tar.xz
Normal file
3
cryptsetup-2.7.0.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:94003a00cd5a81944f45e8dc529e0cfd2a6ff629bd2cd21cf5e574e465daf795
|
||||
size 11632432
|
@ -1,72 +0,0 @@
|
||||
From 7893c33d71cde09e240234c484c6c468f22c2fe7 Mon Sep 17 00:00:00 2001
|
||||
From: Milan Broz <gmazyland@gmail.com>
|
||||
Date: Mon, 3 Apr 2023 13:31:16 +0200
|
||||
Subject: [PATCH] Check for physical memory available also in PBKDF benchmark.
|
||||
|
||||
---
|
||||
lib/internal.h | 1 +
|
||||
lib/utils_benchmark.c | 9 +++++++++
|
||||
lib/utils_pbkdf.c | 4 ++--
|
||||
3 files changed, 12 insertions(+), 2 deletions(-)
|
||||
|
||||
Index: cryptsetup-2.6.1/lib/internal.h
|
||||
===================================================================
|
||||
--- cryptsetup-2.6.1.orig/lib/internal.h
|
||||
+++ cryptsetup-2.6.1/lib/internal.h
|
||||
@@ -89,6 +89,7 @@ int crypt_benchmark_pbkdf_internal(struc
|
||||
struct crypt_pbkdf_type *pbkdf,
|
||||
size_t volume_key_size);
|
||||
const char *crypt_get_cipher_spec(struct crypt_device *cd);
|
||||
+uint32_t pbkdf_adjusted_phys_memory_kb(void);
|
||||
|
||||
/* Device backend */
|
||||
struct device;
|
||||
Index: cryptsetup-2.6.1/lib/utils_benchmark.c
|
||||
===================================================================
|
||||
--- cryptsetup-2.6.1.orig/lib/utils_benchmark.c
|
||||
+++ cryptsetup-2.6.1/lib/utils_benchmark.c
|
||||
@@ -101,6 +101,7 @@ int crypt_benchmark_pbkdf(struct crypt_d
|
||||
{
|
||||
int r, priority;
|
||||
const char *kdf_opt;
|
||||
+ uint32_t memory_kb;
|
||||
|
||||
if (!pbkdf || (!password && password_size))
|
||||
return -EINVAL;
|
||||
@@ -113,6 +114,14 @@ int crypt_benchmark_pbkdf(struct crypt_d
|
||||
|
||||
log_dbg(cd, "Running %s(%s) benchmark.", pbkdf->type, kdf_opt);
|
||||
|
||||
+ memory_kb = pbkdf_adjusted_phys_memory_kb();
|
||||
+ if (memory_kb < pbkdf->max_memory_kb) {
|
||||
+ log_dbg(cd, "Not enough physical memory detected, "
|
||||
+ "PBKDF max memory decreased from %dkB to %dkB.",
|
||||
+ pbkdf->max_memory_kb, memory_kb);
|
||||
+ pbkdf->max_memory_kb = memory_kb;
|
||||
+ }
|
||||
+
|
||||
crypt_process_priority(cd, &priority, true);
|
||||
r = crypt_pbkdf_perf(pbkdf->type, pbkdf->hash, password, password_size,
|
||||
salt, salt_size, volume_key_size, pbkdf->time_ms,
|
||||
Index: cryptsetup-2.6.1/lib/utils_pbkdf.c
|
||||
===================================================================
|
||||
--- cryptsetup-2.6.1.orig/lib/utils_pbkdf.c
|
||||
+++ cryptsetup-2.6.1/lib/utils_pbkdf.c
|
||||
@@ -61,7 +61,7 @@ const struct crypt_pbkdf_type *crypt_get
|
||||
return NULL;
|
||||
}
|
||||
|
||||
-static uint32_t adjusted_phys_memory(void)
|
||||
+uint32_t pbkdf_adjusted_phys_memory_kb(void)
|
||||
{
|
||||
uint64_t memory_kb = crypt_getphysmemory_kb();
|
||||
|
||||
@@ -249,7 +249,7 @@ int init_pbkdf_type(struct crypt_device
|
||||
}
|
||||
|
||||
if (cd_pbkdf->max_memory_kb) {
|
||||
- memory_kb = adjusted_phys_memory();
|
||||
+ memory_kb = pbkdf_adjusted_phys_memory_kb();
|
||||
if (cd_pbkdf->max_memory_kb > memory_kb) {
|
||||
log_dbg(cd, "Not enough physical memory detected, "
|
||||
"PBKDF max memory decreased from %dkB to %dkB.",
|
@ -1,160 +0,0 @@
|
||||
From 899bad8c06957a94a198d1eaa293ed8db205f1de Mon Sep 17 00:00:00 2001
|
||||
From: Milan Broz <gmazyland@gmail.com>
|
||||
Date: Mon, 20 Feb 2023 16:45:36 +0100
|
||||
Subject: [PATCH] Try to avoid OOM killer on low-memory systems without swap.
|
||||
|
||||
Benchmark for memory-hard KDF is tricky, seems that relying
|
||||
on maximum half of physical memory is not enough.
|
||||
|
||||
Let's allow only free physical available space if there is no swap.
|
||||
This should not cause changes on normal systems, at least.
|
||||
---
|
||||
lib/internal.h | 2 ++
|
||||
lib/utils.c | 47 ++++++++++++++++++++++++++++++++++++++++++++++
|
||||
lib/utils_pbkdf.c | 11 ++++++++++-
|
||||
tests/api-test-2.c | 12 ++++++++----
|
||||
4 files changed, 67 insertions(+), 5 deletions(-)
|
||||
|
||||
Index: cryptsetup-2.6.1/lib/internal.h
|
||||
===================================================================
|
||||
--- cryptsetup-2.6.1.orig/lib/internal.h
|
||||
+++ cryptsetup-2.6.1/lib/internal.h
|
||||
@@ -169,6 +169,8 @@ int crypt_uuid_cmp(const char *dm_uuid,
|
||||
size_t crypt_getpagesize(void);
|
||||
unsigned crypt_cpusonline(void);
|
||||
uint64_t crypt_getphysmemory_kb(void);
|
||||
+uint64_t crypt_getphysmemoryfree_kb(void);
|
||||
+bool crypt_swapavailable(void);
|
||||
|
||||
int init_crypto(struct crypt_device *ctx);
|
||||
|
||||
Index: cryptsetup-2.6.1/lib/utils.c
|
||||
===================================================================
|
||||
--- cryptsetup-2.6.1.orig/lib/utils.c
|
||||
+++ cryptsetup-2.6.1/lib/utils.c
|
||||
@@ -59,6 +59,53 @@ uint64_t crypt_getphysmemory_kb(void)
|
||||
return phys_memory_kb;
|
||||
}
|
||||
|
||||
+uint64_t crypt_getphysmemoryfree_kb(void)
|
||||
+{
|
||||
+ long pagesize, phys_pages;
|
||||
+ uint64_t phys_memoryfree_kb;
|
||||
+
|
||||
+ pagesize = sysconf(_SC_PAGESIZE);
|
||||
+ phys_pages = sysconf(_SC_AVPHYS_PAGES);
|
||||
+
|
||||
+ if (pagesize < 0 || phys_pages < 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ phys_memoryfree_kb = pagesize / 1024;
|
||||
+ phys_memoryfree_kb *= phys_pages;
|
||||
+
|
||||
+ return phys_memoryfree_kb;
|
||||
+}
|
||||
+
|
||||
+bool crypt_swapavailable(void)
|
||||
+{
|
||||
+ int fd;
|
||||
+ ssize_t size;
|
||||
+ char buf[4096], *p;
|
||||
+ uint64_t total;
|
||||
+
|
||||
+ if ((fd = open("/proc/meminfo", O_RDONLY)) < 0)
|
||||
+ return true;
|
||||
+
|
||||
+ size = read(fd, buf, sizeof(buf));
|
||||
+ close(fd);
|
||||
+ if (size < 1)
|
||||
+ return true;
|
||||
+
|
||||
+ if (size < (ssize_t)sizeof(buf))
|
||||
+ buf[size] = 0;
|
||||
+ else
|
||||
+ buf[sizeof(buf) - 1] = 0;
|
||||
+
|
||||
+ p = strstr(buf, "SwapTotal:");
|
||||
+ if (!p)
|
||||
+ return true;
|
||||
+
|
||||
+ if (sscanf(p, "SwapTotal: %" PRIu64 " kB", &total) != 1)
|
||||
+ return true;
|
||||
+
|
||||
+ return total > 0;
|
||||
+}
|
||||
+
|
||||
void crypt_process_priority(struct crypt_device *cd, int *priority, bool raise)
|
||||
{
|
||||
int _priority, new_priority;
|
||||
Index: cryptsetup-2.6.1/lib/utils_pbkdf.c
|
||||
===================================================================
|
||||
--- cryptsetup-2.6.1.orig/lib/utils_pbkdf.c
|
||||
+++ cryptsetup-2.6.1/lib/utils_pbkdf.c
|
||||
@@ -63,7 +63,7 @@ const struct crypt_pbkdf_type *crypt_get
|
||||
|
||||
uint32_t pbkdf_adjusted_phys_memory_kb(void)
|
||||
{
|
||||
- uint64_t memory_kb = crypt_getphysmemory_kb();
|
||||
+ uint64_t free_kb, memory_kb = crypt_getphysmemory_kb();
|
||||
|
||||
/* Ignore bogus value */
|
||||
if (memory_kb < (128 * 1024) || memory_kb > UINT32_MAX)
|
||||
@@ -75,6 +75,15 @@ uint32_t pbkdf_adjusted_phys_memory_kb(v
|
||||
*/
|
||||
memory_kb /= 2;
|
||||
|
||||
+ /*
|
||||
+ * Never use more that available free space on system without swap.
|
||||
+ */
|
||||
+ if (!crypt_swapavailable()) {
|
||||
+ free_kb = crypt_getphysmemoryfree_kb();
|
||||
+ if (free_kb > (64 * 1024) && free_kb < memory_kb)
|
||||
+ return free_kb;
|
||||
+ }
|
||||
+
|
||||
return memory_kb;
|
||||
}
|
||||
|
||||
Index: cryptsetup-2.6.1/tests/api-test-2.c
|
||||
===================================================================
|
||||
--- cryptsetup-2.6.1.orig/tests/api-test-2.c
|
||||
+++ cryptsetup-2.6.1/tests/api-test-2.c
|
||||
@@ -2802,7 +2802,8 @@ static void Pbkdf(void)
|
||||
OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
|
||||
OK_(strcmp(pbkdf->hash, default_luks1_hash));
|
||||
EQ_(pbkdf->time_ms, default_luks2_iter_time);
|
||||
- EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
|
||||
+ GE_(pbkdf->max_memory_kb, 64 * 1024);
|
||||
+ GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb);
|
||||
EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
|
||||
// set and verify argon2 type
|
||||
OK_(crypt_set_pbkdf_type(cd, &argon2));
|
||||
@@ -2827,7 +2828,8 @@ static void Pbkdf(void)
|
||||
OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
|
||||
OK_(strcmp(pbkdf->hash, default_luks1_hash));
|
||||
EQ_(pbkdf->time_ms, default_luks2_iter_time);
|
||||
- EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
|
||||
+ GE_(pbkdf->max_memory_kb, 64 * 1024);
|
||||
+ GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb);
|
||||
EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
|
||||
// try to pass illegal values
|
||||
argon2.parallel_threads = 0;
|
||||
@@ -2858,14 +2860,16 @@ static void Pbkdf(void)
|
||||
OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
|
||||
OK_(strcmp(pbkdf->hash, default_luks1_hash));
|
||||
EQ_(pbkdf->time_ms, default_luks2_iter_time);
|
||||
- EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
|
||||
+ GE_(pbkdf->max_memory_kb, 64 * 1024);
|
||||
+ GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb);
|
||||
EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
|
||||
crypt_set_iteration_time(cd, 1);
|
||||
OK_(crypt_load(cd, CRYPT_LUKS, NULL));
|
||||
OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
|
||||
OK_(strcmp(pbkdf->hash, default_luks1_hash));
|
||||
EQ_(pbkdf->time_ms, 1);
|
||||
- EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
|
||||
+ GE_(pbkdf->max_memory_kb, 64 * 1024);
|
||||
+ GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb);
|
||||
EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
|
||||
CRYPT_FREE(cd);
|
||||
|
@ -1,41 +0,0 @@
|
||||
From 6721d3a8b29b13fe88aeeaefe09d457e99d1c6fa Mon Sep 17 00:00:00 2001
|
||||
From: Milan Broz <gmazyland@gmail.com>
|
||||
Date: Mon, 17 Apr 2023 13:41:17 +0200
|
||||
Subject: [PATCH] Use only half of detected free memory on systems without
|
||||
swap.
|
||||
|
||||
As tests shows, limiting used Argon2 memory to free memory on
|
||||
systems without swap is still not enough.
|
||||
Use just half of it, this should bring needed margin while
|
||||
still use Argon2.
|
||||
|
||||
Note, for very-low memory constrained systems user should
|
||||
avoid memory-hard PBKDF (IOW manually select PBKDF2), we
|
||||
do not do this automatically.
|
||||
---
|
||||
lib/utils_pbkdf.c | 9 ++++++++-
|
||||
1 file changed, 8 insertions(+), 1 deletion(-)
|
||||
|
||||
Index: cryptsetup-2.6.1/lib/utils_pbkdf.c
|
||||
===================================================================
|
||||
--- cryptsetup-2.6.1.orig/lib/utils_pbkdf.c
|
||||
+++ cryptsetup-2.6.1/lib/utils_pbkdf.c
|
||||
@@ -76,10 +76,17 @@ uint32_t pbkdf_adjusted_phys_memory_kb(v
|
||||
memory_kb /= 2;
|
||||
|
||||
/*
|
||||
- * Never use more that available free space on system without swap.
|
||||
+ * Never use more that half of available free memory on system without swap.
|
||||
*/
|
||||
if (!crypt_swapavailable()) {
|
||||
free_kb = crypt_getphysmemoryfree_kb();
|
||||
+
|
||||
+ /*
|
||||
+ * Using exactly free memory causes OOM too, use only half of the value.
|
||||
+ * Ignore small values (< 64MB), user should use PBKDF2 in such environment.
|
||||
+ */
|
||||
+ free_kb /= 2;
|
||||
+
|
||||
if (free_kb > (64 * 1024) && free_kb < memory_kb)
|
||||
return free_kb;
|
||||
}
|
@ -1,3 +1,69 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 29 16:40:40 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
- Update to 2.7.0:
|
||||
* Full changelog in:
|
||||
mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes
|
||||
* Introduce support for hardware OPAL disk encryption.
|
||||
* plain mode: Set default cipher to aes-xts-plain64 and password hashing
|
||||
to sha256.
|
||||
* Allow activation (open), luksResume, and luksAddKey to use the volume
|
||||
key stored in a keyring.
|
||||
* Allow to store volume key to a user-specified keyring in open and
|
||||
luksResume commands.
|
||||
* Do not flush IO operations if resize grows the device.
|
||||
This can help performance in specific cases where the encrypted device
|
||||
is extended automatically while running many IO operations.
|
||||
* Use only half of detected free memory for Argon2 PBKDF on systems
|
||||
without swap (for LUKS2 new keyslot or format operations).
|
||||
* Add the possibility to specify a directory for external LUKS2 token
|
||||
handlers (plugins).
|
||||
* Do not allow reencryption/decryption on LUKS2 devices with
|
||||
authenticated encryption or hardware (OPAL) encryption.
|
||||
* Do not fail LUKS format if the operation was interrupted on subsequent
|
||||
device wipe.
|
||||
* Fix the LUKS2 keyslot option to be used while activating the device
|
||||
by a token.
|
||||
* Properly report if the dm-verity device cannot be activated due to
|
||||
the inability to verify the signed root hash (ENOKEY).
|
||||
* Fix to check passphrase for selected keyslot only when adding
|
||||
new keyslot.
|
||||
* Fix to not wipe the keyslot area before in-place overwrite.
|
||||
* bitlk: Fix segfaults when attempting to verify the volume key.
|
||||
* Add --disable-blkid command line option to avoid blkid device check.
|
||||
* Add support for the meson build system.
|
||||
* Fix wipe operation that overwrites the whole device if used for LUKS2
|
||||
header with no keyslot area.
|
||||
* Fix luksErase to work with detached LUKS header.
|
||||
* Disallow the use of internal kernel crypto driver names in "capi"
|
||||
specification.
|
||||
* Fix reencryption to fail early for unknown cipher.
|
||||
* tcrypt: Support new Blake2 hash for VeraCrypt.
|
||||
* tcrypt: use hash values as substring for limiting KDF check.
|
||||
* Add Aria cipher support and block size info.
|
||||
* Do not decrease PBKDF parameters if the user forces them.
|
||||
* Support OpenSSL 3.2 Argon2 implementation.
|
||||
* Add support for Argon2 from libgcrypt
|
||||
(requires yet unreleased gcrypt 1.11).
|
||||
* Used Argon2 PBKDF implementation is now reported in debug mode
|
||||
in the cryptographic backend version. For native support in
|
||||
OpenSSL 3.2 or libgcrypt 1.11, "argon2" is displayed.
|
||||
If libargon2 is used, "cryptsetup libargon2" (for embedded
|
||||
library) or "external libargon2" is displayed.
|
||||
* Link only libcrypto from OpenSSL.
|
||||
* Disable reencryption for Direct-Access (DAX) devices.
|
||||
* Print a warning message if the device is not aligned to sector size.
|
||||
* Fix sector size and integrity fields display for non-LUKS2 crypt
|
||||
devices for the status command.
|
||||
* Fix suspend for LUKS2 with authenticated encryption (also suspend
|
||||
dm-integrity device underneath).
|
||||
* Update keyring and locking documentation and LUKS2 specification
|
||||
for OPAL2 support.
|
||||
* Remove patches fixed upstream:
|
||||
- cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
|
||||
- cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
|
||||
- cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 13 09:46:24 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package cryptsetup
|
||||
#
|
||||
# Copyright (c) 2023 SUSE LLC
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -18,21 +18,17 @@
|
||||
|
||||
%define so_ver 12
|
||||
Name: cryptsetup
|
||||
Version: 2.6.1
|
||||
Version: 2.7.0
|
||||
Release: 0
|
||||
Summary: Setup program for dm-crypt Based Encrypted Block Devices
|
||||
License: LGPL-2.0-or-later AND SUSE-GPL-2.0-with-openssl-exception
|
||||
Group: System/Base
|
||||
URL: https://gitlab.com/cryptsetup/cryptsetup/
|
||||
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-%{version}.tar.xz
|
||||
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-%{version}.tar.xz
|
||||
# GPG signature of the uncompressed tarball.
|
||||
Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-%{version}.tar.sign
|
||||
Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-%{version}.tar.sign
|
||||
Source2: baselibs.conf
|
||||
Source3: cryptsetup.keyring
|
||||
#PATCH-FIX-UPSTREAM bsc#1211079 luksFormat: handle system with low memory and no swap space
|
||||
Patch0: cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
|
||||
Patch1: cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
|
||||
Patch2: cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
|
||||
BuildRequires: device-mapper-devel
|
||||
BuildRequires: libjson-c-devel
|
||||
BuildRequires: libpwquality-devel
|
||||
|
Loading…
Reference in New Issue
Block a user