From 9a7370c09bb2ae5b4ba7a1d4115c26e9bd4be56f10a875ba4bfcd03a35e8fbc6 Mon Sep 17 00:00:00 2001 From: Pedro Monreal Gonzalez Date: Mon, 29 Jan 2024 17:02:57 +0000 Subject: [PATCH] Accepting request 1142596 from home:pmonrealgonzalez:branches:security - Update to 2.7.0: * Full changelog in: mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes * Introduce support for hardware OPAL disk encryption. * plain mode: Set default cipher to aes-xts-plain64 and password hashing to sha256. * Allow activation (open), luksResume, and luksAddKey to use the volume key stored in a keyring. * Allow to store volume key to a user-specified keyring in open and luksResume commands. * Do not flush IO operations if resize grows the device. This can help performance in specific cases where the encrypted device is extended automatically while running many IO operations. * Use only half of detected free memory for Argon2 PBKDF on systems without swap (for LUKS2 new keyslot or format operations). * Add the possibility to specify a directory for external LUKS2 token handlers (plugins). * Do not allow reencryption/decryption on LUKS2 devices with authenticated encryption or hardware (OPAL) encryption. * Do not fail LUKS format if the operation was interrupted on subsequent device wipe. * Fix the LUKS2 keyslot option to be used while activating the device by a token. * Properly report if the dm-verity device cannot be activated due to the inability to verify the signed root hash (ENOKEY). * Fix to check passphrase for selected keyslot only when adding new keyslot. * Fix to not wipe the keyslot area before in-place overwrite. * bitlk: Fix segfaults when attempting to verify the volume key. * Add --disable-blkid command line option to avoid blkid device check. OBS-URL: https://build.opensuse.org/request/show/1142596 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=192 --- cryptsetup-2.6.1.tar.sign | 16 -- cryptsetup-2.6.1.tar.xz | 3 - cryptsetup-2.7.0.tar.sign | 16 ++ cryptsetup-2.7.0.tar.xz | 3 + ...al-memory-available-also-in-PBKDF-be.patch | 72 -------- ...-killer-on-low-memory-systems-withou.patch | 160 ------------------ ...-detected-free-memory-on-systems-wit.patch | 41 ----- cryptsetup.changes | 66 ++++++++ cryptsetup.spec | 12 +- 9 files changed, 89 insertions(+), 300 deletions(-) delete mode 100644 cryptsetup-2.6.1.tar.sign delete mode 100644 cryptsetup-2.6.1.tar.xz create mode 100644 cryptsetup-2.7.0.tar.sign create mode 100644 cryptsetup-2.7.0.tar.xz delete mode 100644 cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch delete mode 100644 cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch delete mode 100644 cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch diff --git a/cryptsetup-2.6.1.tar.sign b/cryptsetup-2.6.1.tar.sign deleted file mode 100644 index 5730336..0000000 --- a/cryptsetup-2.6.1.tar.sign +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmPlHwIACgkQ2bBXe9k+ -mPwtxg/+PohA6Ygk3e61i0IZmLdvHO2PJG3JefLxf1QDqImkKcALgUdNrt/qv1SZ -CBtM4pmYXfhIpYzavSPZdAC0nLvKkx66PpQRCk/ZmUSNZJ8IzmoM5MPZhWLspYtK -Z4mVXJz+UVdCAf7ayK7li9A+a947jpVKFlc5hSiQ8SnmkT8X0MhqGPLsO9Z6ndNK -+VpBPozZ1YQ6THYp2so5lF3BW9G6YAkm5XhN6IQreDCdZwF0Y4lff6G9PNHFSLpC -k9yLmvUgDsDNTcEjXeKbtvIlOzjjHfhJkEmyo9jNDWNUSU6wt5RqnCZmd1VbCQyB -HVCKb9Y0Yoz9rvzFBWnU6d1ZCe3aKLrVF89yK6mJ7CYh4CVURMJmIJ+1rEeg2z5n -NhXSLrMMF+Q9P/VNupOMec1DOg2OMRKExps5r7kvDeVOz9FmJoguMxAu1+dt0Ze8 -4b86ii2F+Py2tOy5OzQu7PvQkKbl8dvi8qJM8cEovKIsWiHTp/2Heo0gjXaLJ/kK -v/821T9v3ZO7dmtlhgps9q4xEjWV/u3kWwXXFgEtKby48UVzTGNXsDDdkrVEdy2J -jKBnqO31mGa8ButNRQvZ6rEOPFaCmdpy95/u5v22LhlACdkEwt5Cky0t6NMKSpvp -sSgVzYmU6Pk5RdOzZCt1pyIPwEfJa1y5N1k/kuBasdqPw95RRsM= -=m/Re ------END PGP SIGNATURE----- diff --git a/cryptsetup-2.6.1.tar.xz b/cryptsetup-2.6.1.tar.xz deleted file mode 100644 index aeb3569..0000000 --- a/cryptsetup-2.6.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:410ded65a1072ab9c8e41added37b9729c087fef4d2db02bb4ef529ad6da4693 -size 11402380 diff --git a/cryptsetup-2.7.0.tar.sign b/cryptsetup-2.7.0.tar.sign new file mode 100644 index 0000000..98e50ac --- /dev/null +++ b/cryptsetup-2.7.0.tar.sign @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmWw5zoACgkQ2bBXe9k+ +mPztwhAAh8ieUWCcw7WwW4lc00ZH77sLc7Ro5J2/0ZAg/HpowOqGqhzJQZ+KJdeF +b6mebw7mKq4PHyzUS7Rba4wQiVEUD2kAQuoyXZJljsxegFOc1LxL/DSOCt7IFJyc +WB+525kPoRrpBWJhGXMn4OcVaelmIJAgDFHcYAccJJTKNgPjDrivpkTAxUsfdTTf +a1F/4I2o7eP5zkWkPqqQIvXzlwQnfD5ulZvnJ30t8E/07CZJ5Hf9iLRa6vruo7Rg +8cJHcOu4MhjuMu+oDvuefj8hM4FyfLU+tt0L7Z3iOZXAGffe+iQUQUyChvN/waEI +R8mpdc89amTHkMTCjYOo2X4sAH9a7mo5L2v+rm5NTZTZn53Gy1Ytbzy2agXY+ebf +DeKTVL3KTMe6KvQUfIqMSrM9oub6o8JDfO+0La9GSkNU/1VvHU5LK3FIomuP8Top +BPfdL8IxSgIityBbby1ZQD97aIgzPZkGsC7/5bVY7mj/LUZxJK61p49U0dlolwss +uzJarjAtDY0iNCfOv/AKZGnVzHAc2cEmVKJ6X243h2NRB5z1snFP8lDtB2AIdcUf +0vEZz1HcwW1de1C0jjQsf9elkeVJfrsFhRhRrEEiHyplR3/uaVwUtrDGOxPsRE+J +SE2sSfURqQPuBKeTO/ymVDt7G0iPd8Ts/BOhQYTn94rsjhONiz8= +=6sya +-----END PGP SIGNATURE----- diff --git a/cryptsetup-2.7.0.tar.xz b/cryptsetup-2.7.0.tar.xz new file mode 100644 index 0000000..a16ae14 --- /dev/null +++ b/cryptsetup-2.7.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:94003a00cd5a81944f45e8dc529e0cfd2a6ff629bd2cd21cf5e574e465daf795 +size 11632432 diff --git a/cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch b/cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch deleted file mode 100644 index 3b22f0c..0000000 --- a/cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 7893c33d71cde09e240234c484c6c468f22c2fe7 Mon Sep 17 00:00:00 2001 -From: Milan Broz -Date: Mon, 3 Apr 2023 13:31:16 +0200 -Subject: [PATCH] Check for physical memory available also in PBKDF benchmark. - ---- - lib/internal.h | 1 + - lib/utils_benchmark.c | 9 +++++++++ - lib/utils_pbkdf.c | 4 ++-- - 3 files changed, 12 insertions(+), 2 deletions(-) - -Index: cryptsetup-2.6.1/lib/internal.h -=================================================================== ---- cryptsetup-2.6.1.orig/lib/internal.h -+++ cryptsetup-2.6.1/lib/internal.h -@@ -89,6 +89,7 @@ int crypt_benchmark_pbkdf_internal(struc - struct crypt_pbkdf_type *pbkdf, - size_t volume_key_size); - const char *crypt_get_cipher_spec(struct crypt_device *cd); -+uint32_t pbkdf_adjusted_phys_memory_kb(void); - - /* Device backend */ - struct device; -Index: cryptsetup-2.6.1/lib/utils_benchmark.c -=================================================================== ---- cryptsetup-2.6.1.orig/lib/utils_benchmark.c -+++ cryptsetup-2.6.1/lib/utils_benchmark.c -@@ -101,6 +101,7 @@ int crypt_benchmark_pbkdf(struct crypt_d - { - int r, priority; - const char *kdf_opt; -+ uint32_t memory_kb; - - if (!pbkdf || (!password && password_size)) - return -EINVAL; -@@ -113,6 +114,14 @@ int crypt_benchmark_pbkdf(struct crypt_d - - log_dbg(cd, "Running %s(%s) benchmark.", pbkdf->type, kdf_opt); - -+ memory_kb = pbkdf_adjusted_phys_memory_kb(); -+ if (memory_kb < pbkdf->max_memory_kb) { -+ log_dbg(cd, "Not enough physical memory detected, " -+ "PBKDF max memory decreased from %dkB to %dkB.", -+ pbkdf->max_memory_kb, memory_kb); -+ pbkdf->max_memory_kb = memory_kb; -+ } -+ - crypt_process_priority(cd, &priority, true); - r = crypt_pbkdf_perf(pbkdf->type, pbkdf->hash, password, password_size, - salt, salt_size, volume_key_size, pbkdf->time_ms, -Index: cryptsetup-2.6.1/lib/utils_pbkdf.c -=================================================================== ---- cryptsetup-2.6.1.orig/lib/utils_pbkdf.c -+++ cryptsetup-2.6.1/lib/utils_pbkdf.c -@@ -61,7 +61,7 @@ const struct crypt_pbkdf_type *crypt_get - return NULL; - } - --static uint32_t adjusted_phys_memory(void) -+uint32_t pbkdf_adjusted_phys_memory_kb(void) - { - uint64_t memory_kb = crypt_getphysmemory_kb(); - -@@ -249,7 +249,7 @@ int init_pbkdf_type(struct crypt_device - } - - if (cd_pbkdf->max_memory_kb) { -- memory_kb = adjusted_phys_memory(); -+ memory_kb = pbkdf_adjusted_phys_memory_kb(); - if (cd_pbkdf->max_memory_kb > memory_kb) { - log_dbg(cd, "Not enough physical memory detected, " - "PBKDF max memory decreased from %dkB to %dkB.", diff --git a/cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch b/cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch deleted file mode 100644 index 4b61884..0000000 --- a/cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch +++ /dev/null @@ -1,160 +0,0 @@ -From 899bad8c06957a94a198d1eaa293ed8db205f1de Mon Sep 17 00:00:00 2001 -From: Milan Broz -Date: Mon, 20 Feb 2023 16:45:36 +0100 -Subject: [PATCH] Try to avoid OOM killer on low-memory systems without swap. - -Benchmark for memory-hard KDF is tricky, seems that relying -on maximum half of physical memory is not enough. - -Let's allow only free physical available space if there is no swap. -This should not cause changes on normal systems, at least. ---- - lib/internal.h | 2 ++ - lib/utils.c | 47 ++++++++++++++++++++++++++++++++++++++++++++++ - lib/utils_pbkdf.c | 11 ++++++++++- - tests/api-test-2.c | 12 ++++++++---- - 4 files changed, 67 insertions(+), 5 deletions(-) - -Index: cryptsetup-2.6.1/lib/internal.h -=================================================================== ---- cryptsetup-2.6.1.orig/lib/internal.h -+++ cryptsetup-2.6.1/lib/internal.h -@@ -169,6 +169,8 @@ int crypt_uuid_cmp(const char *dm_uuid, - size_t crypt_getpagesize(void); - unsigned crypt_cpusonline(void); - uint64_t crypt_getphysmemory_kb(void); -+uint64_t crypt_getphysmemoryfree_kb(void); -+bool crypt_swapavailable(void); - - int init_crypto(struct crypt_device *ctx); - -Index: cryptsetup-2.6.1/lib/utils.c -=================================================================== ---- cryptsetup-2.6.1.orig/lib/utils.c -+++ cryptsetup-2.6.1/lib/utils.c -@@ -59,6 +59,53 @@ uint64_t crypt_getphysmemory_kb(void) - return phys_memory_kb; - } - -+uint64_t crypt_getphysmemoryfree_kb(void) -+{ -+ long pagesize, phys_pages; -+ uint64_t phys_memoryfree_kb; -+ -+ pagesize = sysconf(_SC_PAGESIZE); -+ phys_pages = sysconf(_SC_AVPHYS_PAGES); -+ -+ if (pagesize < 0 || phys_pages < 0) -+ return 0; -+ -+ phys_memoryfree_kb = pagesize / 1024; -+ phys_memoryfree_kb *= phys_pages; -+ -+ return phys_memoryfree_kb; -+} -+ -+bool crypt_swapavailable(void) -+{ -+ int fd; -+ ssize_t size; -+ char buf[4096], *p; -+ uint64_t total; -+ -+ if ((fd = open("/proc/meminfo", O_RDONLY)) < 0) -+ return true; -+ -+ size = read(fd, buf, sizeof(buf)); -+ close(fd); -+ if (size < 1) -+ return true; -+ -+ if (size < (ssize_t)sizeof(buf)) -+ buf[size] = 0; -+ else -+ buf[sizeof(buf) - 1] = 0; -+ -+ p = strstr(buf, "SwapTotal:"); -+ if (!p) -+ return true; -+ -+ if (sscanf(p, "SwapTotal: %" PRIu64 " kB", &total) != 1) -+ return true; -+ -+ return total > 0; -+} -+ - void crypt_process_priority(struct crypt_device *cd, int *priority, bool raise) - { - int _priority, new_priority; -Index: cryptsetup-2.6.1/lib/utils_pbkdf.c -=================================================================== ---- cryptsetup-2.6.1.orig/lib/utils_pbkdf.c -+++ cryptsetup-2.6.1/lib/utils_pbkdf.c -@@ -63,7 +63,7 @@ const struct crypt_pbkdf_type *crypt_get - - uint32_t pbkdf_adjusted_phys_memory_kb(void) - { -- uint64_t memory_kb = crypt_getphysmemory_kb(); -+ uint64_t free_kb, memory_kb = crypt_getphysmemory_kb(); - - /* Ignore bogus value */ - if (memory_kb < (128 * 1024) || memory_kb > UINT32_MAX) -@@ -75,6 +75,15 @@ uint32_t pbkdf_adjusted_phys_memory_kb(v - */ - memory_kb /= 2; - -+ /* -+ * Never use more that available free space on system without swap. -+ */ -+ if (!crypt_swapavailable()) { -+ free_kb = crypt_getphysmemoryfree_kb(); -+ if (free_kb > (64 * 1024) && free_kb < memory_kb) -+ return free_kb; -+ } -+ - return memory_kb; - } - -Index: cryptsetup-2.6.1/tests/api-test-2.c -=================================================================== ---- cryptsetup-2.6.1.orig/tests/api-test-2.c -+++ cryptsetup-2.6.1/tests/api-test-2.c -@@ -2802,7 +2802,8 @@ static void Pbkdf(void) - OK_(strcmp(pbkdf->type, default_luks2_pbkdf)); - OK_(strcmp(pbkdf->hash, default_luks1_hash)); - EQ_(pbkdf->time_ms, default_luks2_iter_time); -- EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory()); -+ GE_(pbkdf->max_memory_kb, 64 * 1024); -+ GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb); - EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads)); - // set and verify argon2 type - OK_(crypt_set_pbkdf_type(cd, &argon2)); -@@ -2827,7 +2828,8 @@ static void Pbkdf(void) - OK_(strcmp(pbkdf->type, default_luks2_pbkdf)); - OK_(strcmp(pbkdf->hash, default_luks1_hash)); - EQ_(pbkdf->time_ms, default_luks2_iter_time); -- EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory()); -+ GE_(pbkdf->max_memory_kb, 64 * 1024); -+ GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb); - EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads)); - // try to pass illegal values - argon2.parallel_threads = 0; -@@ -2858,14 +2860,16 @@ static void Pbkdf(void) - OK_(strcmp(pbkdf->type, default_luks2_pbkdf)); - OK_(strcmp(pbkdf->hash, default_luks1_hash)); - EQ_(pbkdf->time_ms, default_luks2_iter_time); -- EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory()); -+ GE_(pbkdf->max_memory_kb, 64 * 1024); -+ GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb); - EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads)); - crypt_set_iteration_time(cd, 1); - OK_(crypt_load(cd, CRYPT_LUKS, NULL)); - OK_(strcmp(pbkdf->type, default_luks2_pbkdf)); - OK_(strcmp(pbkdf->hash, default_luks1_hash)); - EQ_(pbkdf->time_ms, 1); -- EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory()); -+ GE_(pbkdf->max_memory_kb, 64 * 1024); -+ GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb); - EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads)); - CRYPT_FREE(cd); - diff --git a/cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch b/cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch deleted file mode 100644 index ac5ab35..0000000 --- a/cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 6721d3a8b29b13fe88aeeaefe09d457e99d1c6fa Mon Sep 17 00:00:00 2001 -From: Milan Broz -Date: Mon, 17 Apr 2023 13:41:17 +0200 -Subject: [PATCH] Use only half of detected free memory on systems without - swap. - -As tests shows, limiting used Argon2 memory to free memory on -systems without swap is still not enough. -Use just half of it, this should bring needed margin while -still use Argon2. - -Note, for very-low memory constrained systems user should -avoid memory-hard PBKDF (IOW manually select PBKDF2), we -do not do this automatically. ---- - lib/utils_pbkdf.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -Index: cryptsetup-2.6.1/lib/utils_pbkdf.c -=================================================================== ---- cryptsetup-2.6.1.orig/lib/utils_pbkdf.c -+++ cryptsetup-2.6.1/lib/utils_pbkdf.c -@@ -76,10 +76,17 @@ uint32_t pbkdf_adjusted_phys_memory_kb(v - memory_kb /= 2; - - /* -- * Never use more that available free space on system without swap. -+ * Never use more that half of available free memory on system without swap. - */ - if (!crypt_swapavailable()) { - free_kb = crypt_getphysmemoryfree_kb(); -+ -+ /* -+ * Using exactly free memory causes OOM too, use only half of the value. -+ * Ignore small values (< 64MB), user should use PBKDF2 in such environment. -+ */ -+ free_kb /= 2; -+ - if (free_kb > (64 * 1024) && free_kb < memory_kb) - return free_kb; - } diff --git a/cryptsetup.changes b/cryptsetup.changes index 0d7c453..b9e2a96 100644 --- a/cryptsetup.changes +++ b/cryptsetup.changes @@ -1,3 +1,69 @@ +------------------------------------------------------------------- +Mon Jan 29 16:40:40 UTC 2024 - Pedro Monreal + +- Update to 2.7.0: + * Full changelog in: + mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes + * Introduce support for hardware OPAL disk encryption. + * plain mode: Set default cipher to aes-xts-plain64 and password hashing + to sha256. + * Allow activation (open), luksResume, and luksAddKey to use the volume + key stored in a keyring. + * Allow to store volume key to a user-specified keyring in open and + luksResume commands. + * Do not flush IO operations if resize grows the device. + This can help performance in specific cases where the encrypted device + is extended automatically while running many IO operations. + * Use only half of detected free memory for Argon2 PBKDF on systems + without swap (for LUKS2 new keyslot or format operations). + * Add the possibility to specify a directory for external LUKS2 token + handlers (plugins). + * Do not allow reencryption/decryption on LUKS2 devices with + authenticated encryption or hardware (OPAL) encryption. + * Do not fail LUKS format if the operation was interrupted on subsequent + device wipe. + * Fix the LUKS2 keyslot option to be used while activating the device + by a token. + * Properly report if the dm-verity device cannot be activated due to + the inability to verify the signed root hash (ENOKEY). + * Fix to check passphrase for selected keyslot only when adding + new keyslot. + * Fix to not wipe the keyslot area before in-place overwrite. + * bitlk: Fix segfaults when attempting to verify the volume key. + * Add --disable-blkid command line option to avoid blkid device check. + * Add support for the meson build system. + * Fix wipe operation that overwrites the whole device if used for LUKS2 + header with no keyslot area. + * Fix luksErase to work with detached LUKS header. + * Disallow the use of internal kernel crypto driver names in "capi" + specification. + * Fix reencryption to fail early for unknown cipher. + * tcrypt: Support new Blake2 hash for VeraCrypt. + * tcrypt: use hash values as substring for limiting KDF check. + * Add Aria cipher support and block size info. + * Do not decrease PBKDF parameters if the user forces them. + * Support OpenSSL 3.2 Argon2 implementation. + * Add support for Argon2 from libgcrypt + (requires yet unreleased gcrypt 1.11). + * Used Argon2 PBKDF implementation is now reported in debug mode + in the cryptographic backend version. For native support in + OpenSSL 3.2 or libgcrypt 1.11, "argon2" is displayed. + If libargon2 is used, "cryptsetup libargon2" (for embedded + library) or "external libargon2" is displayed. + * Link only libcrypto from OpenSSL. + * Disable reencryption for Direct-Access (DAX) devices. + * Print a warning message if the device is not aligned to sector size. + * Fix sector size and integrity fields display for non-LUKS2 crypt + devices for the status command. + * Fix suspend for LUKS2 with authenticated encryption (also suspend + dm-integrity device underneath). + * Update keyring and locking documentation and LUKS2 specification + for OPAL2 support. + * Remove patches fixed upstream: + - cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch + - cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch + - cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch + ------------------------------------------------------------------- Thu Jul 13 09:46:24 UTC 2023 - Pedro Monreal diff --git a/cryptsetup.spec b/cryptsetup.spec index a580c1b..5da1a36 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -1,7 +1,7 @@ # # spec file for package cryptsetup # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,21 +18,17 @@ %define so_ver 12 Name: cryptsetup -Version: 2.6.1 +Version: 2.7.0 Release: 0 Summary: Setup program for dm-crypt Based Encrypted Block Devices License: LGPL-2.0-or-later AND SUSE-GPL-2.0-with-openssl-exception Group: System/Base URL: https://gitlab.com/cryptsetup/cryptsetup/ -Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-%{version}.tar.xz +Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-%{version}.tar.xz # GPG signature of the uncompressed tarball. -Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-%{version}.tar.sign +Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-%{version}.tar.sign Source2: baselibs.conf Source3: cryptsetup.keyring -#PATCH-FIX-UPSTREAM bsc#1211079 luksFormat: handle system with low memory and no swap space -Patch0: cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch -Patch1: cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch -Patch2: cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch BuildRequires: device-mapper-devel BuildRequires: libjson-c-devel BuildRequires: libpwquality-devel