From 8d2c1398f01ae936683e8ac407febb20016add6a1021c16a3cc192cecdff4e57 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Mon, 2 Aug 2021 15:10:27 +0000 Subject: [PATCH 1/6] - crypsetup 2.4.0~rc1 * External LUKS token plugins * Experimental SSH token * Default LUKS2 PBKDF is now Argon2id * Increase minimal memory cost for Argon2 benchmark to 64MiB. * Autodetect optimal encryption sector size on LUKS2 format. * Use VeraCrypt option by default and add --disable-veracrypt option. * Support --hash and --cipher to limit opening time for TCRYPT type * Fixed default OpenSSL crypt backend support for OpenSSL3. * integritysetup: add integrity-recalculate-reset flag. * cryptsetup: retains keyslot number in luksChangeKey for LUKS2. * Fix cryptsetup resize using LUKS2 tokens. * Add close --deferred and --cancel-deferred options. * Rewritten command-line option parsing to avoid libpopt arguments memory leaks. * Add --test-args option. - switch to LUKS2 default format OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=170 --- cryptsetup-2.3.6.tar.sign | 16 ---------------- cryptsetup-2.3.6.tar.xz | 3 --- cryptsetup-2.4.0-rc1.tar.sign | 16 ++++++++++++++++ cryptsetup-2.4.0-rc1.tar.xz | 3 +++ cryptsetup.changes | 21 +++++++++++++++++++++ cryptsetup.spec | 29 +++++++++++++++++++++++------ 6 files changed, 63 insertions(+), 25 deletions(-) delete mode 100644 cryptsetup-2.3.6.tar.sign delete mode 100644 cryptsetup-2.3.6.tar.xz create mode 100644 cryptsetup-2.4.0-rc1.tar.sign create mode 100644 cryptsetup-2.4.0-rc1.tar.xz diff --git a/cryptsetup-2.3.6.tar.sign b/cryptsetup-2.3.6.tar.sign deleted file mode 100644 index 732ed12..0000000 --- a/cryptsetup-2.3.6.tar.sign +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmCwxOgACgkQ2bBXe9k+ -mPzlCg//XVdN6WnGhf35DT2f39GpSUimEAmkK/P3xKYGouzlUEac20mzXsNvkv+H -BpTN507H44ThgQENPAaKTea9FkqpZIcoBZcPnTXJOQ/ZIfR+iglb4zF9lR1PuVx7 -PuyVZ7BgMxM6lFvOwt5/bkktCDn8uX0nYvzqf9DXWVFUm973NayqftxsbgPa+4DT -vW2E87sJOM2NLw6psPu3o+wYkKm4N1r+M9JCWNqY8bwvlV5YbW4yBifZl4oU+99l -VXcqgSQunAvEzRPhtwCUxfYNRULx6xknNZVuwl37sSYgDpjjooy+6qjz1PX8g/qa -4/Wc0u2q/QmIUq13D2dFdQIrfDaZEJe8d0/yyaCnxPlCVFOhmr31U08o2pK1zJSK -duUqWVIKQNSFafygrPTeMRhZ1L2iwJZgjuCDyhoJSa62kGvYcLxjEoXjRmeiLXAn -7aVrmbf4tmJUJ8EUden40JM7MxPeKwHfUhE4Aq//qDfPVId7YFdgnBh6PmwUcyRm -HTyNJP8ULFX+u+v9C5YbXxb+h6xb65wzQDY1T1IPEJicIu/kv/syac/9QUkF9yG+ -Gsxaq9Ath2UYp7NW11/LXW0jmWVcM2eOfZi6xg8+vT6HWxG58Qzh//gPoLBpzBOj -E94vQim+q+ky0ePAqi2uEfZUiiID2ns4JYeXoYkxx9aGl/eRrp8= -=AlrZ ------END PGP SIGNATURE----- diff --git a/cryptsetup-2.3.6.tar.xz b/cryptsetup-2.3.6.tar.xz deleted file mode 100644 index 091c573..0000000 --- a/cryptsetup-2.3.6.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b296b7a21ea576c2b180611ccb19d06aec8dddaedf7c704b0c6a81210c25635f -size 11154148 diff --git a/cryptsetup-2.4.0-rc1.tar.sign b/cryptsetup-2.4.0-rc1.tar.sign new file mode 100644 index 0000000..851404c --- /dev/null +++ b/cryptsetup-2.4.0-rc1.tar.sign @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmEDH9gACgkQ2bBXe9k+ +mPwgSw//cRgUyjZ0bjPSQo1S6dVbNPTh2bMjcAgZ7Y+MJWBLFmS7ltHOw+7JxpZM +KXvo5MDXqCtl1WC5tfqsfCEEbEW/MjeC94hjc3Yl/9yFJVlFh75OcuKzp6vpNcXr +5LAo4nHAp92W+pw9xLsDDc4N3CkaKxmxO0JUwkiHFFv9oic4BwYOCRmG0r0OPkuf +wzFsUBfn+7POQ34qdkpJmaJFo35ellTVbC5tYW1PdHOmB70i4bqFeQ1r3KNfVZa0 +ZHD5ulWBagxfn2bnAaGvoCYofa4V12ZcJz+U4o744R0lqS2rbjKGqa0mpd4w/bxa +5zjT7eJqe6rLqjMbo//jTLB3G47828s3M6U0uBquJZ8sJk5MkdJK2M7Jprwq4eK4 ++wZdRRpXtYiprR24DeE3lR7/83UcMH12IDQRwFPaihOmQxESw3c+qn37X0P6rXtJ +NpX4ux+TT/YJiO8L/u7f6OkC0Zn6p4icEGfo684VNHEhqIUvMueKGYLwsWjHEnHY +/WWTYz5TJcqrWoxxTnD/0/Fpgawa1Dquv7gda0gibYhVpCy9Ti8QBI+0IvnyZ4iW +K2rs3bavygh1GEpVjbOxbgt2cRIhEz1+hyM8RlZnQrHkSGMI/moL5FlFeL28WUkD +DLCWjpXU0jNyrBev4IWuc+fuDaWOElu3AB8vjcoSCA7tTbHGfuE= +=YNRk +-----END PGP SIGNATURE----- diff --git a/cryptsetup-2.4.0-rc1.tar.xz b/cryptsetup-2.4.0-rc1.tar.xz new file mode 100644 index 0000000..3c65e80 --- /dev/null +++ b/cryptsetup-2.4.0-rc1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d807059923985567386ec709aa13c8fd093b0cb1cd1613d0a8ace0eb194ee9b3 +size 11148144 diff --git a/cryptsetup.changes b/cryptsetup.changes index c3955f9..962b908 100644 --- a/cryptsetup.changes +++ b/cryptsetup.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Mon Aug 2 14:43:51 UTC 2021 - Ludwig Nussel + +- crypsetup 2.4.0~rc1 + * External LUKS token plugins + * Experimental SSH token + * Default LUKS2 PBKDF is now Argon2id + * Increase minimal memory cost for Argon2 benchmark to 64MiB. + * Autodetect optimal encryption sector size on LUKS2 format. + * Use VeraCrypt option by default and add --disable-veracrypt option. + * Support --hash and --cipher to limit opening time for TCRYPT type + * Fixed default OpenSSL crypt backend support for OpenSSL3. + * integritysetup: add integrity-recalculate-reset flag. + * cryptsetup: retains keyslot number in luksChangeKey for LUKS2. + * Fix cryptsetup resize using LUKS2 tokens. + * Add close --deferred and --cancel-deferred options. + * Rewritten command-line option parsing to avoid libpopt arguments + memory leaks. + * Add --test-args option. +- switch to LUKS2 default format + ------------------------------------------------------------------- Thu Jul 1 12:50:25 UTC 2021 - Ludwig Nussel diff --git a/cryptsetup.spec b/cryptsetup.spec index c5ff823..0ca0fa6 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -16,21 +16,22 @@ # +%define tar_version 2.4.0-rc1 %define so_ver 12 %if 0%{?is_backports} Name: cryptsetup2 %else Name: cryptsetup %endif -Version: 2.3.6 +Version: 2.4.0~rc1 Release: 0 Summary: Setup program for dm-crypt Based Encrypted Block Devices License: SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later Group: System/Base URL: https://gitlab.com/cryptsetup/cryptsetup/ -Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-%{version}.tar.xz +Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{tar_version}.tar.xz # GPG signature of the uncompressed tarball. -Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-%{version}.tar.sign +Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{tar_version}.tar.sign Source2: baselibs.conf Source3: cryptsetup.keyring Source4: %{name}-rpmlintrc @@ -48,6 +49,7 @@ BuildRequires: popt-devel BuildRequires: suse-module-tools BuildRequires: pkgconfig(blkid) BuildRequires: pkgconfig(libargon2) +BuildRequires: pkgconfig(libssh) BuildRequires: pkgconfig(openssl) Requires(post): coreutils Requires(postun): coreutils @@ -66,6 +68,15 @@ volumes as well as LUKS formatted ones. The package additionally includes support for automatically setting up encrypted volumes at boot time via the config file %{_sysconfdir}/crypttab. + +%package ssh +Summary: Cryptsetup LUKS2 SSH token +Group: System/Base + +%description ssh +Experimental cryptsetup plugin for unlocking LUKS2 devices with +token connected to an SSH server. + %package -n libcryptsetup%{so_ver} Summary: Library for setting up dm-crypt Based Encrypted Block Devices Group: System/Libraries @@ -108,7 +119,7 @@ includes support for automatically setting up encrypted volumes at boot time via the config file %{_sysconfdir}/crypttab. %prep -%setup -n cryptsetup-%{version} -q +%autosetup -n cryptsetup-%{tar_version} %if 0%{?is_backports} sed -i -e '/AC_INIT/s/cryptsetup/cryptsetup2/' configure.ac autoreconf -f -i @@ -122,7 +133,6 @@ autoreconf -f -i --enable-pwquality \ --enable-gcrypt-pbkdf2 \ --enable-libargon2 \ - --with-default-luks-format=LUKS1 \ --with-luks2-lock-path=/run/cryptsetup \ --with-tmpfilesdir='%{_tmpfilesdir}' %make_build @@ -173,7 +183,7 @@ find %{buildroot} -type f -name "*.la" -delete -print %files %license COPYING* -%doc AUTHORS FAQ README TODO docs/ChangeLog.old docs/*ReleaseNotes +%doc AUTHORS FAQ README.md docs/*ReleaseNotes %if !0%{?usrmerged} /sbin/cryptsetup%{?is_backports:2} %endif @@ -204,4 +214,11 @@ find %{buildroot} -type f -name "*.la" -delete -print %{_libdir}/libcryptsetup.so %{_libdir}/pkgconfig/* +%files ssh +%license COPYING COPYING.LGPL +%dir %{_libdir}/%{name} +%{_libdir}/%{name}/libcryptsetup-token-ssh.so +%{_mandir}/man8/cryptsetup-ssh.8.gz +%{_sbindir}/cryptsetup-ssh + %changelog From db71e925b5a2a7513198051328c20ef155cd3db412462c7f82e831a562813f52 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Mon, 2 Aug 2021 15:43:50 +0000 Subject: [PATCH 2/6] merge OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=171 --- cryptsetup.changes | 8 ++++++++ cryptsetup.spec | 9 ++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/cryptsetup.changes b/cryptsetup.changes index 962b908..91207e3 100644 --- a/cryptsetup.changes +++ b/cryptsetup.changes @@ -19,6 +19,14 @@ Mon Aug 2 14:43:51 UTC 2021 - Ludwig Nussel * Add --test-args option. - switch to LUKS2 default format +------------------------------------------------------------------- +Mon Aug 2 12:39:40 UTC 2021 - Fabian Vogt + +- Use LUKS2 as default format on Tumbleweed. + It provides some additional features which other tools + (e.g. systemd-cryptenroll) rely on. GRUB 2.06 supports unlocking + LUKS2 volumes meanwhile. + ------------------------------------------------------------------- Thu Jul 1 12:50:25 UTC 2021 - Ludwig Nussel diff --git a/cryptsetup.spec b/cryptsetup.spec index 0ca0fa6..3f64d42 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -26,7 +26,7 @@ Name: cryptsetup Version: 2.4.0~rc1 Release: 0 Summary: Setup program for dm-crypt Based Encrypted Block Devices -License: SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later +License: LGPL-2.0-or-later AND SUSE-GPL-2.0-with-openssl-exception Group: System/Base URL: https://gitlab.com/cryptsetup/cryptsetup/ Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{tar_version}.tar.xz @@ -58,6 +58,10 @@ BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool %endif +%if %{?suse_version} >= 1550 +# LUKS2 used as default format, which GRUB < 2.06 can't read +Conflicts: grub2 < 2.06 +%endif %lang_package(cryptsetup) @@ -133,6 +137,9 @@ autoreconf -f -i --enable-pwquality \ --enable-gcrypt-pbkdf2 \ --enable-libargon2 \ +%if %{?suse_version} < 1550 + --with-default-luks-format=LUKS1 \ +%endif --with-luks2-lock-path=/run/cryptsetup \ --with-tmpfilesdir='%{_tmpfilesdir}' %make_build From c25748051d2f1141442e245e0cfe1d545f5547b8a719ab255c785482d2274871 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Tue, 3 Aug 2021 13:44:07 +0000 Subject: [PATCH 3/6] - need to use PBKDF2 by default for LUKS2 as grub can't decrypt when using Argon. OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=172 --- cryptsetup.changes | 7 ++++++- cryptsetup.spec | 1 + 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/cryptsetup.changes b/cryptsetup.changes index 91207e3..bb88f9b 100644 --- a/cryptsetup.changes +++ b/cryptsetup.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Aug 3 13:42:20 UTC 2021 - Ludwig Nussel + +- need to use PBKDF2 by default for LUKS2 as grub can't decrypt when + using Argon. + ------------------------------------------------------------------- Mon Aug 2 14:43:51 UTC 2021 - Ludwig Nussel @@ -17,7 +23,6 @@ Mon Aug 2 14:43:51 UTC 2021 - Ludwig Nussel * Rewritten command-line option parsing to avoid libpopt arguments memory leaks. * Add --test-args option. -- switch to LUKS2 default format ------------------------------------------------------------------- Mon Aug 2 12:39:40 UTC 2021 - Fabian Vogt diff --git a/cryptsetup.spec b/cryptsetup.spec index 3f64d42..345990c 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -140,6 +140,7 @@ autoreconf -f -i %if %{?suse_version} < 1550 --with-default-luks-format=LUKS1 \ %endif + --with-luks2-pbkdf=pbkdf2 \ --with-luks2-lock-path=/run/cryptsetup \ --with-tmpfilesdir='%{_tmpfilesdir}' %make_build From 9b4f111a1bb66f540a8e89adec85777d4f9968e270551520ae7397ee519b9db3 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Thu, 12 Aug 2021 13:00:47 +0000 Subject: [PATCH 4/6] add feature reference OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=173 --- cryptsetup.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cryptsetup.changes b/cryptsetup.changes index bb88f9b..7875f1a 100644 --- a/cryptsetup.changes +++ b/cryptsetup.changes @@ -7,7 +7,7 @@ Tue Aug 3 13:42:20 UTC 2021 - Ludwig Nussel ------------------------------------------------------------------- Mon Aug 2 14:43:51 UTC 2021 - Ludwig Nussel -- crypsetup 2.4.0~rc1 +- crypsetup 2.4.0~rc1 (jsc#SLE-20275) * External LUKS token plugins * Experimental SSH token * Default LUKS2 PBKDF is now Argon2id From 002330efa3c3a470d0a5fdcea06d14499e4378e47f28a26bec90a52ad3ffd0e9 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Mon, 23 Aug 2021 05:09:18 +0000 Subject: [PATCH 5/6] update OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=174 --- cryptsetup-2.4.0-rc1.tar.sign | 16 ---------------- cryptsetup-2.4.0-rc1.tar.xz | 3 --- cryptsetup-2.4.0.tar.sign | 16 ++++++++++++++++ cryptsetup-2.4.0.tar.xz | 3 +++ cryptsetup.changes | 2 +- cryptsetup.spec | 4 ++-- 6 files changed, 22 insertions(+), 22 deletions(-) delete mode 100644 cryptsetup-2.4.0-rc1.tar.sign delete mode 100644 cryptsetup-2.4.0-rc1.tar.xz create mode 100644 cryptsetup-2.4.0.tar.sign create mode 100644 cryptsetup-2.4.0.tar.xz diff --git a/cryptsetup-2.4.0-rc1.tar.sign b/cryptsetup-2.4.0-rc1.tar.sign deleted file mode 100644 index 851404c..0000000 --- a/cryptsetup-2.4.0-rc1.tar.sign +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmEDH9gACgkQ2bBXe9k+ -mPwgSw//cRgUyjZ0bjPSQo1S6dVbNPTh2bMjcAgZ7Y+MJWBLFmS7ltHOw+7JxpZM -KXvo5MDXqCtl1WC5tfqsfCEEbEW/MjeC94hjc3Yl/9yFJVlFh75OcuKzp6vpNcXr -5LAo4nHAp92W+pw9xLsDDc4N3CkaKxmxO0JUwkiHFFv9oic4BwYOCRmG0r0OPkuf -wzFsUBfn+7POQ34qdkpJmaJFo35ellTVbC5tYW1PdHOmB70i4bqFeQ1r3KNfVZa0 -ZHD5ulWBagxfn2bnAaGvoCYofa4V12ZcJz+U4o744R0lqS2rbjKGqa0mpd4w/bxa -5zjT7eJqe6rLqjMbo//jTLB3G47828s3M6U0uBquJZ8sJk5MkdJK2M7Jprwq4eK4 -+wZdRRpXtYiprR24DeE3lR7/83UcMH12IDQRwFPaihOmQxESw3c+qn37X0P6rXtJ -NpX4ux+TT/YJiO8L/u7f6OkC0Zn6p4icEGfo684VNHEhqIUvMueKGYLwsWjHEnHY -/WWTYz5TJcqrWoxxTnD/0/Fpgawa1Dquv7gda0gibYhVpCy9Ti8QBI+0IvnyZ4iW -K2rs3bavygh1GEpVjbOxbgt2cRIhEz1+hyM8RlZnQrHkSGMI/moL5FlFeL28WUkD -DLCWjpXU0jNyrBev4IWuc+fuDaWOElu3AB8vjcoSCA7tTbHGfuE= -=YNRk ------END PGP SIGNATURE----- diff --git a/cryptsetup-2.4.0-rc1.tar.xz b/cryptsetup-2.4.0-rc1.tar.xz deleted file mode 100644 index 3c65e80..0000000 --- a/cryptsetup-2.4.0-rc1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d807059923985567386ec709aa13c8fd093b0cb1cd1613d0a8ace0eb194ee9b3 -size 11148144 diff --git a/cryptsetup-2.4.0.tar.sign b/cryptsetup-2.4.0.tar.sign new file mode 100644 index 0000000..0f17fe8 --- /dev/null +++ b/cryptsetup-2.4.0.tar.sign @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmEdJXMACgkQ2bBXe9k+ +mPwJSg/+OW43g7S4Q/K+vBi8S+RN3Pzqi8ao2K+OmGWK/7FhKWxrXSN7J8gJigxd +uD+NukmQublFtYdfKXj2unF/Fd28YGHCqSfVrFvn2jmcMnlwxSz5220Bic1eai8a +hq0Hve425n5RpTzNtpkBBZQbiLmY25J1wUkygcoEwT+spyFA0d6oZUhTWcAcqa2b +IP9XkVFEociSWpjZfuhJGN5+jSG91JwYKbuNJFZvH1uez6zTLdNDj9+zoxfsrLW4 +BZYh8FQbZq54pUJnX4tafuRm7L/3LjK0DWWq60P3dvzTyj5b/qzORThNMpvCoolN +I7Yfl7PD8j3B2WpgLQ+62jBVSOBjZGOpvj6PbQVizk2ELznF1LkTyneQ1rIwzxRw +xWqHZfFU0Frj16yiNfRDrBKq4QsrYBOGov7q3OP3Xsw3H/C5lNxEOzx9NkC97LlA +ryMiFSOXFHfCvTCXWQi90N311S4Usg/+n4qevwM4MxXmHJ6HfIqOLYMFftrWoiqC +c+86lgZnNFtmFQnD+/Jvfu7AlAE0aLQodDz3w9otF4QfztDwnvnWsrjAntff4u1U +WqL3EK7NGPJELDRvOpLq77l5eCJ1x5Qgma1RN2ag5APgs5IrmKBGz3H0WxEArz4K +IWQ9FAHMMVIcJfblW96mE/zIoTc6dc0quUlpmROTFWKleijMk0I= +=nfsi +-----END PGP SIGNATURE----- diff --git a/cryptsetup-2.4.0.tar.xz b/cryptsetup-2.4.0.tar.xz new file mode 100644 index 0000000..575627a --- /dev/null +++ b/cryptsetup-2.4.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c5c8bda31159a9c010ea72e708053cc4252cf5eebdca520e150abc0609287ff8 +size 11162168 diff --git a/cryptsetup.changes b/cryptsetup.changes index 7875f1a..530f30d 100644 --- a/cryptsetup.changes +++ b/cryptsetup.changes @@ -7,7 +7,7 @@ Tue Aug 3 13:42:20 UTC 2021 - Ludwig Nussel ------------------------------------------------------------------- Mon Aug 2 14:43:51 UTC 2021 - Ludwig Nussel -- crypsetup 2.4.0~rc1 (jsc#SLE-20275) +- crypsetup 2.4.0 (jsc#SLE-20275) * External LUKS token plugins * Experimental SSH token * Default LUKS2 PBKDF is now Argon2id diff --git a/cryptsetup.spec b/cryptsetup.spec index 345990c..c618e65 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -16,14 +16,14 @@ # -%define tar_version 2.4.0-rc1 +%define tar_version 2.4.0 %define so_ver 12 %if 0%{?is_backports} Name: cryptsetup2 %else Name: cryptsetup %endif -Version: 2.4.0~rc1 +Version: 2.4.0 Release: 0 Summary: Setup program for dm-crypt Based Encrypted Block Devices License: LGPL-2.0-or-later AND SUSE-GPL-2.0-with-openssl-exception From cddcbab746cffadf41a7c34d7a3f9956c3d24af1b544709da15d90b53b8b0e1b Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Wed, 25 Aug 2021 13:47:31 +0000 Subject: [PATCH 6/6] - As YaST passes necessary parameters to cryptsetup anyway, we do not necessarily need to take grub into consideration. So back to Argon2 to see how it goes. OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=175 --- cryptsetup.changes | 7 +++++++ cryptsetup.spec | 1 - 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/cryptsetup.changes b/cryptsetup.changes index 530f30d..0aaa648 100644 --- a/cryptsetup.changes +++ b/cryptsetup.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Aug 25 13:46:12 UTC 2021 - Ludwig Nussel + +- As YaST passes necessary parameters to cryptsetup anyway, we do + not necessarily need to take grub into consideration. So back to + Argon2 to see how it goes. + ------------------------------------------------------------------- Tue Aug 3 13:42:20 UTC 2021 - Ludwig Nussel diff --git a/cryptsetup.spec b/cryptsetup.spec index c618e65..63bebf5 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -140,7 +140,6 @@ autoreconf -f -i %if %{?suse_version} < 1550 --with-default-luks-format=LUKS1 \ %endif - --with-luks2-pbkdf=pbkdf2 \ --with-luks2-lock-path=/run/cryptsetup \ --with-tmpfilesdir='%{_tmpfilesdir}' %make_build