Accepting request 294152 from home:pluskalm:branches:security

- Update to 1.6.7

OBS-URL: https://build.opensuse.org/request/show/294152
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=120
This commit is contained in:
Ludwig Nussel 2015-04-08 12:54:34 +00:00 committed by Git OBS Bridge
parent 245087ea13
commit da8c646220
6 changed files with 67 additions and 34 deletions

View File

@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJT7zIAAAoJENmwV3vZPpj8pr4P/01AhigA8Eb7Cq9eF/WnMG3G
hg8qcmfITYZBZA4bsucnLIhaxDfQ4tt2ESsaNsH1aK05FnJYbXjD/PDdHofDh4tO
s/goqowY2Tp4V2aBCCQd9tbnfl5T1gqv1vUxzRg9laObHps1E/uuZ3OSC8WDsZoI
uJSGv4WycV/XInfxoAniLdUxrhvCu04Ea6gEtLoVUGOgJWU3/kFjSCmcN3dbApJs
Pu67DJPArZW/0sP2G8nn9yOCSbDeSNrNCRgOiz4xscAPtdB+xCcb5NbbqhMb//4B
BHw6aNeYhS4zVp5Fk974OHkoL20eHBK9wnSQCMnQLpBPN5HqOD1b4tyvAFqhlqU3
asryxg26zfvSSj31H6a/2EMwnJSxFEut/CA5eTDbXYHmztxDDIUah22HHl/062QV
Kpq27icixgmqal0cdRW9045cxdP+Yw+GCnyd4bP6CDuSt9n2aS1MatKtR8h76t6V
LlbJIC2TIIBTpafjWcfCgk2skuFeK/2D9c+5YqaU8HQ+EDcgs63d5WCO1ODAlYbz
qIjzWAc2u2GqUEstAWafg2Hi35cGlDAWEFUQO80rSsZJpFuZIP+KMMOU+P/DmzMm
SecVM3/FJbFPAbQZ2rLmRXZmnGWnQqDME1PrrWMTAxIXZVYEpgOLWLeiPCOhwSKG
lzsftYJ4VhmI9Mib76RA
=2I3V
-----END PGP SIGNATURE-----

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2d2ce28e4e1137dd599d87884b62ef6dbf14fd7848b2a2bf7d61cf125fbd8e6f
size 1145940

17
cryptsetup-1.6.7.tar.sign Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIbBAABCAAGBQJVEE3fAAoJENmwV3vZPpj8ql4P9ijvmO15ur4wpcGFkNYyzfuA
Y17yaTT6Nde8cGLUCpw7rPBoxL/b4ZArJnNk9UP73MyycxfVijaX5XxxoQbpL8n0
cn1vdXTFzqXGBTJkjO0uQor1szQbvaz7xbk7LeBgG+j/zZGRa/0AKs42qvTaWzHu
G50AqksMGFV1ih+d4wYdD+AqcUf6h+1HQRjq/DqEurg1EHQ+iMqem1htvrzTq8+V
ym3xHM+JxJ04syzPb92VntSmyfX6ztmh+61cflQiOrIbTw+MFeGmYMOTufkWmQFi
gFC+7mXTjO1YkmN+RFYZ52WY3shk3BLhAXT/pFlGFjwfHqrvFgfj+Iu9STVs2du2
LLa+xF5yxaKyHHKkw2wn7edeepzfwSp0+lmDy8B0SGXh5wGNreNSX3IMAdJeJztM
7EyJa5JUSMfKWPHzy1gGYZRN/NQGGqG3c1+Sw5hy/ukFtLC4DSu5OtJNOt2c8MNw
+XPXh+Ssy+ma9e0E+pnmRYQ/nY2BWuN/gFB5Gvr08d4hifP9+LzI+bgQx4gNjB5Y
9py0moXVOxn/TICXSFgjDmvYgw7BZRVtaHFfkiKA5DrBeS07MROKzL59ykiuU7HW
HvCs3icShV+oSt79bMa7E+QhKRsBicS30QyLecttHkxbLxSg55qFpMa7m8+6VG2Y
LsfZNLwWJmf8jU9YUY0=
=jDZw
-----END PGP SIGNATURE-----

3
cryptsetup-1.6.7.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c23c24c8d662032da8650c1c84985221be8bbedf4737c1540bba7e4517dfe820
size 1188876

View File

@ -1,3 +1,37 @@
-------------------------------------------------------------------
Thu Apr 2 12:05:47 UTC 2015 - mpluskal@suse.com
- Update to 1.6.7
* Cryptsetup TCRYPT mode now supports VeraCrypt devices
(TrueCrypt extension)
* Support keyfile-offset and keyfile-size options even for plain
volumes.
* Support keyfile option for luksAddKey if the master key is
specified.
* For historic reasons, hashing in the plain mode is not used if
keyfile is specified (with exception of --key-file=-). Print
a warning if these parameters are ignored.
* Support permanent device decryption for cryptsetup-reencrypt.
To remove LUKS encryption from a device, you can now use
--decrypt option.
* Allow to use --header option in all LUKS commands. The
--header always takes precedence over positional device argument.
* Allow luksSuspend without need to specify a detached header.
* Detect if O_DIRECT is usable on a device allocation. There are
some strange storage stack configurations which wrongly allows
to open devices with direct-io but fails on all IO operations later.
* Add low-level performance options tuning for dmcrypt (for
Linux 4.0 and later).
* Get rid of libfipscheck library.
(Note that this option was used only for Red Hat and derived
distributions.) With recent FIPS changes we do not need to
link to this FIPS monster anymore. Also drop some no longer
needed FIPS mode checks.
* Many fixes and clarifications to man pages.
* Prevent compiler to optimize-out zeroing of buffers for on-stack
variables.
* Fix a crash if non-GNU strerror_r is used.
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Sep 14 21:50:33 UTC 2014 - asterios.dramis@gmail.com Sun Sep 14 21:50:33 UTC 2014 - asterios.dramis@gmail.com

View File

@ -1,7 +1,7 @@
# #
# spec file for package cryptsetup # spec file for package cryptsetup
# #
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -17,9 +17,8 @@
%define so_ver 4 %define so_ver 4
Name: cryptsetup Name: cryptsetup
Version: 1.6.6 Version: 1.6.7
Release: 0 Release: 0
Summary: Set Up dm-crypt Based Encrypted Block Devices Summary: Set Up dm-crypt Based Encrypted Block Devices
License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+ License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+
@ -48,7 +47,7 @@ cryptsetup is used to conveniently set up dm-crypt based device-mapper
targets. It allows to set up targets to read cryptoloop compatible targets. It allows to set up targets to read cryptoloop compatible
volumes as well as LUKS formatted ones. The package additionally volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot includes support for automatically setting up encrypted volumes at boot
time via the config file /etc/crypttab. time via the config file %{_sysconfdir}/crypttab.
%package -n libcryptsetup%{so_ver} %package -n libcryptsetup%{so_ver}
Summary: Set Up dm-crypt Based Encrypted Block Devices Summary: Set Up dm-crypt Based Encrypted Block Devices
@ -59,7 +58,7 @@ cryptsetup is used to conveniently set up dm-crypt based device-mapper
targets. It allows to set up targets to read cryptoloop compatible targets. It allows to set up targets to read cryptoloop compatible
volumes as well as LUKS formatted ones. The package additionally volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot includes support for automatically setting up encrypted volumes at boot
time via the config file /etc/crypttab. time via the config file %{_sysconfdir}/crypttab.
%package -n libcryptsetup4-hmac %package -n libcryptsetup4-hmac
Summary: Checksums for libcryptsetup4 Summary: Checksums for libcryptsetup4
@ -83,7 +82,7 @@ cryptsetup is used to conveniently set up dm-crypt based device-mapper
targets. It allows to set up targets to read cryptoloop compatible targets. It allows to set up targets to read cryptoloop compatible
volumes as well as LUKS formatted ones. The package additionally volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot includes support for automatically setting up encrypted volumes at boot
time via the config file /etc/crypttab. time via the config file %{_sysconfdir}/crypttab.
%prep %prep
%setup -q %setup -q
@ -105,11 +104,11 @@ make %{?_smp_mflags}
fipshmac %{buildroot}/%{_libdir}/libcryptsetup.so.* \ fipshmac %{buildroot}/%{_libdir}/libcryptsetup.so.* \
%{nil} %{nil}
make install DESTDIR=%{buildroot} make DESTDIR=%{buildroot} install %{?_smp_mflags}
install -dm 0755 %{buildroot}/sbin install -dm 0755 %{buildroot}/sbin
ln -s ..%{_sbindir}/cryptsetup %{buildroot}/sbin ln -s ..%{_sbindir}/cryptsetup %{buildroot}/sbin
# don't want this file in /lib (FHS compat check), and can't move it to /usr/lib # don't want this file in /lib (FHS compat check), and can't move it to /usr/lib
rm -f %{buildroot}/%{_libdir}/*.la find %{buildroot} -type f -name "*.la" -delete -print
# #
%find_lang %{name} --all-name %find_lang %{name} --all-name
@ -118,18 +117,18 @@ test -n "$FIRST_ARG" || FIRST_ARG="$1"
# #
# convert noauto to nofail and turn on fsck (bnc#724113) # convert noauto to nofail and turn on fsck (bnc#724113)
# #
marker="/var/adm/crypsetup.fstab.noauto_converted" marker="%{_localstatedir}/adm/crypsetup.fstab.noauto_converted"
if [ "$FIRST_ARG" -gt 1 -a ! -e "$marker" ]; then if [ "$FIRST_ARG" -gt 1 -a ! -e "$marker" ]; then
echo "updating /etc/fstab ... " echo "updating %{_sysconfdir}/fstab ... "
tmpfstab="/etc/fstab.cryptsetup.$$" tmpfstab="%{_sysconfdir}/fstab.cryptsetup.$$"
sed -e '/^\/dev\/mapper\/cr_.*,noauto\s/{s/,noauto\(\s\)/,nofail\1/;s/ 0 0$/ 0 2/}' < /etc/fstab > "$tmpfstab" sed -e '/^\/dev\/mapper\/cr_.*,noauto\s/{s/,noauto\(\s\)/,nofail\1/;s/ 0 0$/ 0 2/}' < %{_sysconfdir}/fstab > "$tmpfstab"
if diff -u0 /etc/fstab "$tmpfstab"; then if diff -u0 %{_sysconfdir}/fstab "$tmpfstab"; then
echo "no change" echo "no change"
rm -f "$tmpfstab" rm -f "$tmpfstab"
> "$marker" > "$marker"
else else
cp "$tmpfstab" "$marker" cp "$tmpfstab" "$marker"
mv "$tmpfstab" /etc/fstab mv "$tmpfstab" %{_sysconfdir}/fstab
fi fi
fi fi