Accepting request 946915 from security

OBS-URL: https://build.opensuse.org/request/show/946915
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=117

cryptsetup-2.4.1.tar.sign

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmFBwN8ACgkQ2bBXe9k+
-mPwndA//ZFMeCgbtSnTJugvZhmIBFHCHofq9yBiCDYyL8qEMw0m3BQLqSSaPt6Bd
-l1xm4ypuy9Rjen5hKbyRJtSko6tbbArCf+OsJfyy2Yr/r5cvnd0eLNwdIdUPKf/l
-3hgRPXBiCHdm63mSWsxM5tUr128Cyj0W4mkn5OmjKPblCd4qgnhNLawn7x7JYoWc
-JS6olNYS6c0M7GBuZ7icKCTtGfO1lKYCIBiCfkuNChJTQbvZ7JiqX/OprHYdBqn1
-WXgrrBrBjO8Ai2w9/uCOAWyPOhy1J8pewuHNX2Hh1LNXEu5z+47QexUpwhweq21/
-QzOITbgb0yZPdQXceAGqmZYa0BPfdo08MakTjaYGrO8rGR0XwgEvtpD5L2eMsVle
-hhg96f4E3f5/7yrtmsL2hbj2v8enhN39ycvn7u/LsfUyoRciCTNwxV/jHU9/laR5
-tDRLUGE3TiiNtTiMk4MucGRHNrae2d6exIpXhhFHN3nD2flOTFqb6KaQRtbdNmPt
-YCMMg4+ZoNzl+YLQYcbkYj4uGGrVosEoAmRl8ROfzPSwHM8mJdUhqGouylTRaQGt
-82SaEdlFO2VthoJUZBy05uCHKthXhwiRplp27MMbCOXOjv3rbnqxyQoMDNb4VQQy
-7CHF50XrEBLpdnyKFNbKFPKyZToBcBLBaPTnm5lf5eTyJ7whkXI=
-=dXjt
------END PGP SIGNATURE-----

cryptsetup-2.4.1.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a356a727a83a464ade566e95239622a22dbe4e0f482b198fdb04ab0d3a5a9c5f
-size 11171180

cryptsetup-2.4.3.tar.sign

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmHf9akACgkQ2bBXe9k+
+mPz0zw//cqAJh3wE0zxtfb+2al4cH2oTtPR+/VnnW8s5z9hyBztNZo8ChOXEQqEQ
+3l+S0qvJSkCmQT2RNEAdyqMjolU3NKKYi+iZwKUfcYPAABnc0/df9p1l4ykKYmuZ
+6EiQCCZITrFkiRl0jVsZ/U92FAU+EdI7dXPVr+H8Ai6eA4HW3NIrZlsUUMdsmkCE
+6eqSX3WX1WVpFkv3453JSNG5/byHP4iPEnXdy00+n5qDoWrOEqDL6MDFaljBS2gq
+XKIeDfKTe3tQAelPEnIc/Is5Tus2uMkxn+bW9KPviS3tOSW5iDVUNL2DBVdMcuxV
+e26mEud9BYyKvajj3wP2TR/BD+ctmwnYSLrfs8aMzE109YI2NuxHD6sWI9d2jrtx
+2fMDV20AKGvvt2q4RkIqAkML7S1RQUVdma33I/iBojFu4bXleLBUcwi1vT+G1NMX
+rz+bVo5zKa7bfTjjX/T8ATL302Lhpr3yReAR6m2KqX3xbxinwG3BV88fyZjJEFft
+zW2JYT3gntkp7GqrxMWjZYNc8AAcpRcabXqb/7NcCBPmS33Kk+/eQiBGEQCw85g7
+MQk7oLKFKT31yJ0TipJExWLOpaWR592wBMl/vx3jAyJjWR1IxajzKD60ZNJHavsn
+5PCPtLxXGdbyyagI45Jm1Pa6Me0vcXzYSHnYdPy5tprOfJgzMT4=
+=yURq
+-----END PGP SIGNATURE-----

cryptsetup-2.4.3.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fc0df945188172264ec5bf1d0bda08264fadc8a3f856d47eba91f31fe354b507
+size 11242152

cryptsetup.changes

@@ -1,3 +1,46 @@
+-------------------------------------------------------------------
+Fri Jan 14 19:19:43 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- cryptsetup 2.4.3:
+  * Fix possible attacks against data confidentiality through
+    LUKS2 online reencryption extension crash recovery
+    CVE-2021-4122, boo#1194469
+  * Add configure option --disable-luks2-reencryption to completely
+    disable LUKS2 reencryption code.
+  * Improve internal metadata validation code for reencryption
+    metadata
+  * Add updated documentation for LUKS2 On-Disk Format
+    Specification version 1.1.0
+  * Fix support for bitlk (BitLocker compatible) startup key with
+    new  metadata entry introduced in Windows 11
+  * Fix space restriction for LUKS2 reencryption with data shift
+
+-------------------------------------------------------------------
+Thu Nov 18 20:15:22 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- cryptsetup 2.4.2:
+  * Fix possible large memory allocation if LUKS2 header size is
+    invalid.
+  * Fix memory corruption in debug message printing LUKS2
+    checksum.
+  * veritysetup: remove link to the UUID library for the static
+    build.
+  * Remove link to pwquality library for integritysetup and
+    veritysetup. These tools do not read passphrases.
+  * OpenSSL3 backend: avoid remaining deprecated calls in API.
+    Crypto backend no longer use API deprecated in OpenSSL 3.0
+  * Check if kernel device-mapper create device failed in an early
+    phase. This happens when a concurrent creation of device-mapper
+    devices meets in the very early state.
+  * Do not set compiler optimization flag for Argon2 KDF if the
+    memory wipe is implemented in libc.
+  * Do not attempt to unload LUKS2 tokens if external tokens are
+    disabled. This allows building a static binary with
+    --disable-external-tokens.
+  * LUKS convert: also check sysfs for device activity.
+    If udev symlink is missing, code fallbacks to sysfs scan to
+    prevent data corruption for the active device.
+
 -------------------------------------------------------------------
 Thu Sep 16 15:23:52 UTC 2021 - Ludwig Nussel <lnussel@suse.de>
 

cryptsetup.spec

@@ -1,7 +1,7 @@
 #
-# spec file for package cryptsetup
+# spec file for package cryptsetup2
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,14 +16,14 @@
 #
 
 
-%define tar_version 2.4.1
+%define tar_version 2.4.3
 %define so_ver 12
 %if 0%{?is_backports}
 Name:           cryptsetup2
 %else
 Name:           cryptsetup
 %endif
-Version:        2.4.1
+Version:        2.4.3
 Release:        0
 Summary:        Setup program for dm-crypt Based Encrypted Block Devices
 License:        LGPL-2.0-or-later AND SUSE-GPL-2.0-with-openssl-exception
@@ -52,7 +52,7 @@ BuildRequires:  pkgconfig(libargon2)
 BuildRequires:  pkgconfig(libssh)
 BuildRequires:  pkgconfig(openssl)
 Requires(post): coreutils
-Requires(postun): coreutils
+Requires(postun):coreutils
 %if 0%{?is_backports}
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -72,7 +72,6 @@ volumes as well as LUKS formatted ones. The package additionally
 includes support for automatically setting up encrypted volumes at boot
 time via the config file %{_sysconfdir}/crypttab.
 
-
 %package ssh
 Summary:        Cryptsetup LUKS2 SSH token
 Group:          System/Base