diff --git a/cryptsetup-2.4.1.tar.sign b/cryptsetup-2.4.1.tar.sign deleted file mode 100644 index 82c3624..0000000 --- a/cryptsetup-2.4.1.tar.sign +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmFBwN8ACgkQ2bBXe9k+ -mPwndA//ZFMeCgbtSnTJugvZhmIBFHCHofq9yBiCDYyL8qEMw0m3BQLqSSaPt6Bd -l1xm4ypuy9Rjen5hKbyRJtSko6tbbArCf+OsJfyy2Yr/r5cvnd0eLNwdIdUPKf/l -3hgRPXBiCHdm63mSWsxM5tUr128Cyj0W4mkn5OmjKPblCd4qgnhNLawn7x7JYoWc -JS6olNYS6c0M7GBuZ7icKCTtGfO1lKYCIBiCfkuNChJTQbvZ7JiqX/OprHYdBqn1 -WXgrrBrBjO8Ai2w9/uCOAWyPOhy1J8pewuHNX2Hh1LNXEu5z+47QexUpwhweq21/ -QzOITbgb0yZPdQXceAGqmZYa0BPfdo08MakTjaYGrO8rGR0XwgEvtpD5L2eMsVle -hhg96f4E3f5/7yrtmsL2hbj2v8enhN39ycvn7u/LsfUyoRciCTNwxV/jHU9/laR5 -tDRLUGE3TiiNtTiMk4MucGRHNrae2d6exIpXhhFHN3nD2flOTFqb6KaQRtbdNmPt -YCMMg4+ZoNzl+YLQYcbkYj4uGGrVosEoAmRl8ROfzPSwHM8mJdUhqGouylTRaQGt -82SaEdlFO2VthoJUZBy05uCHKthXhwiRplp27MMbCOXOjv3rbnqxyQoMDNb4VQQy -7CHF50XrEBLpdnyKFNbKFPKyZToBcBLBaPTnm5lf5eTyJ7whkXI= -=dXjt ------END PGP SIGNATURE----- diff --git a/cryptsetup-2.4.1.tar.xz b/cryptsetup-2.4.1.tar.xz deleted file mode 100644 index f3003b1..0000000 --- a/cryptsetup-2.4.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a356a727a83a464ade566e95239622a22dbe4e0f482b198fdb04ab0d3a5a9c5f -size 11171180 diff --git a/cryptsetup-2.4.3.tar.sign b/cryptsetup-2.4.3.tar.sign new file mode 100644 index 0000000..d2aa1e9 --- /dev/null +++ b/cryptsetup-2.4.3.tar.sign @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmHf9akACgkQ2bBXe9k+ +mPz0zw//cqAJh3wE0zxtfb+2al4cH2oTtPR+/VnnW8s5z9hyBztNZo8ChOXEQqEQ +3l+S0qvJSkCmQT2RNEAdyqMjolU3NKKYi+iZwKUfcYPAABnc0/df9p1l4ykKYmuZ +6EiQCCZITrFkiRl0jVsZ/U92FAU+EdI7dXPVr+H8Ai6eA4HW3NIrZlsUUMdsmkCE +6eqSX3WX1WVpFkv3453JSNG5/byHP4iPEnXdy00+n5qDoWrOEqDL6MDFaljBS2gq +XKIeDfKTe3tQAelPEnIc/Is5Tus2uMkxn+bW9KPviS3tOSW5iDVUNL2DBVdMcuxV +e26mEud9BYyKvajj3wP2TR/BD+ctmwnYSLrfs8aMzE109YI2NuxHD6sWI9d2jrtx +2fMDV20AKGvvt2q4RkIqAkML7S1RQUVdma33I/iBojFu4bXleLBUcwi1vT+G1NMX +rz+bVo5zKa7bfTjjX/T8ATL302Lhpr3yReAR6m2KqX3xbxinwG3BV88fyZjJEFft +zW2JYT3gntkp7GqrxMWjZYNc8AAcpRcabXqb/7NcCBPmS33Kk+/eQiBGEQCw85g7 +MQk7oLKFKT31yJ0TipJExWLOpaWR592wBMl/vx3jAyJjWR1IxajzKD60ZNJHavsn +5PCPtLxXGdbyyagI45Jm1Pa6Me0vcXzYSHnYdPy5tprOfJgzMT4= +=yURq +-----END PGP SIGNATURE----- diff --git a/cryptsetup-2.4.3.tar.xz b/cryptsetup-2.4.3.tar.xz new file mode 100644 index 0000000..6938c43 --- /dev/null +++ b/cryptsetup-2.4.3.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fc0df945188172264ec5bf1d0bda08264fadc8a3f856d47eba91f31fe354b507 +size 11242152 diff --git a/cryptsetup.changes b/cryptsetup.changes index 9ae587f..ad9b80f 100644 --- a/cryptsetup.changes +++ b/cryptsetup.changes @@ -1,3 +1,46 @@ +------------------------------------------------------------------- +Fri Jan 14 19:19:43 UTC 2022 - Andreas Stieger + +- cryptsetup 2.4.3: + * Fix possible attacks against data confidentiality through + LUKS2 online reencryption extension crash recovery + CVE-2021-4122, boo#1194469 + * Add configure option --disable-luks2-reencryption to completely + disable LUKS2 reencryption code. + * Improve internal metadata validation code for reencryption + metadata + * Add updated documentation for LUKS2 On-Disk Format + Specification version 1.1.0 + * Fix support for bitlk (BitLocker compatible) startup key with + new metadata entry introduced in Windows 11 + * Fix space restriction for LUKS2 reencryption with data shift + +------------------------------------------------------------------- +Thu Nov 18 20:15:22 UTC 2021 - Andreas Stieger + +- cryptsetup 2.4.2: + * Fix possible large memory allocation if LUKS2 header size is + invalid. + * Fix memory corruption in debug message printing LUKS2 + checksum. + * veritysetup: remove link to the UUID library for the static + build. + * Remove link to pwquality library for integritysetup and + veritysetup. These tools do not read passphrases. + * OpenSSL3 backend: avoid remaining deprecated calls in API. + Crypto backend no longer use API deprecated in OpenSSL 3.0 + * Check if kernel device-mapper create device failed in an early + phase. This happens when a concurrent creation of device-mapper + devices meets in the very early state. + * Do not set compiler optimization flag for Argon2 KDF if the + memory wipe is implemented in libc. + * Do not attempt to unload LUKS2 tokens if external tokens are + disabled. This allows building a static binary with + --disable-external-tokens. + * LUKS convert: also check sysfs for device activity. + If udev symlink is missing, code fallbacks to sysfs scan to + prevent data corruption for the active device. + ------------------------------------------------------------------- Thu Sep 16 15:23:52 UTC 2021 - Ludwig Nussel diff --git a/cryptsetup.spec b/cryptsetup.spec index 53b9995..e6ed7c0 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -1,7 +1,7 @@ # -# spec file for package cryptsetup +# spec file for package cryptsetup2 # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,14 +16,14 @@ # -%define tar_version 2.4.1 +%define tar_version 2.4.3 %define so_ver 12 %if 0%{?is_backports} Name: cryptsetup2 %else Name: cryptsetup %endif -Version: 2.4.1 +Version: 2.4.3 Release: 0 Summary: Setup program for dm-crypt Based Encrypted Block Devices License: LGPL-2.0-or-later AND SUSE-GPL-2.0-with-openssl-exception @@ -52,7 +52,7 @@ BuildRequires: pkgconfig(libargon2) BuildRequires: pkgconfig(libssh) BuildRequires: pkgconfig(openssl) Requires(post): coreutils -Requires(postun): coreutils +Requires(postun):coreutils %if 0%{?is_backports} BuildRequires: autoconf BuildRequires: automake @@ -72,7 +72,6 @@ volumes as well as LUKS formatted ones. The package additionally includes support for automatically setting up encrypted volumes at boot time via the config file %{_sysconfdir}/crypttab. - %package ssh Summary: Cryptsetup LUKS2 SSH token Group: System/Base