From 8cea81ce7b458102beb7856b297786a42e6e76d98e4600962cba64a34b5e5306 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <lnussel@suse.com>
Date: Tue, 29 Nov 2022 07:29:17 +0000
Subject: [PATCH] Accepting request 1038690 from
 home:polslinux:branches:security

- cryptsetup 2.6.0:
  * Introduce support for handling macOS FileVault2 devices (FVAULT2).
  * libcryptsetup: no longer use global memory locking through mlockall()
  * libcryptsetup: process priority is increased only for key derivation
    (PBKDF) calls.
  * Add new LUKS keyslot context handling functions and API.
  * The volume key may now be extracted using a passphrase, keyfile, or
    token. For LUKS devices, it also returns the volume key after
    a successful crypt_format call.
  * Fix --disable-luks2-reencryption configuration option.
  * cryptsetup: Print a better error message and warning if the format
    produces an image without space available for data.
  * Print error if anti-forensic LUKS2 hash setting is not available.
    If the specified hash was not available, activation quietly failed.
  * Fix internal crypt segment compare routine if the user
    specified cipher in kernel format (capi: prefix).
  * cryptsetup: Add token unassign action.
    This action allows removing token binding on specific keyslot.
  * veritysetup: add support for --use-tasklets option.
    This option sets try_verify_in_tasklet kernel dm-verity option
    (available since Linux kernel 6.0) to allow some performance
    improvement on specific systems.
  * Provide pkgconfig Require.private settings.
    While we do not completely provide static build on udev systems,
    it helps produce statically linked binaries in certain situations.
  * Always update automake library files if autogen.sh is run.
    For several releases, we distributed older automake scripts by mistake.
  * reencryption: Fix user defined moved segment size in LUKS2 decryption.
    The --hotzone-size argument was ignored in cases where the actual data
    size was less than the original LUKS2 data offset.
  * Delegate FIPS mode detection to configured crypto backend.
    System FIPS mode check no longer depends on /etc/system-fips file.
  * Update documentation, including FAQ and man pages.

OBS-URL: https://build.opensuse.org/request/show/1038690
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=182
---
 cryptsetup-2.5.0.tar.sign | 16 ----------------
 cryptsetup-2.5.0.tar.xz   |  3 ---
 cryptsetup-2.6.0.tar.sign | 16 ++++++++++++++++
 cryptsetup-2.6.0.tar.xz   |  3 +++
 cryptsetup.changes        | 37 +++++++++++++++++++++++++++++++++++++
 cryptsetup.spec           | 10 ++++++----
 6 files changed, 62 insertions(+), 23 deletions(-)
 delete mode 100644 cryptsetup-2.5.0.tar.sign
 delete mode 100644 cryptsetup-2.5.0.tar.xz
 create mode 100644 cryptsetup-2.6.0.tar.sign
 create mode 100644 cryptsetup-2.6.0.tar.xz

diff --git a/cryptsetup-2.5.0.tar.sign b/cryptsetup-2.5.0.tar.sign
deleted file mode 100644
index e1b88c4..0000000
--- a/cryptsetup-2.5.0.tar.sign
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmLir6MACgkQ2bBXe9k+
-mPz0aRAA1NvR+v5YBgq0+VxkNLWN76sIiFOZ46ASepos5bvzV6QgfHf2Pm4Tdi2j
-CHc9Vc6D32w3oww6qQQ3j4XjqDxtRbxa17YEcsoQHT7J0sezaPknv+OM+vT+B8WT
-PmoOF6ZoxqmA4hf2psap/4sWB+TNVlJoyksOy/yF5pLdSFT9w/A6DIO+FiufVCxg
-Sg8HNcU0rFkLTnHNQiZGFx9lNAy+FJ+5mm+8A8IIbTB4cxuohaz8ZwNjJjIO36jm
-H0t4yDQTL7JoV1ONPJ+Fq9OaQP6MBCnSr3uFXwkQoV99geaHmGVbv+jUqqFjosu3
-Usm1hHkqFp+BW8f+XZ0lYYGyGz1bFZHsiCnEdjFLmmMiSqjW+Jo0AdGtqEjx5Ahc
-/6D8XyRpb+Wwg9cQyzvcOXgBysWp4dINWQSjsyWqN4AlEOy4UtEbAW4Pm/t2SCnV
-xw7eNbCdqa2+tAJTMV5AlQgkk1dYDY9KFNvNkrgkEMlzoeq/3QgkqPo7PqCqixrL
-cTlMm8g5IDV95Mnyd2uNng7T/M4E6PLfhApjpSbP0Sk6Hyp1Mp959AKTHJFPE4ZO
-R9dTYQ+Jy/2DUKDQoeYtiosq1Yoi4NKueazGAbjvbQT8NXx7DDcS3AYIfxBsdGnv
-xmsAHiM8LgjJmFYZNWHHBpWakCUM7LhqbrfLkVlMyprN4ZCzyLM=
-=Rmfd
------END PGP SIGNATURE-----
diff --git a/cryptsetup-2.5.0.tar.xz b/cryptsetup-2.5.0.tar.xz
deleted file mode 100644
index cbeede4..0000000
--- a/cryptsetup-2.5.0.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9184a6ebbd9ce7eb211152e7f741a6c82f2d1cc0e24a84ec9c52939eee0f0542
-size 11304256
diff --git a/cryptsetup-2.6.0.tar.sign b/cryptsetup-2.6.0.tar.sign
new file mode 100644
index 0000000..52837d2
--- /dev/null
+++ b/cryptsetup-2.6.0.tar.sign
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmOEnKwACgkQ2bBXe9k+
+mPxHlg//Wt73l0gBiMwNUQdCtXL37+lWwUz2lxhfcs3Ud/tWb5M8/csw449JnF4c
+MnTMCX8qz51Sxxq4GEvk0L6+gv8d5w5hdIwZIE6ArQIVx0CH2BcG0qlQ53vcFlcr
+wvSVZyiggHsQX0YZgxWwrDX3+WRt+0S+F2tHTwW/1e/XXsb5Tqb2ksQcvFCvM71/
+EhT5BAaEZRC7pfIiDjIXkMGOnjxWpvkiimYzwiFnlt+Veaq4Xie+dWqM/wgrWNpb
+UYnD2ZIbQ3IXDTKUhCKoQHUcO743uB0WJf7I5DVNfWPAFmeSRvHrmgqk+Ijl5rnw
+WMlKU/3l5f3rXp1H46cfBBmpqmnDz2ikuYYgkHBDmpYr7F1SRpz1OV25V4uctah3
+SZ+Q0LpIiJAWOlgP64lRMYRZBsy0Vlx5sN2Y4OLUlPiRMeB0kcAPtoEN1302bzbs
+fGFsFqqImAHnaV+udGH/tHlrjNeJf8Yf3YmMaa46xJgqcLJE+GjIdAQ+IHrzATSg
+W4SLu2SZojeJq5rOMVJlYT6Ywg9hKWls7ltJilPqgBiwsDh9LWEWduTTNTzkXNs0
+sye8ZdTJ5k5aT82mJWhh/opeD5D7nS1+A1kLwskcuUL/8Llp+fZw5nZrVWKLb9Ik
+8NnlB0S90VDaQUh/bDzNRwH8P/EwdZ/W/iUAPONP48zUbxfd0Vk=
+=lIrc
+-----END PGP SIGNATURE-----
diff --git a/cryptsetup-2.6.0.tar.xz b/cryptsetup-2.6.0.tar.xz
new file mode 100644
index 0000000..8966c18
--- /dev/null
+++ b/cryptsetup-2.6.0.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:44397ba76e75a9cde5b02177bc63cd7af428a785788e3a7067733e7761842735
+size 11495092
diff --git a/cryptsetup.changes b/cryptsetup.changes
index dbd8c2c..af45102 100644
--- a/cryptsetup.changes
+++ b/cryptsetup.changes
@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Mon Nov 28 13:51:24 UTC 2022 - Paolo Stivanin <info@paolostivanin.com>
+
+- cryptsetup 2.6.0:
+  * Introduce support for handling macOS FileVault2 devices (FVAULT2).
+  * libcryptsetup: no longer use global memory locking through mlockall()
+  * libcryptsetup: process priority is increased only for key derivation
+    (PBKDF) calls.
+  * Add new LUKS keyslot context handling functions and API.
+  * The volume key may now be extracted using a passphrase, keyfile, or
+    token. For LUKS devices, it also returns the volume key after
+    a successful crypt_format call.
+  * Fix --disable-luks2-reencryption configuration option.
+  * cryptsetup: Print a better error message and warning if the format
+    produces an image without space available for data.
+  * Print error if anti-forensic LUKS2 hash setting is not available.
+    If the specified hash was not available, activation quietly failed.
+  * Fix internal crypt segment compare routine if the user
+    specified cipher in kernel format (capi: prefix).
+  * cryptsetup: Add token unassign action.
+    This action allows removing token binding on specific keyslot.
+  * veritysetup: add support for --use-tasklets option.
+    This option sets try_verify_in_tasklet kernel dm-verity option
+    (available since Linux kernel 6.0) to allow some performance
+    improvement on specific systems.
+  * Provide pkgconfig Require.private settings.
+    While we do not completely provide static build on udev systems,
+    it helps produce statically linked binaries in certain situations.
+  * Always update automake library files if autogen.sh is run.
+    For several releases, we distributed older automake scripts by mistake.
+  * reencryption: Fix user defined moved segment size in LUKS2 decryption.
+    The --hotzone-size argument was ignored in cases where the actual data
+    size was less than the original LUKS2 data offset.
+  * Delegate FIPS mode detection to configured crypto backend.
+    System FIPS mode check no longer depends on /etc/system-fips file.
+  * Update documentation, including FAQ and man pages.
+
 -------------------------------------------------------------------
 Tue Sep 13 15:52:52 UTC 2022 - Luca Boccassi <luca.boccassi@gmail.com>
 
diff --git a/cryptsetup.spec b/cryptsetup.spec
index cbbaf77..c7af718 100644
--- a/cryptsetup.spec
+++ b/cryptsetup.spec
@@ -16,18 +16,18 @@
 #
 
 
-%define tar_version 2.5.0
+%define tar_version 2.6.0
 %define so_ver 12
 Name:           cryptsetup
-Version:        2.5.0
+Version:        2.6.0
 Release:        0
 Summary:        Setup program for dm-crypt Based Encrypted Block Devices
 License:        LGPL-2.0-or-later AND SUSE-GPL-2.0-with-openssl-exception
 Group:          System/Base
 URL:            https://gitlab.com/cryptsetup/cryptsetup/
-Source0:        https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/cryptsetup-%{tar_version}.tar.xz
+Source0:        https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-%{tar_version}.tar.xz
 # GPG signature of the uncompressed tarball.
-Source1:        https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/cryptsetup-%{tar_version}.tar.sign
+Source1:        https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-%{tar_version}.tar.sign
 Source2:        baselibs.conf
 Source3:        cryptsetup.keyring
 Source4:        %{name}-rpmlintrc
@@ -240,5 +240,7 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %{_mandir}/man8/cryptsetup-token.8.gz
 %{_mandir}/man8/integritysetup.8.gz
 %{_mandir}/man8/veritysetup.8.gz
+%{_mandir}/man8/cryptsetup-fvault2Dump.8.gz
+%{_mandir}/man8/cryptsetup-fvault2Open.8.gz
 
 %changelog