From 901c97104c56d6bedff03547ad7d7862e356208502a707d2e214251392b0406f Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Fri, 15 Feb 2019 14:36:10 +0000 Subject: [PATCH 1/2] - New version 2.1.0 * The default size of the LUKS2 header is increased to 16 MB. It includes metadata and the area used for binary keyslots; it means that LUKS header backup is now 16MB in size. * Cryptsetup now doubles LUKS default key size if XTS mode is used (XTS mode uses two internal keys). This does not apply if key size is explicitly specified on the command line and it does not apply for the plain mode. This fixes a confusion with AES and 256bit key in XTS mode where code used AES128 and not AES256 as often expected. * Default cryptographic backend used for LUKS header processing is now OpenSSL. For years, OpenSSL provided better performance for PBKDF. * The Python bindings are no longer supported and the code was removed from cryptsetup distribution. Please use the libblockdev project that already covers most of the libcryptsetup functionality including LUKS2. * Cryptsetup now allows using --offset option also for luksFormat. * Cryptsetup now supports new refresh action (that is the alias for "open --refresh"). * Integritysetup now supports mode with detached data device through new --data-device option. - 2.1.0 would use LUKS2 as default, we stay with LUKS1 for now until someone has time to evaluate the fallout from switching to LUKS2. OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=146 --- cryptsetup-2.0.5.tar.sign | 16 ---------------- cryptsetup-2.0.5.tar.xz | 3 --- cryptsetup-2.1.0.tar.sign | 16 ++++++++++++++++ cryptsetup-2.1.0.tar.xz | 3 +++ cryptsetup.changes | 28 ++++++++++++++++++++++++++++ cryptsetup.spec | 11 ++++++----- 6 files changed, 53 insertions(+), 24 deletions(-) delete mode 100644 cryptsetup-2.0.5.tar.sign delete mode 100644 cryptsetup-2.0.5.tar.xz create mode 100644 cryptsetup-2.1.0.tar.sign create mode 100644 cryptsetup-2.1.0.tar.xz diff --git a/cryptsetup-2.0.5.tar.sign b/cryptsetup-2.0.5.tar.sign deleted file mode 100644 index fc0979a..0000000 --- a/cryptsetup-2.0.5.tar.sign +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAlvVz2sACgkQ2bBXe9k+ -mPyYuQ//fNwPronpHFrOzmv277cfzVT6zrgLKOaf/YlqA0h5XmBVX9xcOD9rXhda -ld9rumIQn9s8G8HLavxxxhnciqeNOS0T/1ry3NVpxYdfF1FptIjchH/Lo697P5dX -C1oAqchOqfxjm6dwmbllvXTgoHV657JUC5tuaL6Wl26DrhImmAgNi42yZehNtHZz -8FN0Fc0muU06LUmKR2a4P5xj2SvlNntMnvld+qLHf+k+bBrcJyu2cqaBNns45mXy -uDHXclP+8ofXW3mELmSBJ89GzLkr8Zpxp2dITv2GqtewX1MH5b8cMUwIVsCClqHl -2YNGhMqRkDDj0C8u8JpYvmmZxcMUaKr5EMze18NeqPXpZCBoW5nvEtsS7hWbCdyu -VPqdP4mHfHeQtZkk3U4SZLEU7xFzcTwhgpxRQPe6ujyz+PlrOLk0Z9js9WgOJZ1U -7a9YNnXWlNIcVqOoYm9SPBo9nj+eoVUr2GG3lT02udj5YhGZjDG0gbjgtM99jg+T -Bcv/h9abx6a2TmPIRW9Pa98ggIaeY3HbAK4D4xBritrfhvtyXMAYWbwj8ZkyCsCX -41I10Eh3dNXR6/OJQFjKv7RCqGzanyCzEG0F+G4mw5xqPx5jhowmjI7GaC54X7UZ -7RWYt1pl8F+UGIbBRl3BWuI+cHM0RBJ4Jx53f6zpqDP9hL58RbA= -=o3rq ------END PGP SIGNATURE----- diff --git a/cryptsetup-2.0.5.tar.xz b/cryptsetup-2.0.5.tar.xz deleted file mode 100644 index ec62a0a..0000000 --- a/cryptsetup-2.0.5.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a0f72ca2c824a5a555dc8924413dfe947eca23ab2e30bcff54eaafefe5fe301d -size 10476304 diff --git a/cryptsetup-2.1.0.tar.sign b/cryptsetup-2.1.0.tar.sign new file mode 100644 index 0000000..1f375e2 --- /dev/null +++ b/cryptsetup-2.1.0.tar.sign @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAlxdkp0ACgkQ2bBXe9k+ +mPx0JxAAu+yx54yDHQO1QOZvINKVSrLwZ/nGAy+JDQsOsM/+zOlXictxD/yybzZv +GFuWdn5POnZDfwjp9b9UvudOUbxTLWNimyavV58iG0ICgFbxC6wpCVn0NxC+lPtt +3uThWXTgJzcDpGbi9oi7FWEoihG7DJHMsGVUeUnhcZC+NSdXl6/ZTb5i68/rNNzc +YHwM7OSWczn39Bdr0+/gs3jxnO01OP1weNgFZ6ChcENkSp8n+TQJEVwa+yiuO+rP +BcBws0zjBYTKcpm/ZtuPGczwOaEBwk/jyamgfoobIeCzIyyUdMrCxwE/3oYMJxqS +faijxMd21RZ3yqnkwvhTO1CbGWHAlVCqjAzyX8okhgjVi8gQpWvD67WRSC7FX+vD +72m9yZ5qTO0lNPTtze6xo88UvWskIZtSg1rPtP39vyBnAAgZflKFRu8r+IgXn612 +VRJLlit+mCmKOgi5ochkxlJgrMY6FmWbVMlq1sxFy1dk3wRQTh5DYzT5IGnhdXi8 +osY2swVKnVJhkThomVUJ8pXIwWGKZNGMzTU7Eofi9zSHwTMm0y6EdFNlXogrzmY3 +vEHOb3zEqPujWegBeqsHhuHgPQewgts+7bIPEbvEPsSwSqMvX8BPsyLv7c6bat9x +GhXTLwGeJ2RcNmF5bH7GMe7b+XLVaeBzNjLE3Ty0iFWgzT3Uwd0= +=gOH9 +-----END PGP SIGNATURE----- diff --git a/cryptsetup-2.1.0.tar.xz b/cryptsetup-2.1.0.tar.xz new file mode 100644 index 0000000..771df0f --- /dev/null +++ b/cryptsetup-2.1.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a3eeb2741f8f3376d16585191f3c60e067dd987e096c3c4b073fab7748b1c897 +size 10662576 diff --git a/cryptsetup.changes b/cryptsetup.changes index 3228621..bf0b3c3 100644 --- a/cryptsetup.changes +++ b/cryptsetup.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Fri Feb 15 09:41:52 UTC 2019 - lnussel@suse.de + +- New version 2.1.0 + * The default size of the LUKS2 header is increased to 16 MB. + It includes metadata and the area used for binary keyslots; + it means that LUKS header backup is now 16MB in size. + * Cryptsetup now doubles LUKS default key size if XTS mode is used + (XTS mode uses two internal keys). This does not apply if key size + is explicitly specified on the command line and it does not apply + for the plain mode. + This fixes a confusion with AES and 256bit key in XTS mode where + code used AES128 and not AES256 as often expected. + * Default cryptographic backend used for LUKS header processing is now + OpenSSL. For years, OpenSSL provided better performance for PBKDF. + + * The Python bindings are no longer supported and the code was removed + from cryptsetup distribution. Please use the libblockdev project + that already covers most of the libcryptsetup functionality + including LUKS2. + * Cryptsetup now allows using --offset option also for luksFormat. + * Cryptsetup now supports new refresh action (that is the alias for + "open --refresh"). + * Integritysetup now supports mode with detached data device through + new --data-device option. +- 2.1.0 would use LUKS2 as default, we stay with LUKS1 for now until + someone has time to evaluate the fallout from switching to LUKS2. + ------------------------------------------------------------------- Tue Oct 30 10:10:35 UTC 2018 - lnussel@suse.de diff --git a/cryptsetup.spec b/cryptsetup.spec index 754cfa5..c4e4be0 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -1,7 +1,7 @@ # # spec file for package cryptsetup # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,25 +22,25 @@ Name: cryptsetup2 %else Name: cryptsetup %endif -Version: 2.0.5 +Version: 2.1.0 Release: 0 Summary: Set Up dm-crypt Based Encrypted Block Devices License: SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later Group: System/Base Url: https://gitlab.com/cryptsetup/cryptsetup/ -Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{version}.tar.xz +Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.1/cryptsetup-%{version}.tar.xz # GPG signature of the uncompressed tarball. -Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{version}.tar.sign +Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.1/cryptsetup-%{version}.tar.sign Source2: baselibs.conf Source3: cryptsetup.keyring BuildRequires: device-mapper-devel BuildRequires: fipscheck BuildRequires: fipscheck-devel -BuildRequires: libgcrypt-devel BuildRequires: libjson-c-devel BuildRequires: libpwquality-devel BuildRequires: libselinux-devel BuildRequires: libuuid-devel +BuildRequires: pkgconfig(openssl) # 2.6.38 has the required if_alg.h BuildRequires: linux-glibc-devel >= 2.6.38 BuildRequires: pkgconfig @@ -118,6 +118,7 @@ autoreconf -f -i --enable-pwquality \ --enable-gcrypt-pbkdf2 \ --enable-libargon2 \ + --with-default-luks-format=LUKS1 \ --with-luks2-lock-path=/run/cryptsetup \ --with-tmpfilesdir='%{_tmpfilesdir}' make %{?_smp_mflags} V=1 From b860f84edd840662455822130532c43454907fa43c2fcbdec9199458c58c97e8 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Mon, 18 Feb 2019 12:27:45 +0000 Subject: [PATCH 2/2] Accepting request 676570 from home:jengelh:branches:security - Use noun phrase in summary. OBS-URL: https://build.opensuse.org/request/show/676570 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=147 --- cryptsetup.changes | 5 +++++ cryptsetup.spec | 10 +++++----- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/cryptsetup.changes b/cryptsetup.changes index bf0b3c3..cc8d92f 100644 --- a/cryptsetup.changes +++ b/cryptsetup.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Feb 15 15:01:18 UTC 2019 - Jan Engelhardt + +- Use noun phrase in summary. + ------------------------------------------------------------------- Fri Feb 15 09:41:52 UTC 2019 - lnussel@suse.de diff --git a/cryptsetup.spec b/cryptsetup.spec index c4e4be0..b51c5cc 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -24,7 +24,7 @@ Name: cryptsetup %endif Version: 2.1.0 Release: 0 -Summary: Set Up dm-crypt Based Encrypted Block Devices +Summary: Setup program for dm-crypt Based Encrypted Block Devices License: SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later Group: System/Base Url: https://gitlab.com/cryptsetup/cryptsetup/ @@ -64,7 +64,7 @@ includes support for automatically setting up encrypted volumes at boot time via the config file %{_sysconfdir}/crypttab. %package -n libcryptsetup%{so_ver} -Summary: Set Up dm-crypt Based Encrypted Block Devices +Summary: Library for setting up dm-crypt Based Encrypted Block Devices Group: System/Libraries Suggests: libcryptsetup%{so_ver}-hmac @@ -76,7 +76,7 @@ includes support for automatically setting up encrypted volumes at boot time via the config file %{_sysconfdir}/crypttab. %package -n libcryptsetup%{so_ver}-hmac -Summary: Checksums for libcryptsetup4 +Summary: Checksums for libcryptsetup%{so_ver} Group: System/Base %description -n libcryptsetup%{so_ver}-hmac @@ -84,7 +84,7 @@ This package contains HMAC checksums for integrity checking of libcryptsetup4, used for FIPS. %package -n lib%{name}-devel -Summary: Set Up dm-crypt Based Encrypted Block Devices +Summary: Header files for libcryptsetup Group: Development/Libraries/C and C++ Requires: glibc-devel Requires: libcryptsetup%{so_ver} = %{version}