From 5b2dc6e33d1c80eb0f5d9f4f37066acf01e25839aefb814bf4dcf31b70548d90 Mon Sep 17 00:00:00 2001
From: Alexander Naumov <alexander_naumov@opensuse.org>
Date: Fri, 26 Aug 2016 11:48:47 +0000
Subject: [PATCH] Accepting request 422113 from
 home:Alexander_Naumov:branches:security

Update to version 1.7.2

OBS-URL: https://build.opensuse.org/request/show/422113
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=130
---
 cryptsetup-1.7.0.tar.sign | 17 ---------
 cryptsetup-1.7.0.tar.xz   |  3 --
 cryptsetup-1.7.2.tar.sign | 17 +++++++++
 cryptsetup-1.7.2.tar.xz   |  3 ++
 cryptsetup.changes        | 73 +++++++++++++++++++++++++++++++++++++++
 cryptsetup.spec           |  2 +-
 6 files changed, 94 insertions(+), 21 deletions(-)
 delete mode 100644 cryptsetup-1.7.0.tar.sign
 delete mode 100644 cryptsetup-1.7.0.tar.xz
 create mode 100644 cryptsetup-1.7.2.tar.sign
 create mode 100644 cryptsetup-1.7.2.tar.xz

diff --git a/cryptsetup-1.7.0.tar.sign b/cryptsetup-1.7.0.tar.sign
deleted file mode 100644
index 424bf8b..0000000
--- a/cryptsetup-1.7.0.tar.sign
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIcBAABCAAGBQJWOKq0AAoJENmwV3vZPpj8VfgQALqERsJKR9EYJMjsZrij0cEO
-gsy3CJ2zLo8vWBy0GakfH67fKCDxpoMCDKT2B76DJmAkQbaEJULZeaIxA+gQrjWj
-Kg5HrzKjzwbnN8Cv6Wp/rhSK6GS943KO8DMu/lw3SjTEqp9lqySDE5ISwYIqOMS+
-0qr3UpPpJTt6vaMDrDEUvUTGzfV1cK4nvRjrw9nXSbnDpYr4N1PXGoT9eFKIJp8Y
-LV/2esfC1P4y2/qm7Tx1ptOsiv9EAZitWtD7IqPgRbHsLvpO+W41OP5bnRtXTK3/
-RHBYQpKrR5uChLItI457/TYRK4ucxn25AjF/8rXoKgqNaE9ZC1+a1RRjxQqFqIIc
-CtkwUWN9BL0y78jmz+DSn/B/YB18KesraUMkobmsxRVzea7Vzcbv/lcfwBVIkjMH
-DKFJJSRDWa1Zuvola+uW/gvEQuELBQkqe6IErn8WhMN2u35YjQ7r1N6f2If4SvF1
-c/W8mgC/tV+L5v9THSGMjv4VZ/GMaFSq2zoxqMlqzFbapaFuoldTpIpx6TLmiWSg
-PU1U/lAWn4IGPT6OPcJZyXgYNxs2Pixj5dAC4W+hpDTDecrVJzm+2jvMbLy7d0jl
-yqWA2ka/fQAIOw8giGkphTuaDBMOt8yP2dpdrfac25aNUuEk3S7TG1KreAyvrkvH
-ByaYWwWuY2yBRn+EI+K7
-=LQ5T
------END PGP SIGNATURE-----
diff --git a/cryptsetup-1.7.0.tar.xz b/cryptsetup-1.7.0.tar.xz
deleted file mode 100644
index de2d0f9..0000000
--- a/cryptsetup-1.7.0.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:075524a7cc0db36d12119fa79116750accb1c6c8825d5faa2534b74b8ce3d148
-size 1224616
diff --git a/cryptsetup-1.7.2.tar.sign b/cryptsetup-1.7.2.tar.sign
new file mode 100644
index 0000000..7ffce41
--- /dev/null
+++ b/cryptsetup-1.7.2.tar.sign
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABCAAGBQJXUsbKAAoJENmwV3vZPpj8bV4QAI7QyOCNpP+++FLHK+RbX4aM
+bYMxB589BwPIykUypK8ocaSuht0fPBSOV1+oUnrskRxGvSxAB1XG+TJowWHmsAzq
+ZcIYZeIX1r6RdMQIUWIdQfIGLj7MNF6LgS26aFT7ceC64/J8DqQIqEmOzoUlgo22
+Rd/Ii58jOvzbhrj1P8odjdQqu4yYa3t81M9QwzXLFymWB5h769+JaxYtxsRQ1GIH
+dcVo5WCv8ECz8yaXFfWNzgNYsNTL9EhPy3dC4nccQy5rjVzoS4BslENzorWCpaVP
+j0qSthWDDRcoxzJMEABTTwy5o10LVIMqEuW90370RhA8yfSreX7O7rWShKFszQwy
+mXQmt3glS5xk6KRFRwVMCN+31eBzC4kAsIjpWymb6C/ictog6bDB4MovGtUvjF/M
+DGAuywnp7wQzE6c6KulVmeyEOWVn/eqSApXE64koKATQ9zVUd/QV8tVL2vwYdyuz
+CHIT+OFlvattv6CGU9e3k8g/5YKUo4dWHveQgLeRiSviT60gbRdV/5i3LnxFvHjr
+HTGTWOH0U/CjJ5EQxepbS8v18AM3vcCCdjyHrs5JXpIIr6h4I1KQZzjTaP/BPG3+
+nTfEOxxv0cfT6L7zNG+BTDHKEQEgnL1K4JXXEKBWty5XpaVRQlJLlQYqB4rCkOK0
+0VS3WWmzmFExX+iL7Jo1
+=GYgV
+-----END PGP SIGNATURE-----
diff --git a/cryptsetup-1.7.2.tar.xz b/cryptsetup-1.7.2.tar.xz
new file mode 100644
index 0000000..96c301f
--- /dev/null
+++ b/cryptsetup-1.7.2.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dbb35dbf5f0c1749168c86c913fe98e872247bfc8425314b494c2423e7e43342
+size 1222688
diff --git a/cryptsetup.changes b/cryptsetup.changes
index fb9a3a6..b43bb3d 100644
--- a/cryptsetup.changes
+++ b/cryptsetup.changes
@@ -1,3 +1,76 @@
+-------------------------------------------------------------------
+Thu Aug 25 15:15:15 UTC 2016 - alexander_naumov@opensuse.org
+
+- Update to version 1.7.2:
+
+  * Update LUKS documentation format.
+    Clarify fixed sector size and keyslots alignment.
+
+  * Support activation options for error handling modes in
+    Linux kernel dm-verity module:
+      --ignore-corruption - dm-verity just logs detected corruption
+
+      --restart-on-corruption - dm-verity restarts the kernel if
+        corruption is detected
+      If the options above are not specified, default behavior for
+      dm-verity remains. Default is that I/O operation fails with
+      I/O error if corrupted block is detected.
+
+      --ignore-zero-blocks - Instructs dm-verity to not verify
+      blocks that are expected to contain zeroes and always
+      return zeroes directly instead.
+      NOTE that these options could have security or functional
+      impacts, do not use them without assessing the risks!
+
+  * Fix help text for cipher benchmark specification
+    (mention --cipher option).
+
+  * Fix off-by-one error in maximum keyfile size.
+    Allow keyfiles up to compiled-in default and not that value
+    minus one.
+
+  * Support resume of interrupted decryption in cryptsetup-reencrypt
+    utility. To resume decryption, LUKS device UUID (--uuid option)
+    option must be used.
+
+  * Do not use direct-io for LUKS header with unaligned keyslots.
+    Such headers were used only by the first cryptsetup-luks-1.0.0
+    release (2005).
+  * Fix device block size detection to properly work on particular
+
+    file-based containers over underlying devices with 4k sectors.
+
+- Update to version 1.7.1:
+
+  * Code now uses kernel crypto API backend according to new
+    changes introduced in mainline kernel
+    While mainline kernel should contain backward compatible
+    changes, some stable series kernels do not contain fully
+    backported compatibility patches.
+    Without these patches  most of cryptsetup operations
+    (like unlocking device) fail.
+    This change in cryptsetup ensures that all operations using
+    kernel crypto API works even on these kernels.
+
+  * The cryptsetup-reencrypt utility now properly detects removal
+    of underlying link to block device and does not remove
+    ongoing re-encryption log.
+    This allows proper recovery (resume) of reencrypt operation later.
+    NOTE: Never use /dev/disk/by-uuid/ path for reencryption utility,
+    this link disappears once the device metadata is temporarily
+    removed from device.
+
+  * Cryptsetup now allows special "-" (standard input) keyfile handling
+    even for TCRYPT (TrueCrypt and VeraCrypt compatible) devices.
+
+  * Cryptsetup now fails if there are more keyfiles specified
+    for non-TCRYPT device.
+
+  * The luksKillSlot command now does not suppress provided password
+    in batch mode (if password is wrong slot is not destroyed).
+    Note that not providing password in batch mode means that keyslot
+    is destroyed unconditionally.
+
 -------------------------------------------------------------------
 Sat Jan  9 12:12:06 UTC 2016 - benoit.monin@gmx.fr
 
diff --git a/cryptsetup.spec b/cryptsetup.spec
index b8d4c88..af98804 100644
--- a/cryptsetup.spec
+++ b/cryptsetup.spec
@@ -18,7 +18,7 @@
 
 %define so_ver 4
 Name:           cryptsetup
-Version:        1.7.0
+Version:        1.7.2
 Release:        0
 Summary:        Set Up dm-crypt Based Encrypted Block Devices
 License:        SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+