forked from pool/cryptsetup
Accepting request 29937 from security
Copy from security/cryptsetup based on submit request 29937 from user lnussel OBS-URL: https://build.opensuse.org/request/show/29937 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=41
This commit is contained in:
commit
7494f24427
1
baselibs.conf
Normal file
1
baselibs.conf
Normal file
@ -0,0 +1 @@
|
||||
libcryptsetup1
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:748209e4d765d7b66b6479f7e838e1ceca1823c00184b7732f647f9f5807d56d
|
||||
size 17933
|
3
boot.crypto-0_200911271000.tar.bz2
Normal file
3
boot.crypto-0_200911271000.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:65d653f82ff72ad2cf5e703663331c42460df5253297d149b2ff7fa2b6e4fd1b
|
||||
size 17953
|
@ -1,42 +0,0 @@
|
||||
From 6b92a27195e21e9d96ce2f324c3da593a01a7ae0 Mon Sep 17 00:00:00 2001
|
||||
From: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||
Date: Tue, 29 Sep 2009 11:09:31 +0200
|
||||
Subject: [PATCH] Fail if piped input is broken.
|
||||
|
||||
---
|
||||
ChangeLog | 1 +
|
||||
lib/utils.c | 13 ++++++++++---
|
||||
2 files changed, 11 insertions(+), 3 deletions(-)
|
||||
|
||||
Index: cryptsetup-1.0.7/lib/utils.c
|
||||
===================================================================
|
||||
--- cryptsetup-1.0.7.orig/lib/utils.c
|
||||
+++ cryptsetup-1.0.7/lib/utils.c
|
||||
@@ -361,6 +361,7 @@ int get_key(char *prompt, char **key, un
|
||||
char *pass = NULL;
|
||||
int newline_stop;
|
||||
int read_horizon;
|
||||
+ int regular_file = 0;
|
||||
|
||||
if(key_file && !strcmp(key_file, "-")) {
|
||||
/* Allow binary reading from stdin */
|
||||
@@ -435,6 +436,8 @@ int get_key(char *prompt, char **key, un
|
||||
// goto out_err;
|
||||
fprintf(stderr,"Warning: exhausting read requested, but key file is not a regular file, function might never return.\n");
|
||||
}
|
||||
+ else
|
||||
+ regular_file = 1;
|
||||
}
|
||||
buflen = 0;
|
||||
for(i = 0; read_horizon == 0 || i < read_horizon; i++) {
|
||||
@@ -452,6 +455,10 @@ int get_key(char *prompt, char **key, un
|
||||
}
|
||||
if(key_file)
|
||||
close(fd);
|
||||
+ /* Fail if piped input dies reading nothing */
|
||||
+ if(!i && !regular_file) {
|
||||
+ goto out_err;
|
||||
+ }
|
||||
pass[i] = 0;
|
||||
*key = pass;
|
||||
*passLen = i;
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:829af59ab5bb47e4ff384a927458b4ffbb86380825de5f9ac751a89df599ed99
|
||||
size 417339
|
3
cryptsetup-1.1.0.tar.bz2
Normal file
3
cryptsetup-1.1.0.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:b343fa6bf3c48b633e68da25e44aebd6a32a3dc21c10604acd6faa04e41f58f3
|
||||
size 465778
|
7
cryptsetup-1.1.0.tar.bz2.asc
Normal file
7
cryptsetup-1.1.0.tar.bz2.asc
Normal file
@ -0,0 +1,7 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1.4.10 (GNU/Linux)
|
||||
|
||||
iEYEABECAAYFAktS7HYACgkQf1Jlc7shgi8PwQCfVFwnRLdjn7hILuxXq5TLtmsa
|
||||
elIAn0VqeFuSEqPg3qu9BqPnmdkoMRzI
|
||||
=mOAm
|
||||
-----END PGP SIGNATURE-----
|
@ -1,3 +1,78 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 18 12:18:32 UTC 2010 - lnussel@suse.de
|
||||
|
||||
- cryptsetup 1.1.0:
|
||||
|
||||
* IMPORTANT: the default compiled-in cipher parameters changed
|
||||
plain mode: aes-cbc-essiv:sha256 (default is backward incompatible!).
|
||||
LUKS mode: aes-cbc-essiv:sha256 (only key size increased)
|
||||
In both modes is now default key size 256bits.
|
||||
|
||||
* Default compiled-in parameters are now configurable through configure options:
|
||||
--with-plain-* / --with-luks1-* (see configure --help)
|
||||
|
||||
* If you need backward compatible defaults for distribution use
|
||||
configure --with-plain-mode=cbc-plain --with-luks1-keybits=128
|
||||
|
||||
Default compiled-in modes are printed in "cryptsetup --help" output.
|
||||
|
||||
* Change in iterations count (LUKS):
|
||||
The slot and key digest iteration minimum count is now 1000.
|
||||
The key digest iteration count is calculated from iteration time (approx 1/8 of req. time).
|
||||
For more info about above items see discussion here: http://tinyurl.com/yaug97y
|
||||
|
||||
* New libcryptsetup API (documented in libcryptsetup.h).
|
||||
|
||||
The old API (using crypt_options struct) is still available but will remain
|
||||
frozen and not used for new functions.
|
||||
Soname of library changed to libcryptsetup.so.1.0.0.
|
||||
(But only recompilation should be needed for old programs.)
|
||||
|
||||
The new API provides much more flexible operation over LUKS device for
|
||||
applications, it is preferred that new applications will use libcryptsetup
|
||||
and not wrapper around cryptsetup binary.
|
||||
|
||||
* New luksHeaderBackup and luksHeaderRestore commands.
|
||||
|
||||
These commands allows binary backup of LUKS header.
|
||||
Please read man page about possible security issues with backup files.
|
||||
|
||||
* New luksSuspend (freeze device and wipe key) and luksResume (with provided passphrase).
|
||||
|
||||
luksSuspend wipe encryption key in kernel memory and set device to suspend
|
||||
(blocking all IO) state. This option can be used for situations when you need
|
||||
temporary wipe encryption key (like suspend to RAM etc.)
|
||||
Please read man page for more information.
|
||||
|
||||
* New --master-key-file option for luksFormat and luksAddKey.
|
||||
|
||||
User can now specify pre-generated master key in file, which allows regenerating
|
||||
LUKS header or add key with only master key knowledge.
|
||||
|
||||
* Uses libgcrypt and enables all gcrypt hash algorithms for LUKS through -h luksFormat option.
|
||||
|
||||
Please note that using different hash for LUKS header make device incompatible with
|
||||
old cryptsetup releases.
|
||||
|
||||
* Introduces --debug parameter.
|
||||
|
||||
Use when reporting bugs (just run cryptsetup with --debug and attach output
|
||||
to issue report.) Sensitive data are never printed to this log.
|
||||
|
||||
* Moves command successful messages to verbose level.
|
||||
|
||||
* Requires device-mapper library and libgcrypt to build.
|
||||
|
||||
* Uses dm-uuid for all crypt devices, contains device type and name now.
|
||||
|
||||
* Removes support for dangerous non-exclusive option
|
||||
(it is ignored now, LUKS device must be always opened exclusive)
|
||||
|
||||
- boot.crypto:
|
||||
* don't use dirty prompt override hack anymore
|
||||
* wait for volume groups if resume volume is on lvm (bnc#556895)
|
||||
* dynamically determine whether the cryptomgr module is neeeded
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 19 14:33:57 UTC 2009 - lnussel@suse.de
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package cryptsetup (Version 1.0.7)
|
||||
# spec file for package cryptsetup (Version 1.1.0)
|
||||
#
|
||||
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -25,20 +25,22 @@ BuildRequires: libselinux-devel
|
||||
# hashalot version
|
||||
%define haver 0.3
|
||||
# boot.crypto version
|
||||
%define bcver 0_200910201446
|
||||
License: BSD 3-clause (or similar) ; GPL v2 only ; GPL v2 or later
|
||||
%define bcver 0_200911271000
|
||||
License: BSD3c(or similar) ; GPLv2 ; GPLv2+
|
||||
Group: System/Base
|
||||
AutoReqProv: on
|
||||
Version: 1.0.7
|
||||
Release: 10
|
||||
Version: 1.1.0
|
||||
Release: 1
|
||||
Summary: Set Up dm-crypt Based Encrypted Block Devices
|
||||
Source: cryptsetup-%{version}.tar.bz2
|
||||
Source1: hashalot-%haver.tar.bz2
|
||||
# http://www.suse.de/~lnussel/boot.crypto.git
|
||||
Source2: boot.crypto-%{bcver}.tar.bz2
|
||||
Source: http://cryptsetup.googlecode.com/files/cryptsetup-%{version}.tar.bz2
|
||||
Source1: http://cryptsetup.googlecode.com/files/cryptsetup-%{version}.tar.bz2.asc
|
||||
Source2: baselibs.conf
|
||||
Source10: hashalot-%haver.tar.bz2
|
||||
# git://gitorious.org/opensuse/boot_crypto.git
|
||||
Source20: boot.crypto-%{bcver}.tar.bz2
|
||||
# use this to create the tarball from svn
|
||||
Source99: cryptsetup-mktar
|
||||
Patch0: cryptsetup-1.0.7-eofpw.diff
|
||||
#Patch0: cryptsetup-svn131-noascii.diff
|
||||
Patch10: hashalot-fixes.diff
|
||||
Patch11: hashalot-libgcrypt.diff
|
||||
Patch12: hashalot-ctrl-d.diff
|
||||
@ -68,12 +70,12 @@ Authors:
|
||||
Christophe Saout <christophe@saout.de>
|
||||
Ben Slusky <sluskyb@paranoiacs.org>
|
||||
|
||||
%package -n libcryptsetup0
|
||||
License: BSD 3-clause (or similar) ; GPL v2 only ; GPL v2 or later
|
||||
%package -n libcryptsetup1
|
||||
License: GPLv2+
|
||||
Summary: Set Up dm-crypt Based Encrypted Block Devices
|
||||
Group: System/Base
|
||||
|
||||
%description -n libcryptsetup0
|
||||
%description -n libcryptsetup1
|
||||
cryptsetup is used to conveniently set up dm-crypt based device-mapper
|
||||
targets. It allows to set up targets to read cryptoloop compatible
|
||||
volumes as well as LUKS formatted ones. The package additionally
|
||||
@ -89,13 +91,13 @@ Authors:
|
||||
Ben Slusky <sluskyb@paranoiacs.org>
|
||||
|
||||
%package -n libcryptsetup-devel
|
||||
License: BSD 3-clause (or similar) ; GPL v2 only ; GPL v2 or later
|
||||
License: GPLv2+
|
||||
Summary: Set Up dm-crypt Based Encrypted Block Devices
|
||||
Group: Development/Libraries/C and C++
|
||||
# cryptsetup-devel last used 11.1
|
||||
Provides: cryptsetup-devel = %{version}
|
||||
Obsoletes: cryptsetup-devel < %{version}
|
||||
Requires: libcryptsetup0 = %{version}
|
||||
Requires: libcryptsetup1 = %{version}
|
||||
Requires: device-mapper-devel libgcrypt-devel libgpg-error-devel e2fsprogs-devel glibc-devel
|
||||
|
||||
%description -n libcryptsetup-devel
|
||||
@ -114,8 +116,8 @@ Authors:
|
||||
Ben Slusky <sluskyb@paranoiacs.org>
|
||||
|
||||
%prep
|
||||
%setup -q -b 1 -b 2
|
||||
%patch0 -p1
|
||||
%setup -q -b 10 -b 20
|
||||
#patch0 -p1
|
||||
pushd ../hashalot-%haver
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
@ -130,27 +132,29 @@ popd
|
||||
# cryptsetup build
|
||||
%{?suse_update_config:%{suse_update_config}}
|
||||
autoreconf -f -i
|
||||
test -e po/Makevars || cp po/Makevars.template po/Makevars
|
||||
CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%_prefix --mandir=%_mandir \
|
||||
--libdir=/%_lib \
|
||||
--bindir=/sbin --sbindir=/sbin \
|
||||
--disable-static --enable-shared \
|
||||
--enable-selinux
|
||||
make
|
||||
make %{?jobs:-j%jobs}
|
||||
#
|
||||
# hashalot build
|
||||
pushd ../hashalot-%haver
|
||||
autoreconf -f -i
|
||||
%{?suse_update_config:%{suse_update_config}}
|
||||
CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%_prefix --sbindir=/sbin --mandir=%_mandir
|
||||
make
|
||||
make %{?jobs:-j%jobs}
|
||||
popd
|
||||
|
||||
%install
|
||||
make install DESTDIR=$RPM_BUILD_ROOT
|
||||
# move devel .so link to %{libdir}
|
||||
# move devel stuff to %{libdir}
|
||||
rm -f $RPM_BUILD_ROOT/%{_lib}/libcryptsetup.so
|
||||
mkdir -p $RPM_BUILD_ROOT%{_libdir}
|
||||
ln -s /%{_lib}/libcryptsetup.so.0.0.0 $RPM_BUILD_ROOT%{_libdir}/libcryptsetup.so
|
||||
ln -s /%{_lib}/libcryptsetup.so.1 $RPM_BUILD_ROOT%{_libdir}/libcryptsetup.so
|
||||
mv $RPM_BUILD_ROOT/%_lib/pkgconfig $RPM_BUILD_ROOT/%_libdir
|
||||
# don't want this file in /lib (FHS compat check), and can't move it to /usr/lib
|
||||
rm -f $RPM_BUILD_ROOT/%_lib/*.la
|
||||
#
|
||||
@ -186,11 +190,9 @@ fi
|
||||
[ -x /sbin/mkinitrd_setup ] && mkinitrd_setup
|
||||
%{insserv_cleanup}
|
||||
|
||||
%post -n libcryptsetup0
|
||||
/sbin/ldconfig
|
||||
%post -n libcryptsetup1 -p /sbin/ldconfig
|
||||
|
||||
%postun -n libcryptsetup0
|
||||
/sbin/ldconfig
|
||||
%postun -n libcryptsetup1 -p /sbin/ldconfig
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
@ -216,14 +218,15 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%_mandir/man5/cryptotab.5.gz
|
||||
/lib/cryptsetup
|
||||
|
||||
%files -n libcryptsetup0
|
||||
%files -n libcryptsetup1
|
||||
%defattr(-,root,root)
|
||||
/%_lib/libcryptsetup.so.0
|
||||
/%_lib/libcryptsetup.so.0.0.0
|
||||
/%_lib/libcryptsetup.so.1
|
||||
/%_lib/libcryptsetup.so.1.0.0
|
||||
|
||||
%files -n libcryptsetup-devel
|
||||
%defattr(-,root,root)
|
||||
%_includedir/libcryptsetup.h
|
||||
%{_libdir}/libcryptsetup.so
|
||||
%{_libdir}/pkgconfig/*
|
||||
|
||||
%changelog
|
||||
|
Loading…
Reference in New Issue
Block a user