forked from pool/cryptsetup
Accepting request 338019 from security
1 OBS-URL: https://build.opensuse.org/request/show/338019 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=94
This commit is contained in:
commit
8c796b5e04
@ -1,17 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1
|
||||
|
||||
iQIbBAABCAAGBQJVEE3fAAoJENmwV3vZPpj8ql4P9ijvmO15ur4wpcGFkNYyzfuA
|
||||
Y17yaTT6Nde8cGLUCpw7rPBoxL/b4ZArJnNk9UP73MyycxfVijaX5XxxoQbpL8n0
|
||||
cn1vdXTFzqXGBTJkjO0uQor1szQbvaz7xbk7LeBgG+j/zZGRa/0AKs42qvTaWzHu
|
||||
G50AqksMGFV1ih+d4wYdD+AqcUf6h+1HQRjq/DqEurg1EHQ+iMqem1htvrzTq8+V
|
||||
ym3xHM+JxJ04syzPb92VntSmyfX6ztmh+61cflQiOrIbTw+MFeGmYMOTufkWmQFi
|
||||
gFC+7mXTjO1YkmN+RFYZ52WY3shk3BLhAXT/pFlGFjwfHqrvFgfj+Iu9STVs2du2
|
||||
LLa+xF5yxaKyHHKkw2wn7edeepzfwSp0+lmDy8B0SGXh5wGNreNSX3IMAdJeJztM
|
||||
7EyJa5JUSMfKWPHzy1gGYZRN/NQGGqG3c1+Sw5hy/ukFtLC4DSu5OtJNOt2c8MNw
|
||||
+XPXh+Ssy+ma9e0E+pnmRYQ/nY2BWuN/gFB5Gvr08d4hifP9+LzI+bgQx4gNjB5Y
|
||||
9py0moXVOxn/TICXSFgjDmvYgw7BZRVtaHFfkiKA5DrBeS07MROKzL59ykiuU7HW
|
||||
HvCs3icShV+oSt79bMa7E+QhKRsBicS30QyLecttHkxbLxSg55qFpMa7m8+6VG2Y
|
||||
LsfZNLwWJmf8jU9YUY0=
|
||||
=jDZw
|
||||
-----END PGP SIGNATURE-----
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:c23c24c8d662032da8650c1c84985221be8bbedf4737c1540bba7e4517dfe820
|
||||
size 1188876
|
17
cryptsetup-1.6.8.tar.sign
Normal file
17
cryptsetup-1.6.8.tar.sign
Normal file
@ -0,0 +1,17 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1
|
||||
|
||||
iQIcBAABCAAGBQJV7r+oAAoJENmwV3vZPpj8KEsP/2BTTiaXCzwvqupSAo7dFpET
|
||||
Tugtc99Nzrv8Yc4nNvboxXSD7/TOZYAEWz787KPANJo3Ks46F3BB9KjeqRxhnGAX
|
||||
+Ce9wi8ufdjECSZjNDxl5tcJrmrmftAgBbZhPIaYE7wZuxF71Cl769XHdgVvSV2w
|
||||
pyGbiqXdcnMVw1q4npndZNsVoMZ4vB1bEfz8AAgC6idF/yiAw2tI7VjUZfrNDd0b
|
||||
mc6IOmDslyGxA1565w/HSiZqxqaZTsVGfwfluxTwpu+Du9eMHeViJV/4Z1Aka5lF
|
||||
wNxnJZro9UlGkRCWXR6zZYXPrHEHGaNlwObUpWcfHSLNTP9ulgPY0tkVnXuY7uom
|
||||
JGtGCdVPsqxCaBg8fd+QQRbPZqrIZGw+wgjikqTs9gnd+LdUBxHDuseRuE+mkk0w
|
||||
cZW2RQf9f4nYj7LUvLuY0NBQ9brHsrU/IqjWQWnPrzmdCh2pdnb6UmOyWH0dcYcB
|
||||
ldReYWbbCBO132QZuT53VJv/c4XATnEQLIgOaT3AUddVUAEvkNephesN1/rjuAKG
|
||||
OwTVelvo4gp0ncYPZiQHzkVe5mTt/7JVyuXYDO/tnm4JYn9ZFQj00ZoGTeywWAGR
|
||||
5xNH7Gjo8JGNm9oI358jfQw6zLBWn3FdyDgoxxvupNC6wi/O+7Gb86PxyMFn7Lii
|
||||
sF1YN0no4oN+OyCDU17N
|
||||
=apNw
|
||||
-----END PGP SIGNATURE-----
|
3
cryptsetup-1.6.8.tar.xz
Normal file
3
cryptsetup-1.6.8.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:45a6ccd3c65b7d904e58e1cb3656a7e997190b6a05b5ff7c6887e4a41c5f19bc
|
||||
size 1221232
|
@ -1,3 +1,35 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 8 20:19:34 UTC 2015 - asterios.dramis@gmail.com
|
||||
|
||||
- Update to 1.6.8
|
||||
* If the null cipher (no encryption) is used, allow only empty
|
||||
password for LUKS. (Previously cryptsetup accepted any password
|
||||
in this case.)
|
||||
The null cipher can be used only for testing and it is used
|
||||
temporarily during offline encrypting not yet encrypted device
|
||||
(cryptsetup-reencrypt tool).
|
||||
Accepting only empty password prevents situation when someone
|
||||
adds another LUKS device using the same UUID (UUID of existing
|
||||
LUKS device) with faked header containing null cipher.
|
||||
This could force user to use different LUKS device (with no
|
||||
encryption) without noticing.
|
||||
(IOW it prevents situation when attacker intentionally forces
|
||||
user to boot into different system just by LUKS header
|
||||
manipulation.)
|
||||
Properly configured systems should have an additional integrity
|
||||
protection in place here (LUKS here provides only
|
||||
confidentiality) but it is better to not allow this situation
|
||||
in the first place.
|
||||
(For more info see QubesOS Security Bulletin QSB-019-2015.)
|
||||
* Properly support stdin "-" handling for luksAddKey for both new
|
||||
and old keyfile parameters.
|
||||
* If encrypted device is file-backed (it uses underlying loop
|
||||
device), cryptsetup resize will try to resize underlying loop
|
||||
device as well. (It can be used to grow up file-backed device
|
||||
in one step.)
|
||||
* Cryptsetup now allows to use empty password through stdin pipe.
|
||||
(Intended only for testing in scripts.)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Apr 12 18:45:26 UTC 2015 - crrodriguez@opensuse.org
|
||||
|
||||
|
@ -18,12 +18,12 @@
|
||||
|
||||
%define so_ver 4
|
||||
Name: cryptsetup
|
||||
Version: 1.6.7
|
||||
Version: 1.6.8
|
||||
Release: 0
|
||||
Summary: Set Up dm-crypt Based Encrypted Block Devices
|
||||
License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+
|
||||
Group: System/Base
|
||||
Url: http://code.google.com/p/cryptsetup/
|
||||
Url: https://gitlab.com/cryptsetup/cryptsetup/
|
||||
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-%{version}.tar.xz
|
||||
# GPG signature of the uncompressed tarball.
|
||||
Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-%{version}.tar.sign
|
||||
@ -61,11 +61,11 @@ volumes as well as LUKS formatted ones. The package additionally
|
||||
includes support for automatically setting up encrypted volumes at boot
|
||||
time via the config file %{_sysconfdir}/crypttab.
|
||||
|
||||
%package -n libcryptsetup4-hmac
|
||||
%package -n libcryptsetup%{so_ver}-hmac
|
||||
Summary: Checksums for libcryptsetup4
|
||||
Group: System/Base
|
||||
|
||||
%description -n libcryptsetup4-hmac
|
||||
%description -n libcryptsetup%{so_ver}-hmac
|
||||
This package contains HMAC checksums for integrity checking of libcryptsetup4,
|
||||
used for FIPS.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user