- crypsetup 2.4.0~rc1

* External LUKS token plugins
  * Experimental SSH token
  * Default LUKS2 PBKDF is now Argon2id
  * Increase minimal memory cost for Argon2 benchmark to 64MiB.
  * Autodetect optimal encryption sector size on LUKS2 format.
  * Use VeraCrypt option by default and add --disable-veracrypt option.
  * Support --hash and --cipher to limit opening time for TCRYPT type
  * Fixed default OpenSSL crypt backend support for OpenSSL3.
  * integritysetup: add integrity-recalculate-reset flag.
  * cryptsetup: retains keyslot number in luksChangeKey for LUKS2.
  * Fix cryptsetup resize using LUKS2 tokens.
  * Add close --deferred and --cancel-deferred options.
  * Rewritten command-line option parsing to avoid libpopt arguments
    memory leaks.
  * Add --test-args option.
- switch to LUKS2 default format

OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=170

cryptsetup-2.3.6.tar.sign

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmCwxOgACgkQ2bBXe9k+
-mPzlCg//XVdN6WnGhf35DT2f39GpSUimEAmkK/P3xKYGouzlUEac20mzXsNvkv+H
-BpTN507H44ThgQENPAaKTea9FkqpZIcoBZcPnTXJOQ/ZIfR+iglb4zF9lR1PuVx7
-PuyVZ7BgMxM6lFvOwt5/bkktCDn8uX0nYvzqf9DXWVFUm973NayqftxsbgPa+4DT
-vW2E87sJOM2NLw6psPu3o+wYkKm4N1r+M9JCWNqY8bwvlV5YbW4yBifZl4oU+99l
-VXcqgSQunAvEzRPhtwCUxfYNRULx6xknNZVuwl37sSYgDpjjooy+6qjz1PX8g/qa
-4/Wc0u2q/QmIUq13D2dFdQIrfDaZEJe8d0/yyaCnxPlCVFOhmr31U08o2pK1zJSK
-duUqWVIKQNSFafygrPTeMRhZ1L2iwJZgjuCDyhoJSa62kGvYcLxjEoXjRmeiLXAn
-7aVrmbf4tmJUJ8EUden40JM7MxPeKwHfUhE4Aq//qDfPVId7YFdgnBh6PmwUcyRm
-HTyNJP8ULFX+u+v9C5YbXxb+h6xb65wzQDY1T1IPEJicIu/kv/syac/9QUkF9yG+
-Gsxaq9Ath2UYp7NW11/LXW0jmWVcM2eOfZi6xg8+vT6HWxG58Qzh//gPoLBpzBOj
-E94vQim+q+ky0ePAqi2uEfZUiiID2ns4JYeXoYkxx9aGl/eRrp8=
-=AlrZ
------END PGP SIGNATURE-----

cryptsetup-2.3.6.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b296b7a21ea576c2b180611ccb19d06aec8dddaedf7c704b0c6a81210c25635f
-size 11154148

cryptsetup-2.4.0-rc1.tar.sign

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmEDH9gACgkQ2bBXe9k+
+mPwgSw//cRgUyjZ0bjPSQo1S6dVbNPTh2bMjcAgZ7Y+MJWBLFmS7ltHOw+7JxpZM
+KXvo5MDXqCtl1WC5tfqsfCEEbEW/MjeC94hjc3Yl/9yFJVlFh75OcuKzp6vpNcXr
+5LAo4nHAp92W+pw9xLsDDc4N3CkaKxmxO0JUwkiHFFv9oic4BwYOCRmG0r0OPkuf
+wzFsUBfn+7POQ34qdkpJmaJFo35ellTVbC5tYW1PdHOmB70i4bqFeQ1r3KNfVZa0
+ZHD5ulWBagxfn2bnAaGvoCYofa4V12ZcJz+U4o744R0lqS2rbjKGqa0mpd4w/bxa
+5zjT7eJqe6rLqjMbo//jTLB3G47828s3M6U0uBquJZ8sJk5MkdJK2M7Jprwq4eK4
++wZdRRpXtYiprR24DeE3lR7/83UcMH12IDQRwFPaihOmQxESw3c+qn37X0P6rXtJ
+NpX4ux+TT/YJiO8L/u7f6OkC0Zn6p4icEGfo684VNHEhqIUvMueKGYLwsWjHEnHY
+/WWTYz5TJcqrWoxxTnD/0/Fpgawa1Dquv7gda0gibYhVpCy9Ti8QBI+0IvnyZ4iW
+K2rs3bavygh1GEpVjbOxbgt2cRIhEz1+hyM8RlZnQrHkSGMI/moL5FlFeL28WUkD
+DLCWjpXU0jNyrBev4IWuc+fuDaWOElu3AB8vjcoSCA7tTbHGfuE=
+=YNRk
+-----END PGP SIGNATURE-----

cryptsetup-2.4.0-rc1.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d807059923985567386ec709aa13c8fd093b0cb1cd1613d0a8ace0eb194ee9b3
+size 11148144

cryptsetup.changes

@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Mon Aug  2 14:43:51 UTC 2021 - Ludwig Nussel <lnussel@suse.de>
+
+- crypsetup 2.4.0~rc1
+  * External LUKS token plugins
+  * Experimental SSH token
+  * Default LUKS2 PBKDF is now Argon2id
+  * Increase minimal memory cost for Argon2 benchmark to 64MiB.
+  * Autodetect optimal encryption sector size on LUKS2 format.
+  * Use VeraCrypt option by default and add --disable-veracrypt option.
+  * Support --hash and --cipher to limit opening time for TCRYPT type
+  * Fixed default OpenSSL crypt backend support for OpenSSL3.
+  * integritysetup: add integrity-recalculate-reset flag.
+  * cryptsetup: retains keyslot number in luksChangeKey for LUKS2.
+  * Fix cryptsetup resize using LUKS2 tokens.
+  * Add close --deferred and --cancel-deferred options.
+  * Rewritten command-line option parsing to avoid libpopt arguments
+    memory leaks.
+  * Add --test-args option.
+- switch to LUKS2 default format
+
 -------------------------------------------------------------------
 Thu Jul  1 12:50:25 UTC 2021 - Ludwig Nussel <lnussel@suse.de>
 

cryptsetup.spec

@@ -16,21 +16,22 @@
 #
 
 
+%define tar_version 2.4.0-rc1
 %define so_ver 12
 %if 0%{?is_backports}
 Name:           cryptsetup2
 %else
 Name:           cryptsetup
 %endif
-Version:        2.3.6
+Version:        2.4.0~rc1
 Release:        0
 Summary:        Setup program for dm-crypt Based Encrypted Block Devices
 License:        SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later
 Group:          System/Base
 URL:            https://gitlab.com/cryptsetup/cryptsetup/
-Source0:        https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-%{version}.tar.xz
+Source0:        https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{tar_version}.tar.xz
 # GPG signature of the uncompressed tarball.
-Source1:        https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-%{version}.tar.sign
+Source1:        https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{tar_version}.tar.sign
 Source2:        baselibs.conf
 Source3:        cryptsetup.keyring
 Source4:        %{name}-rpmlintrc
@@ -48,6 +49,7 @@ BuildRequires:  popt-devel
 BuildRequires:  suse-module-tools
 BuildRequires:  pkgconfig(blkid)
 BuildRequires:  pkgconfig(libargon2)
+BuildRequires:  pkgconfig(libssh)
 BuildRequires:  pkgconfig(openssl)
 Requires(post): coreutils
 Requires(postun): coreutils
@@ -66,6 +68,15 @@ volumes as well as LUKS formatted ones. The package additionally
 includes support for automatically setting up encrypted volumes at boot
 time via the config file %{_sysconfdir}/crypttab.
 
+
+%package ssh
+Summary:        Cryptsetup LUKS2 SSH token
+Group:          System/Base
+
+%description ssh
+Experimental cryptsetup plugin for unlocking LUKS2 devices with
+token connected to an SSH server.
+
 %package -n libcryptsetup%{so_ver}
 Summary:        Library for setting up dm-crypt Based Encrypted Block Devices
 Group:          System/Libraries
@@ -108,7 +119,7 @@ includes support for automatically setting up encrypted volumes at boot
 time via the config file %{_sysconfdir}/crypttab.
 
 %prep
-%setup -n cryptsetup-%{version} -q
+%autosetup -n cryptsetup-%{tar_version}
 %if 0%{?is_backports}
 sed -i -e '/AC_INIT/s/cryptsetup/cryptsetup2/' configure.ac
 autoreconf -f -i
@@ -122,7 +133,6 @@ autoreconf -f -i
   --enable-pwquality \
   --enable-gcrypt-pbkdf2 \
   --enable-libargon2 \
-  --with-default-luks-format=LUKS1 \
   --with-luks2-lock-path=/run/cryptsetup \
   --with-tmpfilesdir='%{_tmpfilesdir}'
 %make_build
@@ -173,7 +183,7 @@ find %{buildroot} -type f -name "*.la" -delete -print
 
 %files
 %license COPYING*
-%doc AUTHORS FAQ README TODO docs/ChangeLog.old docs/*ReleaseNotes
+%doc AUTHORS FAQ README.md docs/*ReleaseNotes
 %if !0%{?usrmerged}
 /sbin/cryptsetup%{?is_backports:2}
 %endif
@@ -204,4 +214,11 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %{_libdir}/libcryptsetup.so
 %{_libdir}/pkgconfig/*
 
+%files ssh
+%license COPYING COPYING.LGPL
+%dir %{_libdir}/%{name}
+%{_libdir}/%{name}/libcryptsetup-token-ssh.so
+%{_mandir}/man8/cryptsetup-ssh.8.gz
+%{_sbindir}/cryptsetup-ssh
+
 %changelog