From 9563f85232fab4a416130a3abd60eb4e1deba92970ccf3230b330d372a2d35a9 Mon Sep 17 00:00:00 2001 From: Pedro Monreal Gonzalez Date: Tue, 30 Jul 2024 11:55:40 +0000 Subject: [PATCH] Accepting request 1190462 from home:pmonrealgonzalez:branches:security - Update to 2.7.3: * Do not allow formatting LUKS2 with Opal SED (hardware encryption) if the reported logical sector size for the block device and Opal encryption logical block differs. * Fixes to wiping LUKS2 headers after Opal locking area erase. * Mention the need for possible PSID revert before Opal format for some drives (man page). * Fix Bitlocker-compatible code to ignore newly seen metadata entries. * Fix interactive query retry if LUKS2 unbound keyslot is present. * Detect unsupported zoned devices for LUKS header devices. * Allow "capi" cipher format for benchmark command and fix parsing of plain IV in "capi" format. * Add support for HCTR2 encryption mode. * Source code now uses SPDX license identifiers instead of full license preambles. * Fix missing includes for cryptographic backend that could cause compilation errors for some systems. * Fix tests to work correctly in FIPS mode with recent OpenSSL 3.2. * Fix various (mostly false positive) issues detected by Coverity. OBS-URL: https://build.opensuse.org/request/show/1190462 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=199 --- cryptsetup-2.7.2.tar.sign | 16 ---------------- cryptsetup-2.7.2.tar.xz | 3 --- cryptsetup-2.7.3.tar.sign | 16 ++++++++++++++++ cryptsetup-2.7.3.tar.xz | 3 +++ cryptsetup.changes | 23 +++++++++++++++++++++++ cryptsetup.spec | 2 +- 6 files changed, 43 insertions(+), 20 deletions(-) delete mode 100644 cryptsetup-2.7.2.tar.sign delete mode 100644 cryptsetup-2.7.2.tar.xz create mode 100644 cryptsetup-2.7.3.tar.sign create mode 100644 cryptsetup-2.7.3.tar.xz diff --git a/cryptsetup-2.7.2.tar.sign b/cryptsetup-2.7.2.tar.sign deleted file mode 100644 index 41624f0..0000000 --- a/cryptsetup-2.7.2.tar.sign +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmYVE/0ACgkQ2bBXe9k+ -mPwmmA//TMJkvg4UCte56B9RaCjFgCoD1fJh6NZDlgYWP+J4NFRSgNGSAFVFm59X -JmStGU/UXCe8VqtRXemOu7ngAT9gNKVLtgB3maH2DVbdw5Kn1nFQMDdXON/w62JT -3N7Z+MRvDNEzMTkD+cGw0wd81f1xTdZwKtV5v28WLGyR4rw27PNRhCmjOv2b4fqO -Ytjdi0ydmJwm+xaQ2L1CpF8uDuTZdLqnCZK0tLnWyy8oLvtt2bJMUpjFY6eU6I5w -Gg9oPDoF0XrlXA1q4poMryZloMsYYqjbXlBp2MaNOnuLOFsvU3j0u4Dy+Q/fxuUa -qeljZdz7Aw0pB2dLopLj9wELHgRhlJTAV3mHtKYeu6yX2xafffMCzc0hRAaFNjHu -5D+lGVD7k1CEYNxVR7skuwG5QPiRE9HvIdtdbivxZvdVfurrTPOIUJgy/nhvuDQx -GZ6Hsdj4zOnTvxvFFpMHYv7Xq5XrG4nmWE2d4f1dcA0KJunnNVwDbDfCIms+nAkK -bMF+T6JJZckoD//ZC2AA3mBcfVCq+CJVshI7xK8tBpTZ8b6RgyGhr/+ML5CmD/99 -RFLMlGW+iFpyhIWKh5hxD7VvWBtPZiyUDEBFP1sfxcylP8+NuR09+xM1zUsKAMiG -XSr5q4m8KyTtAhXwbHNGZA3jGpTgeEW9wSxsRIwyin6/uFdkNgY= -=Jadg ------END PGP SIGNATURE----- diff --git a/cryptsetup-2.7.2.tar.xz b/cryptsetup-2.7.2.tar.xz deleted file mode 100644 index 303a34a..0000000 --- a/cryptsetup-2.7.2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:219ebf74e8eddf96624a0376477e5a6f8f350a67aaf36e7dadb114d94b3afef4 -size 11637316 diff --git a/cryptsetup-2.7.3.tar.sign b/cryptsetup-2.7.3.tar.sign new file mode 100644 index 0000000..69d1246 --- /dev/null +++ b/cryptsetup-2.7.3.tar.sign @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmZwLt8ACgkQ2bBXe9k+ +mPx0jRAApF5+ZBiOniEW25S3n77rk7PZTwxq9GU55T8mvQh5KGZon91kn5vpBMWb +0MKdxaKQCdAhXLicS+276CtNRHjd30xX4HARWBEr3d97IA5PDFhah0gBUI/Hdrtz +b5KKGweIeBg0h35OIhWLyIzhlTNq9CXpFWbZqYFZzl1+eLqVNDc5h55iWR8SpcZ9 +tkobn5x602hJ7WxRw/qVKYVR/24vrsX/6AOAG5kNqhKzK/uhQwaQEO8Ifc8y0k5F +n3TXP0IkKoHUaFh7wPIrFrjRVa9Z47lEE/ndL0XWg/56rcNSRe1uhQmyDmCsUstV +SbYsiA46Al/cJ6eWySe/8VFMClidLy+LrF9JqTbOy6R1WlEVea3ByAQi/snr4zpg +zGEm9ixLe6OAqZy8WliKldu/EJ9Z9Z96ZkLszVer4KLQWXtYDooiRlcXQnsVXqX1 +gVsDgp3VCWkh1qnfmor+UO9bZ4Y8lVEeXf3fgqAer5PFhmI4J3tteVmVJcyaREGJ +w4l2o4p5ni6oC08xeS7SW9zzXB71vSw79WgcguvN9l2q4q8D6/KljEZ9B1/djnBf +fbvyBA1YRPGU/vDRFTFaeXEot1rF1aQdkRg5GcVBDsOVMjV1SpL9YKd+KaaRp1Ug +7FHKT/we9Zo0j6bpfepJHUoUJIOndxTnNGR4PT1dAX+juqn+pqY= +=rzaX +-----END PGP SIGNATURE----- diff --git a/cryptsetup-2.7.3.tar.xz b/cryptsetup-2.7.3.tar.xz new file mode 100644 index 0000000..d87f454 --- /dev/null +++ b/cryptsetup-2.7.3.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b772ae4f6df0cee7200b28cea960e4daaff2a203d2fd502beab3c1317b07a456 +size 11689300 diff --git a/cryptsetup.changes b/cryptsetup.changes index ad7c318..42bff6c 100644 --- a/cryptsetup.changes +++ b/cryptsetup.changes @@ -1,3 +1,26 @@ +------------------------------------------------------------------- +Tue Jul 30 08:51:00 UTC 2024 - Pedro Monreal + +- Update to 2.7.3: + * Do not allow formatting LUKS2 with Opal SED (hardware encryption) + if the reported logical sector size for the block device and Opal + encryption logical block differs. + * Fixes to wiping LUKS2 headers after Opal locking area erase. + * Mention the need for possible PSID revert before Opal format for some + drives (man page). + * Fix Bitlocker-compatible code to ignore newly seen metadata entries. + * Fix interactive query retry if LUKS2 unbound keyslot is present. + * Detect unsupported zoned devices for LUKS header devices. + * Allow "capi" cipher format for benchmark command and fix parsing + of plain IV in "capi" format. + * Add support for HCTR2 encryption mode. + * Source code now uses SPDX license identifiers instead of full + license preambles. + * Fix missing includes for cryptographic backend that could cause + compilation errors for some systems. + * Fix tests to work correctly in FIPS mode with recent OpenSSL 3.2. + * Fix various (mostly false positive) issues detected by Coverity. + ------------------------------------------------------------------- Fri Jul 12 11:53:46 UTC 2024 - Petr Vorel diff --git a/cryptsetup.spec b/cryptsetup.spec index d47c49d..48cc456 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -18,7 +18,7 @@ %define so_ver 12 Name: cryptsetup -Version: 2.7.2 +Version: 2.7.3 Release: 0 Summary: Setup program for dm-crypt Based Encrypted Block Devices License: CC-BY-SA-4.0 AND LGPL-2.0-or-later WITH cryptsetup-OpenSSL-exception