forked from pool/cryptsetup
Accepting request 645684 from security
OBS-URL: https://build.opensuse.org/request/show/645684 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=103
This commit is contained in:
commit
96adeab889
@ -1,16 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAltkMxMACgkQ2bBXe9k+
|
|
||||||
mPwN2hAAvJwEaj1rfAUVhwZ21wMx7wDezI0OLamKAtKKP8saYjH9GA8HpfikGhHD
|
|
||||||
/LqcM31dacsyFP2iK+qj5GuS8aPm9HqePkXa0sqBcWw7Bsr4a091HYtReT3+bG8j
|
|
||||||
zIZtTzsjapZ425/nVB9ClJcEES8N3OpW+zhamv84T1zDwbVtC5x1wiMtsvdM6Rhg
|
|
||||||
bz7R7kam/OPIxgfSWVufVUaMGWDO6zPwND1Wn7ZVm6UNsTPLV/M3/H+uPm4y+jaW
|
|
||||||
In+eDhb05eNcY94dBVhRdqd/72CJ1OXUMEo8GEtmVPljvCDI2ljZ4LEoBUve323f
|
|
||||||
/kzjzZZqljaVoQOl3pT+d7jqvg5EybM6crV8E++VJO3mVSAd5CZhk4LV/HsrnDuy
|
|
||||||
4XtZLSPSQQkyhcezZ0+8EmGzzXVlBMfg6o/Jsnao5DKuIoea78mmH1DX6XnEjFoI
|
|
||||||
MeM+W+3A1scK05LYeo6ZhtGvwlVxUOfsrl5zDp1X+kTT94zPvjmsY2xa0cP3eXZ3
|
|
||||||
vxSI1dosbmL91tE65gEVa1dGEYWMWYeR8K8ZqwVhxsg3QJInOM+sh/KdWQP1o/Lp
|
|
||||||
S1D5zi/8gi9R43K7Nd3Xi027d02gOkwvowie1leXBXdNYrAZIeQJbcdXiXbSAOiD
|
|
||||||
NTjKDPwGZbXmPcQckF1er9nd821ofxbnGEM6jBzCEprEX3YSf3M=
|
|
||||||
=V9r2
|
|
||||||
-----END PGP SIGNATURE-----
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:9d3a3c7033293e0c97f0ad0501fd5b4d4913ae497cbf70cca06633ccc54b5734
|
|
||||||
size 10444544
|
|
16
cryptsetup-2.0.5.tar.sign
Normal file
16
cryptsetup-2.0.5.tar.sign
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAlvVz2sACgkQ2bBXe9k+
|
||||||
|
mPyYuQ//fNwPronpHFrOzmv277cfzVT6zrgLKOaf/YlqA0h5XmBVX9xcOD9rXhda
|
||||||
|
ld9rumIQn9s8G8HLavxxxhnciqeNOS0T/1ry3NVpxYdfF1FptIjchH/Lo697P5dX
|
||||||
|
C1oAqchOqfxjm6dwmbllvXTgoHV657JUC5tuaL6Wl26DrhImmAgNi42yZehNtHZz
|
||||||
|
8FN0Fc0muU06LUmKR2a4P5xj2SvlNntMnvld+qLHf+k+bBrcJyu2cqaBNns45mXy
|
||||||
|
uDHXclP+8ofXW3mELmSBJ89GzLkr8Zpxp2dITv2GqtewX1MH5b8cMUwIVsCClqHl
|
||||||
|
2YNGhMqRkDDj0C8u8JpYvmmZxcMUaKr5EMze18NeqPXpZCBoW5nvEtsS7hWbCdyu
|
||||||
|
VPqdP4mHfHeQtZkk3U4SZLEU7xFzcTwhgpxRQPe6ujyz+PlrOLk0Z9js9WgOJZ1U
|
||||||
|
7a9YNnXWlNIcVqOoYm9SPBo9nj+eoVUr2GG3lT02udj5YhGZjDG0gbjgtM99jg+T
|
||||||
|
Bcv/h9abx6a2TmPIRW9Pa98ggIaeY3HbAK4D4xBritrfhvtyXMAYWbwj8ZkyCsCX
|
||||||
|
41I10Eh3dNXR6/OJQFjKv7RCqGzanyCzEG0F+G4mw5xqPx5jhowmjI7GaC54X7UZ
|
||||||
|
7RWYt1pl8F+UGIbBRl3BWuI+cHM0RBJ4Jx53f6zpqDP9hL58RbA=
|
||||||
|
=o3rq
|
||||||
|
-----END PGP SIGNATURE-----
|
3
cryptsetup-2.0.5.tar.xz
Normal file
3
cryptsetup-2.0.5.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:a0f72ca2c824a5a555dc8924413dfe947eca23ab2e30bcff54eaafefe5fe301d
|
||||||
|
size 10476304
|
@ -1,3 +1,71 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Oct 30 10:10:35 UTC 2018 - lnussel@suse.de
|
||||||
|
|
||||||
|
- Suggest hmac package (boo#1090768)
|
||||||
|
- remove old upgrade hack for upgrades from 12.1
|
||||||
|
- New version 2.0.5
|
||||||
|
|
||||||
|
Changes since version 2.0.4
|
||||||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
* Wipe full header areas (including unused) during LUKS format.
|
||||||
|
|
||||||
|
Since this version, the whole area up to the data offset is zeroed,
|
||||||
|
and subsequently, all keyslots areas are wiped with random data.
|
||||||
|
This ensures that no remaining old data remains in the LUKS header
|
||||||
|
areas, but it could slow down format operation on some devices.
|
||||||
|
Previously only first 4k (or 32k for LUKS2) and the used keyslot
|
||||||
|
was overwritten in the format operation.
|
||||||
|
|
||||||
|
* Several fixes to error messages that were unintentionally replaced
|
||||||
|
in previous versions with a silent exit code.
|
||||||
|
More descriptive error messages were added, including error
|
||||||
|
messages if
|
||||||
|
- a device is unusable (not a block device, no access, etc.),
|
||||||
|
- a LUKS device is not detected,
|
||||||
|
- LUKS header load code detects unsupported version,
|
||||||
|
- a keyslot decryption fails (also happens in the cipher check),
|
||||||
|
- converting an inactive keyslot.
|
||||||
|
|
||||||
|
* Device activation fails if data area overlaps with LUKS header.
|
||||||
|
|
||||||
|
* Code now uses explicit_bzero to wipe memory if available
|
||||||
|
(instead of own implementation).
|
||||||
|
|
||||||
|
* Additional VeraCrypt modes are now supported, including Camellia
|
||||||
|
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
|
||||||
|
hash function. These were introduced in a recent VeraCrypt upstream.
|
||||||
|
|
||||||
|
Note that Kuznyechik requires out-of-tree kernel module and
|
||||||
|
Streebog hash function is available only with the gcrypt cryptographic
|
||||||
|
backend for now.
|
||||||
|
|
||||||
|
* Fixes static build for integritysetup if the pwquality library is used.
|
||||||
|
|
||||||
|
* Allows passphrase change for unbound keyslots.
|
||||||
|
|
||||||
|
* Fixes removed keyslot number in verbose message for luksKillSlot,
|
||||||
|
luksRemoveKey and erase command.
|
||||||
|
|
||||||
|
* Adds blkid scan when attempting to open a plain device and warn the user
|
||||||
|
about existing device signatures in a ciphertext device.
|
||||||
|
|
||||||
|
* Remove LUKS header signature if luksFormat fails to add the first keyslot.
|
||||||
|
|
||||||
|
* Remove O_SYNC from device open and use fsync() to speed up
|
||||||
|
wipe operation considerably.
|
||||||
|
|
||||||
|
* Create --master-key-file in luksDump and fail if the file already exists.
|
||||||
|
|
||||||
|
* Fixes a bug when LUKS2 authenticated encryption with a detached header
|
||||||
|
wiped the header device instead of dm-integrity data device area (causing
|
||||||
|
unnecessary LUKS2 header auto recovery).
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Oct 30 09:55:50 UTC 2018 - lnussel@suse.de
|
||||||
|
|
||||||
|
- make parallell installable version for SLE12
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Aug 21 07:40:54 UTC 2018 - lnussel@suse.de
|
Tue Aug 21 07:40:54 UTC 2018 - lnussel@suse.de
|
||||||
|
|
||||||
|
@ -17,8 +17,12 @@
|
|||||||
|
|
||||||
|
|
||||||
%define so_ver 12
|
%define so_ver 12
|
||||||
|
%if 0%{?is_backports}
|
||||||
|
Name: cryptsetup2
|
||||||
|
%else
|
||||||
Name: cryptsetup
|
Name: cryptsetup
|
||||||
Version: 2.0.4
|
%endif
|
||||||
|
Version: 2.0.5
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Set Up dm-crypt Based Encrypted Block Devices
|
Summary: Set Up dm-crypt Based Encrypted Block Devices
|
||||||
License: SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later
|
License: SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later
|
||||||
@ -28,7 +32,7 @@ Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetu
|
|||||||
# GPG signature of the uncompressed tarball.
|
# GPG signature of the uncompressed tarball.
|
||||||
Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{version}.tar.sign
|
Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{version}.tar.sign
|
||||||
Source2: baselibs.conf
|
Source2: baselibs.conf
|
||||||
Source3: %{name}.keyring
|
Source3: cryptsetup.keyring
|
||||||
BuildRequires: device-mapper-devel
|
BuildRequires: device-mapper-devel
|
||||||
BuildRequires: fipscheck
|
BuildRequires: fipscheck
|
||||||
BuildRequires: fipscheck-devel
|
BuildRequires: fipscheck-devel
|
||||||
@ -44,6 +48,11 @@ BuildRequires: popt-devel
|
|||||||
BuildRequires: suse-module-tools
|
BuildRequires: suse-module-tools
|
||||||
BuildRequires: pkgconfig(blkid)
|
BuildRequires: pkgconfig(blkid)
|
||||||
BuildRequires: pkgconfig(libargon2)
|
BuildRequires: pkgconfig(libargon2)
|
||||||
|
%if 0%{?is_backports}
|
||||||
|
BuildRequires: autoconf
|
||||||
|
BuildRequires: automake
|
||||||
|
BuildRequires: libtool
|
||||||
|
%endif
|
||||||
Requires(post): coreutils
|
Requires(post): coreutils
|
||||||
Requires(postun): coreutils
|
Requires(postun): coreutils
|
||||||
|
|
||||||
@ -57,6 +66,7 @@ time via the config file %{_sysconfdir}/crypttab.
|
|||||||
%package -n libcryptsetup%{so_ver}
|
%package -n libcryptsetup%{so_ver}
|
||||||
Summary: Set Up dm-crypt Based Encrypted Block Devices
|
Summary: Set Up dm-crypt Based Encrypted Block Devices
|
||||||
Group: System/Libraries
|
Group: System/Libraries
|
||||||
|
Suggests: libcryptsetup%{so_ver}-hmac
|
||||||
|
|
||||||
%description -n libcryptsetup%{so_ver}
|
%description -n libcryptsetup%{so_ver}
|
||||||
cryptsetup is used to conveniently set up dm-crypt based device-mapper
|
cryptsetup is used to conveniently set up dm-crypt based device-mapper
|
||||||
@ -73,7 +83,7 @@ Group: System/Base
|
|||||||
This package contains HMAC checksums for integrity checking of libcryptsetup4,
|
This package contains HMAC checksums for integrity checking of libcryptsetup4,
|
||||||
used for FIPS.
|
used for FIPS.
|
||||||
|
|
||||||
%package -n libcryptsetup-devel
|
%package -n lib%{name}-devel
|
||||||
Summary: Set Up dm-crypt Based Encrypted Block Devices
|
Summary: Set Up dm-crypt Based Encrypted Block Devices
|
||||||
Group: Development/Libraries/C and C++
|
Group: Development/Libraries/C and C++
|
||||||
Requires: glibc-devel
|
Requires: glibc-devel
|
||||||
@ -81,8 +91,12 @@ Requires: libcryptsetup%{so_ver} = %{version}
|
|||||||
# cryptsetup-devel last used 11.1
|
# cryptsetup-devel last used 11.1
|
||||||
Provides: cryptsetup-devel = %{version}
|
Provides: cryptsetup-devel = %{version}
|
||||||
Obsoletes: cryptsetup-devel < %{version}
|
Obsoletes: cryptsetup-devel < %{version}
|
||||||
|
%if 0%{?is_backports}
|
||||||
|
# have to conflict with main package that is in SLE
|
||||||
|
Conflicts: cryptsetup-devel < %{version}
|
||||||
|
%endif
|
||||||
|
|
||||||
%description -n libcryptsetup-devel
|
%description -n lib%{name}-devel
|
||||||
cryptsetup is used to conveniently set up dm-crypt based device-mapper
|
cryptsetup is used to conveniently set up dm-crypt based device-mapper
|
||||||
targets. It allows to set up targets to read cryptoloop compatible
|
targets. It allows to set up targets to read cryptoloop compatible
|
||||||
volumes as well as LUKS formatted ones. The package additionally
|
volumes as well as LUKS formatted ones. The package additionally
|
||||||
@ -90,7 +104,11 @@ includes support for automatically setting up encrypted volumes at boot
|
|||||||
time via the config file %{_sysconfdir}/crypttab.
|
time via the config file %{_sysconfdir}/crypttab.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -n cryptsetup-%{version} -q
|
||||||
|
%if 0%{?is_backports}
|
||||||
|
sed -i -e '/AC_INIT/s/cryptsetup/cryptsetup2/' configure.ac
|
||||||
|
autoreconf -f -i
|
||||||
|
%endif
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure \
|
%configure \
|
||||||
@ -114,58 +132,53 @@ make %{?_smp_mflags} V=1
|
|||||||
%{nil}
|
%{nil}
|
||||||
|
|
||||||
%make_install
|
%make_install
|
||||||
|
%if 0%{?is_backports}
|
||||||
|
# need to rename a files to avoid file conflict
|
||||||
|
for i in cryptsetup integritysetup veritysetup cryptsetup-reencrypt; do
|
||||||
|
mv %{buildroot}%{_sbindir}/$i %{buildroot}%{_sbindir}/${i}2
|
||||||
|
mv %{buildroot}%{_mandir}/man8/$i.8 %{buildroot}%{_mandir}/man8/${i}2.8
|
||||||
|
done
|
||||||
|
rm -f %{buildroot}%{_tmpfilesdir}/cryptsetup.conf
|
||||||
|
%endif
|
||||||
install -dm 0755 %{buildroot}/sbin
|
install -dm 0755 %{buildroot}/sbin
|
||||||
ln -s ..%{_sbindir}/cryptsetup %{buildroot}/sbin
|
ln -s ..%{_sbindir}/cryptsetup%{?is_backports:2} %{buildroot}/sbin
|
||||||
# don't want this file in /lib (FHS compat check), and can't move it to /usr/lib
|
# don't want this file in /lib (FHS compat check), and can't move it to /usr/lib
|
||||||
find %{buildroot} -type f -name "*.la" -delete -print
|
find %{buildroot} -type f -name "*.la" -delete -print
|
||||||
#
|
#
|
||||||
%find_lang %{name} --all-name
|
%find_lang %{name} --all-name
|
||||||
|
|
||||||
|
%if !0%{?is_backports}
|
||||||
|
#
|
||||||
%post
|
%post
|
||||||
test -n "$FIRST_ARG" || FIRST_ARG="$1"
|
|
||||||
#
|
|
||||||
# convert noauto to nofail and turn on fsck (bnc#724113)
|
|
||||||
#
|
|
||||||
marker="%{_localstatedir}/adm/crypsetup.fstab.noauto_converted"
|
|
||||||
if [ "$FIRST_ARG" -gt 1 -a ! -e "$marker" ]; then
|
|
||||||
echo "updating %{_sysconfdir}/fstab ... "
|
|
||||||
tmpfstab="%{_sysconfdir}/fstab.cryptsetup.$$"
|
|
||||||
sed -e '/^\/dev\/mapper\/cr_.*,noauto\s/{s/,noauto\(\s\)/,nofail\1/;s/ 0 0$/ 0 2/}' < %{_sysconfdir}/fstab > "$tmpfstab"
|
|
||||||
if diff -u0 %{_sysconfdir}/fstab "$tmpfstab"; then
|
|
||||||
echo "no change"
|
|
||||||
rm -f "$tmpfstab"
|
|
||||||
> "$marker"
|
|
||||||
else
|
|
||||||
cp "$tmpfstab" "$marker"
|
|
||||||
mv "$tmpfstab" %{_sysconfdir}/fstab
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
%{?regenerate_initrd_post}
|
%{?regenerate_initrd_post}
|
||||||
%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
|
%tmpfiles_create %{_tmpfilesdir}/cryptsetup.conf
|
||||||
|
|
||||||
%postun
|
%postun
|
||||||
%{?regenerate_initrd_post}
|
%{?regenerate_initrd_post}
|
||||||
|
|
||||||
%posttrans
|
%posttrans
|
||||||
%{?regenerate_initrd_posttrans}
|
%{?regenerate_initrd_posttrans}
|
||||||
|
#
|
||||||
|
%endif
|
||||||
|
|
||||||
%post -n libcryptsetup%{so_ver} -p /sbin/ldconfig
|
%post -n libcryptsetup%{so_ver} -p /sbin/ldconfig
|
||||||
%postun -n libcryptsetup%{so_ver} -p /sbin/ldconfig
|
%postun -n libcryptsetup%{so_ver} -p /sbin/ldconfig
|
||||||
|
|
||||||
%files -f %{name}.lang
|
%files -f %{name}.lang
|
||||||
%doc AUTHORS COPYING* FAQ README TODO docs/ChangeLog.old docs/*ReleaseNotes
|
%doc AUTHORS COPYING* FAQ README TODO docs/ChangeLog.old docs/*ReleaseNotes
|
||||||
/sbin/cryptsetup
|
/sbin/cryptsetup%{?is_backports:2}
|
||||||
%{_sbindir}/cryptsetup
|
%{_sbindir}/cryptsetup%{?is_backports:2}
|
||||||
%{_sbindir}/veritysetup
|
%{_sbindir}/veritysetup%{?is_backports:2}
|
||||||
%{_sbindir}/integritysetup
|
%{_sbindir}/integritysetup%{?is_backports:2}
|
||||||
%{_sbindir}/cryptsetup-reencrypt
|
%{_sbindir}/cryptsetup-reencrypt%{?is_backports:2}
|
||||||
%{_mandir}/man8/cryptsetup.8%{ext_man}
|
%{_mandir}/man8/cryptsetup%{?is_backports:2}.8%{ext_man}
|
||||||
%{_mandir}/man8/cryptsetup-reencrypt.8%{ext_man}
|
%{_mandir}/man8/cryptsetup-reencrypt%{?is_backports:2}.8%{ext_man}
|
||||||
%{_mandir}/man8/veritysetup.8%{ext_man}
|
%{_mandir}/man8/veritysetup%{?is_backports:2}.8%{ext_man}
|
||||||
%{_mandir}/man8/integritysetup.8%{ext_man}
|
%{_mandir}/man8/integritysetup%{?is_backports:2}.8%{ext_man}
|
||||||
|
%if !0%{?is_backports}
|
||||||
%{_tmpfilesdir}/cryptsetup.conf
|
%{_tmpfilesdir}/cryptsetup.conf
|
||||||
%ghost %dir /run/cryptsetup
|
%ghost %dir /run/cryptsetup
|
||||||
|
%endif
|
||||||
|
|
||||||
%files -n libcryptsetup%{so_ver}
|
%files -n libcryptsetup%{so_ver}
|
||||||
%{_libdir}/libcryptsetup.so.%{so_ver}*
|
%{_libdir}/libcryptsetup.so.%{so_ver}*
|
||||||
@ -173,7 +186,7 @@ fi
|
|||||||
%files -n libcryptsetup%{so_ver}-hmac
|
%files -n libcryptsetup%{so_ver}-hmac
|
||||||
%{_libdir}/.libcryptsetup.so.%{so_ver}*hmac
|
%{_libdir}/.libcryptsetup.so.%{so_ver}*hmac
|
||||||
|
|
||||||
%files -n libcryptsetup-devel
|
%files -n lib%{name}-devel
|
||||||
%doc docs/examples/
|
%doc docs/examples/
|
||||||
%{_includedir}/libcryptsetup.h
|
%{_includedir}/libcryptsetup.h
|
||||||
%{_libdir}/libcryptsetup.so
|
%{_libdir}/libcryptsetup.so
|
||||||
|
Loading…
Reference in New Issue
Block a user