SHA256
1
0
forked from pool/cryptsetup

Accepting request 329788 from home:adra:branches:security

Update to 1.6.8

OBS-URL: https://build.opensuse.org/request/show/329788
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=124
This commit is contained in:
Ludwig Nussel 2015-10-12 09:14:03 +00:00 committed by Git OBS Bridge
parent 2ebbcc2226
commit ce789c545b
6 changed files with 56 additions and 24 deletions

View File

@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIbBAABCAAGBQJVEE3fAAoJENmwV3vZPpj8ql4P9ijvmO15ur4wpcGFkNYyzfuA
Y17yaTT6Nde8cGLUCpw7rPBoxL/b4ZArJnNk9UP73MyycxfVijaX5XxxoQbpL8n0
cn1vdXTFzqXGBTJkjO0uQor1szQbvaz7xbk7LeBgG+j/zZGRa/0AKs42qvTaWzHu
G50AqksMGFV1ih+d4wYdD+AqcUf6h+1HQRjq/DqEurg1EHQ+iMqem1htvrzTq8+V
ym3xHM+JxJ04syzPb92VntSmyfX6ztmh+61cflQiOrIbTw+MFeGmYMOTufkWmQFi
gFC+7mXTjO1YkmN+RFYZ52WY3shk3BLhAXT/pFlGFjwfHqrvFgfj+Iu9STVs2du2
LLa+xF5yxaKyHHKkw2wn7edeepzfwSp0+lmDy8B0SGXh5wGNreNSX3IMAdJeJztM
7EyJa5JUSMfKWPHzy1gGYZRN/NQGGqG3c1+Sw5hy/ukFtLC4DSu5OtJNOt2c8MNw
+XPXh+Ssy+ma9e0E+pnmRYQ/nY2BWuN/gFB5Gvr08d4hifP9+LzI+bgQx4gNjB5Y
9py0moXVOxn/TICXSFgjDmvYgw7BZRVtaHFfkiKA5DrBeS07MROKzL59ykiuU7HW
HvCs3icShV+oSt79bMa7E+QhKRsBicS30QyLecttHkxbLxSg55qFpMa7m8+6VG2Y
LsfZNLwWJmf8jU9YUY0=
=jDZw
-----END PGP SIGNATURE-----

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c23c24c8d662032da8650c1c84985221be8bbedf4737c1540bba7e4517dfe820
size 1188876

17
cryptsetup-1.6.8.tar.sign Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJV7r+oAAoJENmwV3vZPpj8KEsP/2BTTiaXCzwvqupSAo7dFpET
Tugtc99Nzrv8Yc4nNvboxXSD7/TOZYAEWz787KPANJo3Ks46F3BB9KjeqRxhnGAX
+Ce9wi8ufdjECSZjNDxl5tcJrmrmftAgBbZhPIaYE7wZuxF71Cl769XHdgVvSV2w
pyGbiqXdcnMVw1q4npndZNsVoMZ4vB1bEfz8AAgC6idF/yiAw2tI7VjUZfrNDd0b
mc6IOmDslyGxA1565w/HSiZqxqaZTsVGfwfluxTwpu+Du9eMHeViJV/4Z1Aka5lF
wNxnJZro9UlGkRCWXR6zZYXPrHEHGaNlwObUpWcfHSLNTP9ulgPY0tkVnXuY7uom
JGtGCdVPsqxCaBg8fd+QQRbPZqrIZGw+wgjikqTs9gnd+LdUBxHDuseRuE+mkk0w
cZW2RQf9f4nYj7LUvLuY0NBQ9brHsrU/IqjWQWnPrzmdCh2pdnb6UmOyWH0dcYcB
ldReYWbbCBO132QZuT53VJv/c4XATnEQLIgOaT3AUddVUAEvkNephesN1/rjuAKG
OwTVelvo4gp0ncYPZiQHzkVe5mTt/7JVyuXYDO/tnm4JYn9ZFQj00ZoGTeywWAGR
5xNH7Gjo8JGNm9oI358jfQw6zLBWn3FdyDgoxxvupNC6wi/O+7Gb86PxyMFn7Lii
sF1YN0no4oN+OyCDU17N
=apNw
-----END PGP SIGNATURE-----

3
cryptsetup-1.6.8.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:45a6ccd3c65b7d904e58e1cb3656a7e997190b6a05b5ff7c6887e4a41c5f19bc
size 1221232

View File

@ -1,3 +1,35 @@
-------------------------------------------------------------------
Tue Sep 8 20:19:34 UTC 2015 - asterios.dramis@gmail.com
- Update to 1.6.8
* If the null cipher (no encryption) is used, allow only empty
password for LUKS. (Previously cryptsetup accepted any password
in this case.)
The null cipher can be used only for testing and it is used
temporarily during offline encrypting not yet encrypted device
(cryptsetup-reencrypt tool).
Accepting only empty password prevents situation when someone
adds another LUKS device using the same UUID (UUID of existing
LUKS device) with faked header containing null cipher.
This could force user to use different LUKS device (with no
encryption) without noticing.
(IOW it prevents situation when attacker intentionally forces
user to boot into different system just by LUKS header
manipulation.)
Properly configured systems should have an additional integrity
protection in place here (LUKS here provides only
confidentiality) but it is better to not allow this situation
in the first place.
(For more info see QubesOS Security Bulletin QSB-019-2015.)
* Properly support stdin "-" handling for luksAddKey for both new
and old keyfile parameters.
* If encrypted device is file-backed (it uses underlying loop
device), cryptsetup resize will try to resize underlying loop
device as well. (It can be used to grow up file-backed device
in one step.)
* Cryptsetup now allows to use empty password through stdin pipe.
(Intended only for testing in scripts.)
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Apr 12 18:45:26 UTC 2015 - crrodriguez@opensuse.org Sun Apr 12 18:45:26 UTC 2015 - crrodriguez@opensuse.org

View File

@ -18,12 +18,12 @@
%define so_ver 4 %define so_ver 4
Name: cryptsetup Name: cryptsetup
Version: 1.6.7 Version: 1.6.8
Release: 0 Release: 0
Summary: Set Up dm-crypt Based Encrypted Block Devices Summary: Set Up dm-crypt Based Encrypted Block Devices
License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+ License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+
Group: System/Base Group: System/Base
Url: http://code.google.com/p/cryptsetup/ Url: https://gitlab.com/cryptsetup/cryptsetup/
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-%{version}.tar.xz Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-%{version}.tar.xz
# GPG signature of the uncompressed tarball. # GPG signature of the uncompressed tarball.
Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-%{version}.tar.sign Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-%{version}.tar.sign
@ -61,11 +61,11 @@ volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot includes support for automatically setting up encrypted volumes at boot
time via the config file %{_sysconfdir}/crypttab. time via the config file %{_sysconfdir}/crypttab.
%package -n libcryptsetup4-hmac %package -n libcryptsetup%{so_ver}-hmac
Summary: Checksums for libcryptsetup4 Summary: Checksums for libcryptsetup4
Group: System/Base Group: System/Base
%description -n libcryptsetup4-hmac %description -n libcryptsetup%{so_ver}-hmac
This package contains HMAC checksums for integrity checking of libcryptsetup4, This package contains HMAC checksums for integrity checking of libcryptsetup4,
used for FIPS. used for FIPS.