Accepting request 832026 from home:lnussel:branches:security

- Update to 2.3.4: * Fix a possible out-of-bounds memory write while validating LUKS2 data segments metadata (CVE-2020-14382, boo#1176128). * Ignore reported optimal IO size if not aligned to minimal page size. * Added support for new no_read/write_wrokqueue dm-crypt options (kernel 5.9). * Added support panic_on_corruption option for dm-verity devices (kernel 5.9). * Support --master-key-file option for online LUKS2 reencryption * Always return EEXIST error code if a device already exists. * Fix a problem in integritysetup if a hash algorithm has dash in the name. * Fix crypto backend to properly handle ECB mode. * TrueCrypt/VeraCrypt compatible mode now supports the activation of devices with a larger sector. * LUKS2: Do not create excessively large headers. * Fix unspecified sector size for BitLocker compatible mode. * Fix reading key data size in metadata for BitLocker compatible mode. OBS-URL: https://build.opensuse.org/request/show/832026 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=160
2020-09-04 08:13:03 +00:00 · 2020-09-04 08:13:03 +00:00 · d9929bafef
commit d9929bafef
parent 91d92afad9
6 changed files with 39 additions and 20 deletions
--- a/cryptsetup-2.3.3.tar.sign
+++ b/cryptsetup-2.3.3.tar.sign
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAl7PhzwACgkQ2bBXe9k+
-mPztcBAA02gb3E1NpUBKW/MfAPJzGOat7paq0TjMFwINFiBqG8R/fTzeu310Urdr
-87otqMHZuOcJB326+1hTagqBD4R2PcehFOGOEST4OLu0IesNles6acAryw6CRpX+
-+SwGyHGJtlCwP3ciYDP8aNief4B5+A/QR1JD5gw0H9rJBgVnMd1nrnSileUDZwdh
-Z5TVwbZ6MTxx+XoAEktRS4/zBtv5s1jHDtaXpqkvtwW4KB7aiuUxTLa7Y4ucj3BR
-X6MuFWNdeBonFI+6sDsvOFVrr0tXEeb1RmgwvY6QidsRGsqihhvxOput35jSZBGL
-37kw/xNSwJ3pa+mhIvsmssy5rDJ/1fO29TA4RUS721HGBG9+xayC3q3pnHGCFz6U
-v0OooIHl05I1R85RntDfcdtmHxIhlr5LqflwdHwzLVwt7DjzUHShPiHOgJe6iXTN
-3jQ9GwpWjxRM8ToWPvnKx752AAydAsn+jzDsAj58eIABEvta4gjRZm4BdD5uJnO3
-BwhDDkcpj5GvGoC5lNpkCsttTCYbCc7f8s4vos7xLkRXi7wEhT/W/TIi93qVzil9
-4ZRFHj91XSyac4ULt4wUK4iqZ5+2OfbNIZvDkGo1pMTKKB1MLzBve3bUr0Fz07qE
-x0R+ELOSuNtQV4Obb0kDI+Ds5e80NMb5qFgebuG3bp5GNrXwE2E=
-=DJUj
-----END PGP SIGNATURE-----
--- a/cryptsetup-2.3.3.tar.xz
+++ b/cryptsetup-2.3.3.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3bca4ffe39e2f94cef50f6ea65acb873a6dbce5db34fc6bcefe38b6d095e82df
-size 11104768
--- a/cryptsetup-2.3.4.tar.sign
+++ b/cryptsetup-2.3.4.tar.sign
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAl9RNsoACgkQ2bBXe9k+
+mPxlkg//RvvQ8uWvw9hKtKAz4Q0ZEbprzFVIGpXprYzDcf5HE2vFMsg3OZ+RAUss
+RmBk4HRZDH7nboFa+D3gUAFiqqwJvBIEce6jjKu7IQM86lbnwlH4Uu9UWz/hiOCt
+wDDfCE96aso8D9ZKQBNrrMmIuJ0kSbQ8PoIvmmVtjcGNhtKna7KV/i+9xbdEaePl
+Piu0SO0ZtMBtBribgfsZHuOuuHLYgPA7mfZ1Xwq6hOMw9qjFSDGwmeldyTbP7mM6
+0L7daWn8UJIYhi9BABtpqEC+4ISs7An0bJ3w64k+6hUq7o33sq++gR2qbjIq7rVz
+wX1S6VP8Y4dwZY9HRW7GrDsrLg6c5ynAfmEoCPhYRTbkQ1ft9fXRjk06GrDg+9A8
+kKY2m+4rSOoj0hZq+TeWjWNRibwEaUAxf71Dpv7FjYMLr5lpZD9+1GfXxsm5EJMV
+O3XwLgwSqypl5rYoQo+ebgpPUqJsxTNg2Uu5dT4oUI8UcTO+5gw5/vTbwBL0a13z
+iDlWgSQ267WP0t1Ipsfmfa6RAWLlykmLMt3eBjxhi0UIGRiUfVlS2++Tvm1xBHXa
+9ufCYLmiqtjIH82+03pWsfmZ+gTFRHC3TI9H3aZTGqGptG9rrHSvgLMhPTvxhTX9
+FfdZxSY6ZVkatpeyUhSKNtrqPPEoShax/erIvj0d/uaT0BgFA3M=
+=NBdh
+-----END PGP SIGNATURE-----
--- a/cryptsetup-2.3.4.tar.xz
+++ b/cryptsetup-2.3.4.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9d16eebb96b53b514778e813019b8dd15fea9fec5aafde9fae5febf59df83773
+size 11114004
--- a/cryptsetup.changes
+++ b/cryptsetup.changes
@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Fri Sep  4 09:49:31 CEST 2020 - Ludwig Nussel <lnussel@suse.de>
+
+- Update to 2.3.4:
+  * Fix a possible out-of-bounds memory write while validating LUKS2 data
+    segments metadata (CVE-2020-14382, boo#1176128).
+  * Ignore reported optimal IO size if not aligned to minimal page size.
+  * Added support for new no_read/write_wrokqueue dm-crypt options (kernel 5.9).
+  * Added support panic_on_corruption option for dm-verity devices (kernel 5.9).
+  * Support --master-key-file option for online LUKS2 reencryption
+  * Always return EEXIST error code if a device already exists.
+  * Fix a problem in integritysetup if a hash algorithm has dash in the name.
+  * Fix crypto backend to properly handle ECB mode.
+  * TrueCrypt/VeraCrypt compatible mode now supports the activation of devices
+    with a larger sector.
+  * LUKS2: Do not create excessively large headers.
+  * Fix unspecified sector size for BitLocker compatible mode.
+  * Fix reading key data size in metadata for BitLocker compatible mode.
+
 -------------------------------------------------------------------
 Thu May 28 18:43:29 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>

--- a/cryptsetup.spec
+++ b/cryptsetup.spec
@ -22,7 +22,7 @@ Name:           cryptsetup2
 %else
 Name:           cryptsetup
 %endif
-Version:        2.3.3
+Version:        2.3.4
 Release:        0
 Summary:        Setup program for dm-crypt Based Encrypted Block Devices
 License:        SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later