SHA256
1
0
forked from pool/cryptsetup

Accepting request 832026 from home:lnussel:branches:security

- Update to 2.3.4:
  * Fix a possible out-of-bounds memory write while validating LUKS2 data
    segments metadata (CVE-2020-14382, boo#1176128).
  * Ignore reported optimal IO size if not aligned to minimal page size.
  * Added support for new no_read/write_wrokqueue dm-crypt options (kernel 5.9).
  * Added support panic_on_corruption option for dm-verity devices (kernel 5.9).
  * Support --master-key-file option for online LUKS2 reencryption
  * Always return EEXIST error code if a device already exists.
  * Fix a problem in integritysetup if a hash algorithm has dash in the name.
  * Fix crypto backend to properly handle ECB mode.
  * TrueCrypt/VeraCrypt compatible mode now supports the activation of devices
    with a larger sector.
  * LUKS2: Do not create excessively large headers.
  * Fix unspecified sector size for BitLocker compatible mode.
  * Fix reading key data size in metadata for BitLocker compatible mode.

OBS-URL: https://build.opensuse.org/request/show/832026
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=160
This commit is contained in:
Ludwig Nussel 2020-09-04 08:13:03 +00:00 committed by Git OBS Bridge
parent 91d92afad9
commit d9929bafef
6 changed files with 39 additions and 20 deletions

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAl7PhzwACgkQ2bBXe9k+
mPztcBAA02gb3E1NpUBKW/MfAPJzGOat7paq0TjMFwINFiBqG8R/fTzeu310Urdr
87otqMHZuOcJB326+1hTagqBD4R2PcehFOGOEST4OLu0IesNles6acAryw6CRpX+
+SwGyHGJtlCwP3ciYDP8aNief4B5+A/QR1JD5gw0H9rJBgVnMd1nrnSileUDZwdh
Z5TVwbZ6MTxx+XoAEktRS4/zBtv5s1jHDtaXpqkvtwW4KB7aiuUxTLa7Y4ucj3BR
X6MuFWNdeBonFI+6sDsvOFVrr0tXEeb1RmgwvY6QidsRGsqihhvxOput35jSZBGL
37kw/xNSwJ3pa+mhIvsmssy5rDJ/1fO29TA4RUS721HGBG9+xayC3q3pnHGCFz6U
v0OooIHl05I1R85RntDfcdtmHxIhlr5LqflwdHwzLVwt7DjzUHShPiHOgJe6iXTN
3jQ9GwpWjxRM8ToWPvnKx752AAydAsn+jzDsAj58eIABEvta4gjRZm4BdD5uJnO3
BwhDDkcpj5GvGoC5lNpkCsttTCYbCc7f8s4vos7xLkRXi7wEhT/W/TIi93qVzil9
4ZRFHj91XSyac4ULt4wUK4iqZ5+2OfbNIZvDkGo1pMTKKB1MLzBve3bUr0Fz07qE
x0R+ELOSuNtQV4Obb0kDI+Ds5e80NMb5qFgebuG3bp5GNrXwE2E=
=DJUj
-----END PGP SIGNATURE-----

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3bca4ffe39e2f94cef50f6ea65acb873a6dbce5db34fc6bcefe38b6d095e82df
size 11104768

16
cryptsetup-2.3.4.tar.sign Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAl9RNsoACgkQ2bBXe9k+
mPxlkg//RvvQ8uWvw9hKtKAz4Q0ZEbprzFVIGpXprYzDcf5HE2vFMsg3OZ+RAUss
RmBk4HRZDH7nboFa+D3gUAFiqqwJvBIEce6jjKu7IQM86lbnwlH4Uu9UWz/hiOCt
wDDfCE96aso8D9ZKQBNrrMmIuJ0kSbQ8PoIvmmVtjcGNhtKna7KV/i+9xbdEaePl
Piu0SO0ZtMBtBribgfsZHuOuuHLYgPA7mfZ1Xwq6hOMw9qjFSDGwmeldyTbP7mM6
0L7daWn8UJIYhi9BABtpqEC+4ISs7An0bJ3w64k+6hUq7o33sq++gR2qbjIq7rVz
wX1S6VP8Y4dwZY9HRW7GrDsrLg6c5ynAfmEoCPhYRTbkQ1ft9fXRjk06GrDg+9A8
kKY2m+4rSOoj0hZq+TeWjWNRibwEaUAxf71Dpv7FjYMLr5lpZD9+1GfXxsm5EJMV
O3XwLgwSqypl5rYoQo+ebgpPUqJsxTNg2Uu5dT4oUI8UcTO+5gw5/vTbwBL0a13z
iDlWgSQ267WP0t1Ipsfmfa6RAWLlykmLMt3eBjxhi0UIGRiUfVlS2++Tvm1xBHXa
9ufCYLmiqtjIH82+03pWsfmZ+gTFRHC3TI9H3aZTGqGptG9rrHSvgLMhPTvxhTX9
FfdZxSY6ZVkatpeyUhSKNtrqPPEoShax/erIvj0d/uaT0BgFA3M=
=NBdh
-----END PGP SIGNATURE-----

3
cryptsetup-2.3.4.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9d16eebb96b53b514778e813019b8dd15fea9fec5aafde9fae5febf59df83773
size 11114004

View File

@ -1,3 +1,22 @@
-------------------------------------------------------------------
Fri Sep 4 09:49:31 CEST 2020 - Ludwig Nussel <lnussel@suse.de>
- Update to 2.3.4:
* Fix a possible out-of-bounds memory write while validating LUKS2 data
segments metadata (CVE-2020-14382, boo#1176128).
* Ignore reported optimal IO size if not aligned to minimal page size.
* Added support for new no_read/write_wrokqueue dm-crypt options (kernel 5.9).
* Added support panic_on_corruption option for dm-verity devices (kernel 5.9).
* Support --master-key-file option for online LUKS2 reencryption
* Always return EEXIST error code if a device already exists.
* Fix a problem in integritysetup if a hash algorithm has dash in the name.
* Fix crypto backend to properly handle ECB mode.
* TrueCrypt/VeraCrypt compatible mode now supports the activation of devices
with a larger sector.
* LUKS2: Do not create excessively large headers.
* Fix unspecified sector size for BitLocker compatible mode.
* Fix reading key data size in metadata for BitLocker compatible mode.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu May 28 18:43:29 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de> Thu May 28 18:43:29 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>

View File

@ -22,7 +22,7 @@ Name: cryptsetup2
%else %else
Name: cryptsetup Name: cryptsetup
%endif %endif
Version: 2.3.3 Version: 2.3.4
Release: 0 Release: 0
Summary: Setup program for dm-crypt Based Encrypted Block Devices Summary: Setup program for dm-crypt Based Encrypted Block Devices
License: SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later License: SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later