SHA256
1
0
forked from pool/cryptsetup
Commit Graph

118 Commits

Author SHA256 Message Date
Alexander Naumov
5b2dc6e33d Accepting request 422113 from home:Alexander_Naumov:branches:security
Update to version 1.7.2

OBS-URL: https://build.opensuse.org/request/show/422113
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=130
2016-08-26 11:48:47 +00:00
4f8e236159 Accepting request 352690 from home:benoit_monin:branches:security
update to 1.7.0

OBS-URL: https://build.opensuse.org/request/show/352690
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=128
2016-02-02 11:57:35 +00:00
36e909287e Accepting request 349019 from home:tiwai:branches:security
- Fix missing dependency on coreutils for initrd macros (boo#958562)
- Call missing initrd macro at postun (boo#958562)

OBS-URL: https://build.opensuse.org/request/show/349019
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=126
2015-12-21 11:53:09 +00:00
ce789c545b Accepting request 329788 from home:adra:branches:security
Update to 1.6.8

OBS-URL: https://build.opensuse.org/request/show/329788
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=124
2015-10-12 09:14:03 +00:00
2ebbcc2226 Accepting request 295595 from home:elvigia:branches:security
- Enable verbose build log. 

- regenerate the initrd if cryptsetup tool changes
  (wanted by 90crypt dracut module)

OBS-URL: https://build.opensuse.org/request/show/295595
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=122
2015-04-13 09:46:51 +00:00
da8c646220 Accepting request 294152 from home:pluskalm:branches:security
- Update to 1.6.7

OBS-URL: https://build.opensuse.org/request/show/294152
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=120
2015-04-08 12:54:34 +00:00
245087ea13 Accepting request 249180 from home:adra:branches:security
version 1.6.6

OBS-URL: https://build.opensuse.org/request/show/249180
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=118
2014-09-15 09:54:57 +00:00
a823d6ea4c Accepting request 245748 from home:msmeissn:branches:security
- Use --enable-gcrypt-pbkdf2 to use the PBKDFv2 method from libgcrypt.

OBS-URL: https://build.opensuse.org/request/show/245748
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=116
2014-08-26 06:33:53 +00:00
9d75fbda81 Accepting request 244369 from home:adra:branches:security
version 1.6.5, Updated build requirements

OBS-URL: https://build.opensuse.org/request/show/244369
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=114
2014-08-13 07:59:19 +00:00
110c3d1016 Accepting request 244329 from home:msmeissn:branches:security
- libcryptsetup4-hmac split off contain the hmac for FIPS certification

OBS-URL: https://build.opensuse.org/request/show/244329
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=113
2014-08-12 13:38:20 +00:00
5c09e34343 Accepting request 235564 from home:msmeissn:branches:security
- version 1.6.4
  - new tarball / signature location
  * Implement new erase (with alias luksErase) command.
  * Add internal "whirlpool_gcryptbug hash" for accessing flawed
    Whirlpool hash in gcrypt (requires gcrypt 1.6.1 or above).
  * Allow to use --disable-gcrypt-pbkdf2 during configuration
    to force use internal PBKDF2 code.
  * Require gcrypt 1.6.1 for imported implementation of PBKDF2
    (PBKDF2 in gcrypt 1.6.0 is too slow).
  * Add --keep-key to cryptsetup-reencrypt.
  * By default verify new passphrase in luksChangeKey and luksAddKey
    commands (if input is from terminal).
  * Fix memory leak in Nettle crypto backend.
  * Support --tries option even for TCRYPT devices in cryptsetup.
  * Support --allow-discards option even for TCRYPT devices.
    (Note that this could destroy hidden volume and it is not suggested
    by original TrueCrypt security model.)
  * Link against -lrt for clock_gettime to fix undefined reference
    to clock_gettime error (introduced in 1.6.2).
  * Fix misleading error message when some algorithms are not available.
  * Count system time in PBKDF2 benchmark if kernel returns no self
    usage info.

OBS-URL: https://build.opensuse.org/request/show/235564
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=111
2014-07-08 11:55:23 +00:00
a5a193c2f7 Accepting request 231181 from home:dirkmueller:branches:security
- remove dependency on gpg-offline (source_validator already
  checks for gpg integrity)

OBS-URL: https://build.opensuse.org/request/show/231181
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=109
2014-04-23 16:25:27 +00:00
7d203f1cbd Accepting request 210973 from home:elvigia:branches:security
- version 1.6.3 
* Fix cryptsetup reencryption tool to work properly 
  with devices using 4kB sectors.
* Rewrite cipher benchmark loop which was unreliable on very fast machines.
* Support activation of old TrueCrypt containers (requires kernel 3.13)
* Other bugfixes.

OBS-URL: https://build.opensuse.org/request/show/210973
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=107
2013-12-18 07:35:57 +00:00
97c0fc2e1f Accepting request 185875 from home:elvigia:branches:security
- cryptsetup 1.6.2
* Print error and fail if more device arguments 
  are present for isLuks command.
* Fix cipher specification string parsing 
(found by gcc -fsanitize=address option).
* Try to map TCRYPT system encryption through partitions
* Workaround for some recent changes in automake

OBS-URL: https://build.opensuse.org/request/show/185875
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=105
2013-08-26 08:24:57 +00:00
Dr. Werner Fink
ba19ad260a Accepting request 181807 from home:elvigia:branches:security
- cryptsetup 1.6.1
 * Fix loop-AES keyfile parsing.
 * Fix passphrase pool overflow for too long TCRYPT passphrase.
 * Fix deactivation of device when failed underlying node disappeared.
- There is a bug in the released tarball, due to HAVE_BYTESWAP_H
  and HAVE_ENDIAN_H not properly handled by the buildsystem. A
  patch with permanent solution was sent and accepted upstream
  and will appear in the next release, for now an spec file workaround
  is in place, remove in the next update.

OBS-URL: https://build.opensuse.org/request/show/181807
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=103
2013-07-02 20:45:10 +00:00
Philipp Thomas
7b820e0fc0 Accepting request 160813 from home:jengelh:branches:security
- Remove excessive dependencies of libcryptsetup-devel
  (it does not require any of these)
- Mark 2.6.38 as needed

N.B.: You can now use the tilde syntax when procuring beta versions
in future, e.g. "Version: 2.0~beta1"

OBS-URL: https://build.opensuse.org/request/show/160813
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=101
2013-03-26 11:48:10 +00:00
8d29697e3f Accepting request 159200 from home:lnussel:branches:security
- version 1.6.0
 * Change LUKS default cipher to to use XTS encryption mode,
   aes-xts-plain64 (i.e. using AES128-XTS).
 * license change to GPL-2.0+ from GPL-1.0
 * new unified command open and close.
 * direct support for TCRYPT (TrueCrypt and compatible tc-play) on-disk format
 * new benchmark command

OBS-URL: https://build.opensuse.org/request/show/159200
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=99
2013-03-13 16:21:37 +00:00
2469c1380b Accepting request 145274 from home:lnussel:branches:security
ATTENTION: wait for cryptsetup-mkinitrd before checkin, otherwise installation
with root on crypto no longer boot

- version 1.5.1:
  * Added keyslot checker
  * Add crypt_keyslot_area() API call.
  * Optimize seek to keyfile-offset (Issue #135, thx to dreisner).
  * Fix luksHeaderBackup for very old v1.0 unaligned LUKS headers.
  * Allocate loop device late (only when real block device needed).
  * Rework underlying device/file access functions.
  * Create hash image if doesn't exist in veritysetup format.
  * Provide better error message if running as non-root user (device-mapper, loop).
- split off hashalot and boot.crypto
- move to /usr

OBS-URL: https://build.opensuse.org/request/show/145274
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=97
2012-12-13 13:06:34 +00:00
7a1b87dbd3 Accepting request 143882 from home:sbrabec:gpg-offline-verify
Verify GPG signature: Perform build-time offline GPG verification.
Please verify that included keyring matches your needs.
For manipulation with the offline keyring, please use gpg-offline tool from openSUSE:Factory, devel-tools-building or Base:System.
See the man page and/or /usr/share/doc/packages/gpg-offline/PACKAGING.HOWTO.

If you need to build your package for older products and don't want to mess spec file with ifs, please follow PACKAGING.HOWTO:
you can link or aggregate gpg-offline from
devel:tools:building or use following trick with "osc meta prjconf":

--- Cut here ----
%if 0%{?suse_version} <= 1220
Substitute: gpg-offline
%endif

Macros:
%gpg_verify(dnf) \
%if 0%{?suse_version} > 1220\
echo "WARNING: Using %%gpg_verify macro from prjconf, not from gpg-offline package."\
gpg-offline --directory="%{-d:%{-d*}}%{!-d:%{_sourcedir}}" --package="%{-n:%{-n*}}%{!-n:%{name}}""%{-f: %{-f*}}" --verify %{**}\
%else\
echo "WARNING: Dummy prjconf macro. gpg-offline is not available, skipping %{**} GPG signature verification!"\
%endif\
%nil
-----------------

OBS-URL: https://build.opensuse.org/request/show/143882
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=96
2012-12-11 12:52:39 +00:00
Factory Maintainer
6a9632a0b7 osc copypac from project:home:fcrozat:branches:security package:cryptsetup revision:2
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=94
2012-11-03 07:17:34 +00:00
7a73bec4e1 - version 1.5.0:
* Add --device-size option for reencryption tool.
  * Switch to use unit suffix for --reduce-device-size option.
  * Remove open device debugging feature (no longer needed).
  * Introduce cryptsetup-reencrypt - experimental offline LUKS reencryption tool.
  * Fix luks-header-from-active script (do not use LUKS header on-disk, add UUID).
  * Add --test-passphrase option for luksOpen (check passphrase only).
  * Introduce veritysetup for dm-verity target management.
  * Both data and header device can now be a file.
  * Loop is automatically allocated in crypt_set_data_device().
  * Require only up to last keyslot area for header device (ignore data offset).
  * Fix header backup and restore to work on files with large data offset.
  * Fix readonly activation if underlying device is readonly (1.4.0).
  * Fix keyslot removal (wipe keyslot) for device with 4k hw block (1.4.0).
  * Allow empty cipher (cipher_null) for testing.
  * Fix loop mapping on readonly file.
  * Relax --shared test, allow mapping even for overlapping segments.
  * Support shared flag for LUKS devices (dangerous).
  * Switch on retry on device remove for libdevmapper.
  * Allow "private" activation (skip some udev global rules) flag.

OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=91
2012-08-01 13:39:44 +00:00
b9c271feeb cryptsetup developers use a special exception to link against openSSL
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=89
2012-07-10 06:28:35 +00:00
acdb37a416 Accepting request 127399 from home:babelworx:ldig:branches:security
license update: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+
cryÃptsetup developers use a special exception to link against openSSL

OBS-URL: https://build.opensuse.org/request/show/127399
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=88
2012-07-09 21:33:52 +00:00
d0db1b9bba - boot.crypto:
* update man page to mention systemd and wiki article
  * sanitize dm target names (bnc#716240)

OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=86
2012-06-15 12:41:51 +00:00
edec8e139d - boot.crypto:
* prefer physdev from crypttab
  * fix non-plymouth use

OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=84
2012-04-17 13:04:02 +00:00
a991e23180 - new version 1.4.2
* Fix header check to support old (cryptsetup 1.0.0) header alignment. (1.4.0)
  * Add --keyfile-offset and --new-keyfile-offset parameters to API and CLI.
  * Add repair command and crypt_repair() for known LUKS metadata problems repair.
  * Allow to specify --align-payload only for luksFormat.
  * Unify password verification option.
  * Support password verification with quiet flag if possible. (1.2.0)
  * Fix retry if entered passphrases (with verify option) do not match.
  * Support UUID=<LUKS_UUID> format for device specification.
  * Add --master-key-file option to luksOpen (open using volume key).
  * Fix use of empty keyfile.
  * Fix error message for luksClose and detached LUKS header.
  * Allow --header for status command to get full info with detached header.

OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=83
2012-04-16 12:23:27 +00:00
82a3543aae - boot.crypto:
* avoid warning about module 'kernel' (bnc#741468)
  * incorporate plymouth support

OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=82
2012-04-16 09:57:35 +00:00
c3fe034594 osc copypac from project:security package:cryptsetup revision:79
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=81
2012-02-10 12:56:38 +00:00
1eee894b80 Accepting request 102718 from home:rjschwei:branches:security
usrMerge project - move files from toplevel to /usr

OBS-URL: https://build.opensuse.org/request/show/102718
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=80
2012-02-10 12:55:56 +00:00
Cristian Rodríguez
a97c0c5911 Accepting request 96862 from home:jengelh:branches:security
Update to new upstream release 1.4.1; trim support, amongst it

OBS-URL: https://build.opensuse.org/request/show/96862
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=78
2011-12-18 20:29:05 +00:00
29279bfec8 - on update convert noauto to nofail and turn on fsck (bnc#724113)
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=75
2011-10-27 15:53:38 +00:00
ec1a451c86 - cryptsetup-boot: Rescan LVM volumes after opening crypto (bnc#722916).
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=74
2011-10-10 09:36:11 +00:00
Cristian Rodríguez
bc5d6c42fb Accepting request 85975 from home:coolo:removelibtool
add libtool as buildrequires so we no longer rely on libtool in the project config of factory - it's only needed by <10% of all packages

OBS-URL: https://build.opensuse.org/request/show/85975
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=72
2011-10-02 15:40:14 +00:00
f790952036 Accepting request 83185 from home:jengelh:bl-c
- Remove redundant tags/sections from specfile

OBS-URL: https://build.opensuse.org/request/show/83185
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=70
2011-09-26 07:42:42 +00:00
2d76387d91 - boot.crypto:
* don't hard require boot.device-mapper in boot.crypto

OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=68
2011-05-27 13:21:11 +00:00
715a5bf4de Accepting request 71223 from home:lnussel:Factory
- new version 1.3.1:
 * Fix keyfile=- processing in create command (regression in 1.3.0).
 * Simplify device path status check (use /sys and do not scan /dev).
 * Do not ignore device size argument for create command (regression in 1.2.0).
 * Fix error paths in blockwise code and lseek_write call.

OBS-URL: https://build.opensuse.org/request/show/71223
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=66
2011-05-25 11:15:26 +00:00
Cristian Rodríguez
88eca89303 Accepting request 66851 from home:lnussel:Factory
OBS-URL: https://build.opensuse.org/request/show/66851
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=64
2011-04-11 14:45:23 +00:00
9326f53439 - boot.crypto:
* also fix exit code in boot.crypto.functions (bnc#671822)

OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=62
2011-02-17 07:54:13 +00:00
77ec35e6c9 - boot.crypto:
* don't fail if loop module is not loaded
  * adapt to new crypsetup exit codes (bnc#667931)

OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=60
2011-01-31 15:33:35 +00:00
83843b8936 - new version 1.2.0
* Add selection of random/urandom number generator for luksFormat
 (option --use-random and --use-urandom).
 * Fix luksRemoveKey to not ask for remaining keyslot passphrase,
 only for removed one.
 * No longer support luksDelKey (replaced with luksKillSlot).
  * if you want to remove particular passphrase, use luksKeyRemove
  * if you want to remove particular keyslot, use luksKillSlot
 Note that in batch mode luksKillSlot allows removing of any keyslot
 without question, in normal mode requires passphrase or keyfile from
 other keyslot.
 * Default alignment for device (if not overridden by topology info)
 is now (multiple of) *1MiB*.
 This reflects trends in storage technologies and aligns to the same
 defaults for partitions and volume management.
 * Allow explicit UUID setting in luksFormat and allow change it later
 in luksUUID (--uuid parameter).
 * All commands using key file now allows limited read from keyfile using
 --keyfile-size and --new-keyfile-size parameters (in bytes).
 This change also disallows overloading of --key-size parameter which
 is now exclusively used for key size specification (in bits.)
 * luksFormat using pre-generated master key now properly allows
 using key file (only passphrase was allowed prior to this update).
 * Add --dump-master-key option for luksDump to perform volume (master)
 key dump. Note that printed information allows accessing device without
 passphrase so it must be stored encrypted.
 This operation is useful for simple Key Escrow function (volume key and
 encryption parameters printed on paper on safe place).
 This operation requires passphrase or key file.

OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=58
2010-12-20 13:44:02 +00:00
29173b2fb1 - boot.crypto:
* drop cryptotab support

OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=56
2010-11-30 15:07:41 +00:00
fa5652474f - boot.crypto:
* add a few tweaks for systemd (bnc#652767)

OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=52
2010-11-16 14:06:15 +00:00
OBS User buildservice-autocommit
23570f9bf8 Updating link to change in openSUSE:Factory/cryptsetup revision 50.0
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=e2e6e48fb2204a8052d9d8366ee7fca5
2010-07-30 15:06:42 +00:00
OBS User autobuild
1c0d2fdc36 Accepting request 44180 from security
checked in (request 44180)

OBS-URL: https://build.opensuse.org/request/show/44180
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=51
2010-07-30 15:06:41 +00:00
d14a84c9f9 - new version 1.1.3
* Fix device alignment ioctl calls parameters. (Device alignment
    code was not working properly on some architectures like ppc64.)
  * Fix activate_by_* API calls to handle NULL device name as
    documented. (To enable check of passphrase/keyfile using
    libcryptsetup without activating the device.)
  * Fix udev support for old libdevmapper with not compatible definition.
  * Added Polish translation file.

OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=50
2010-07-07 14:37:24 +00:00
301bfdeb77 - skip temporary mappings in early stage as chmod needs to be called
on the mounted file systems (bnc#591704)

OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=48
2010-07-01 14:26:39 +00:00
Stephan Kleine
ea43e1383b Accepting request 42090 from home:jengelh:smp
Copy from home:jengelh:smp/cryptsetup via accept of submit request 42090 revision 2.
Request was accepted with message:
Reviewed ok

OBS-URL: https://build.opensuse.org/request/show/42090
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=47
2010-06-26 19:08:28 +00:00
OBS User buildservice-autocommit
bde545e09d Updating link to change in openSUSE:Factory/cryptsetup revision 46.0
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=bfb0a6f0e5109280f3fe51e6c8c257e8
2010-05-31 16:14:50 +00:00
OBS User autobuild
1990c421bc Accepting request 40924 from security
checked in (request 40924)

OBS-URL: https://build.opensuse.org/request/show/40924
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=46
2010-05-31 16:14:49 +00:00
494f640a9c - new version 1.1.2 fixes keyfile regression introduced by 1.1.1
* Fix luksFormat/luksOpen reading passphrase from stdin and "-" keyfile.
 * Support --key-file/-d option for luksFormat.
 * Fix description of --key-file and add --verbose and --debug options to man page.
 * Add verbose log level and move unlocking message there.
 * Remove device even if underlying device disappeared (remove, luksClose).
 * Fix (deprecated) reload device command to accept new device argument.

OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=45
2010-05-31 11:18:36 +00:00