Accepting request 125389 from home:lnussel:branches:Base:System

- remove encryption options completely as upstream will do that as well in the next release (bnc#748879). OBS-URL: https://build.opensuse.org/request/show/125389 OBS-URL: https://build.opensuse.org/package/show/Base:System/util-linux?expand=0&rev=141
2012-06-19 07:55:51 +00:00 · 2012-06-19 07:55:51 +00:00 · 207244553a
commit 207244553a
parent 5b9d0884d3
4 changed files with 560 additions and 0 deletions
--- a/util-linux-2.21.2-noenc-suse.diff
+++ b/util-linux-2.21.2-noenc-suse.diff
@ -0,0 +1,13 @@
+Index: util-linux-2.21.2/libmount/src/context_loopdev.c
+===================================================================
+--- util-linux-2.21.2.orig/libmount/src/context_loopdev.c
+++ util-linux-2.21.2/libmount/src/context_loopdev.c
+@@ -199,6 +199,8 @@ int mnt_context_setup_loopdev(struct lib
+ 	if (rc == 0 && (cxt->user_mountflags & MNT_MS_ENCRYPTION) &&
+ 	    mnt_optstr_get_option(optstr, "encryption", &val, &len) == 0) {
+ 		DBG(CXT, mnt_debug_h(cxt, "encryption no longer supported"));
+		// XXX: nasty for the lib but there's on better way to give a hint atm
+		fprintf(stderr, "mount: encryption no longer supported. Please use /etc/crypttab instead (man 5 crypttab)\n");
+ 		rc = -EINVAL;
+ 	}
+ 
--- a/util-linux-2.21.2-noenc.diff
+++ b/util-linux-2.21.2-noenc.diff
@ -0,0 +1,535 @@
+From e1f7680ca45c5173f7853feb76dd093cec8d17ad Mon Sep 17 00:00:00 2001
+From: Ludwig Nussel <ludwig.nussel@suse.de>
+Date: Fri, 15 Jun 2012 09:38:36 +0200
+Subject: [PATCH] remove obsolete encryption support from losetup
+
+kernel cryptoloop is deprecated since ages and support for cryptoloop in
+util-linux is incomplete/broken.
+- no password hashing
+- last 8 bit of key are always set to zero
+- no binary keys possible (stops reading key at \n and \0)
+
+In the past some Distros added the above features with patches. So
+remove cryptoloop support from util-linux completely to make sure
+people won't try using it.
+
+Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
+---
+ include/loopdev.h              |    3 --
+ lib/loopdev.c                  |   56 ----------------------------------------
+ libmount/src/context_loopdev.c |   22 +++-------------
+ mount/mount.8                  |    9 +-----
+ mount/mount.c                  |   20 +++++---------
+ sys-utils/losetup.8            |   29 ++------------------
+ sys-utils/losetup.c            |   30 +++++----------------
+ sys-utils/mount.8              |    7 +----
+ sys-utils/mount.c              |   34 +-----------------------
+ 9 files changed, 25 insertions(+), 185 deletions(-)
+
+diff --git a/include/loopdev.h b/include/loopdev.h
+index 906bee0..030f215 100644
+--- a/include/loopdev.h
+++ b/include/loopdev.h
+@@ -165,9 +165,6 @@ int loopcxt_set_offset(struct loopdev_cxt *lc, uint64_t offset);
+ int loopcxt_set_sizelimit(struct loopdev_cxt *lc, uint64_t sizelimit);
+ int loopcxt_set_flags(struct loopdev_cxt *lc, uint32_t flags);
+ int loopcxt_set_backing_file(struct loopdev_cxt *lc, const char *filename);
+-int loopcxt_set_encryption(struct loopdev_cxt *lc,
+-                           const char *encryption,
+-                           const char *password);
+ 
+ extern char *loopcxt_get_backing_file(struct loopdev_cxt *lc);
+ extern int loopcxt_get_backing_devno(struct loopdev_cxt *lc, dev_t *devno);
+diff --git a/lib/loopdev.c b/lib/loopdev.c
+index fd3f9ba..807984e 100644
+--- a/lib/loopdev.c
+++ b/lib/loopdev.c
+@@ -963,62 +963,6 @@ int loopcxt_set_backing_file(struct loopdev_cxt *lc, const char *filename)
+ 	return 0;
+ }
+ 
+-static int digits_only(const char *s)
+-{
+-	while (*s)
+-		if (!isdigit(*s++))
+-			return 0;
+-	return 1;
+-}
+-
+-/*
+- * @lc: context
+- * @encryption: encryption name / type (see lopsetup man page)
+- * @password
+- *
+- * Note that the encryption functionality is deprecated an unmaintained. Use
+- * cryptsetup (it also supports AES-loops).
+- *
+- * The setting is removed by loopcxt_set_device() loopcxt_next()!
+- *
+- * Returns: 0 on success, <0 on error.
+- */
+-int loopcxt_set_encryption(struct loopdev_cxt *lc,
+-			   const char *encryption,
+-			   const char *password)
+-{
+-	if (!lc)
+-		return -EINVAL;
+-
+-	DBG(lc, loopdev_debug("setting encryption '%s'", encryption));
+-
+-	if (encryption && *encryption) {
+-		if (digits_only(encryption)) {
+-			lc->info.lo_encrypt_type = atoi(encryption);
+-		} else {
+-			lc->info.lo_encrypt_type = LO_CRYPT_CRYPTOAPI;
+-			snprintf((char *)lc->info.lo_crypt_name, LO_NAME_SIZE,
+-				 "%s", encryption);
+-		}
+-	}
+-
+-	switch (lc->info.lo_encrypt_type) {
+-	case LO_CRYPT_NONE:
+-		lc->info.lo_encrypt_key_size = 0;
+-		break;
+-	default:
+-		DBG(lc, loopdev_debug("setting encryption key"));
+-		memset(lc->info.lo_encrypt_key, 0, LO_KEY_SIZE);
+-		strncpy((char *)lc->info.lo_encrypt_key, password, LO_KEY_SIZE);
+-		lc->info.lo_encrypt_key[LO_KEY_SIZE - 1] = '\0';
+-		lc->info.lo_encrypt_key_size = LO_KEY_SIZE;
+-		break;
+-	}
+-
+-	DBG(lc, loopdev_debug("encryption successfully set"));
+-	return 0;
+-}
+-
+ /*
+  * @cl: context
+  *
+diff --git a/libmount/src/context_loopdev.c b/libmount/src/context_loopdev.c
+index 023c952..863ee3d 100644
+--- a/libmount/src/context_loopdev.c
+++ b/libmount/src/context_loopdev.c
+@@ -7,7 +7,6 @@
+ 
+ /*
+  * DOCS: - "lo@" prefix for fstype is unsupported
+- *	 - encyption= mount option for loop device is unssuported
+  */
+ 
+ #include <blkid.h>
+@@ -35,8 +34,7 @@ int mnt_context_is_loopdev(struct libmnt_context *cxt)
+ 
+ 	if (cxt->user_mountflags & (MNT_MS_LOOP |
+ 				    MNT_MS_OFFSET |
+-				    MNT_MS_SIZELIMIT |
+-				    MNT_MS_ENCRYPTION)) {
+				    MNT_MS_SIZELIMIT)) {
+ 
+ 		DBG(CXT, mnt_debug_h(cxt, "loopdev specific options detected"));
+ 		return 1;
+@@ -134,7 +132,7 @@ static int is_mounted_same_loopfile(struct libmnt_context *cxt,
+ int mnt_context_setup_loopdev(struct libmnt_context *cxt)
+ {
+ 	const char *backing_file, *optstr, *loopdev = NULL;
+-	char *val = NULL, *enc = NULL, *pwd = NULL;
+	char *val = NULL;
+ 	size_t len;
+ 	struct loopdev_cxt lc;
+ 	int rc = 0, lo_flags = 0;
+@@ -200,13 +198,8 @@ int mnt_context_setup_loopdev(struct libmnt_context *cxt)
+ 	 */
+ 	if (rc == 0 && (cxt->user_mountflags & MNT_MS_ENCRYPTION) &&
+ 	    mnt_optstr_get_option(optstr, "encryption", &val, &len) == 0) {
+-		enc = strndup(val, len);
+-		if (val && !enc)
+-			rc = -ENOMEM;
+-		if (enc && cxt->pwd_get_cb) {
+-			DBG(CXT, mnt_debug_h(cxt, "asking for pass"));
+-			pwd = cxt->pwd_get_cb(cxt);
+-		}
+		DBG(CXT, mnt_debug_h(cxt, "encryption no longer supported"));
+		rc = -EINVAL;
+ 	}
+ 
+ 	if (rc == 0 && is_mounted_same_loopfile(cxt,
+@@ -245,8 +238,6 @@ int mnt_context_setup_loopdev(struct libmnt_context *cxt)
+ 			rc = loopcxt_set_offset(&lc, offset);
+ 		if (!rc && sizelimit)
+ 			rc = loopcxt_set_sizelimit(&lc, sizelimit);
+-		if (!rc && enc && pwd)
+-			loopcxt_set_encryption(&lc, enc, pwd);
+ 		if (!rc)
+ 			loopcxt_set_flags(&lc, lo_flags);
+ 		if (rc) {
+@@ -298,11 +289,6 @@ int mnt_context_setup_loopdev(struct libmnt_context *cxt)
+ 		loopcxt_set_fd(&lc, -1, 0);
+ 	}
+ done:
+-	free(enc);
+-	if (pwd && cxt->pwd_release_cb) {
+-		DBG(CXT, mnt_debug_h(cxt, "release pass"));
+-		cxt->pwd_release_cb(cxt, pwd);
+-	}
+ 	loopcxt_deinit(&lc);
+ 	return rc;
+ }
+diff --git a/mount/mount.8 b/mount/mount.8
+index 789d9fe..0644e8e 100644
+--- a/mount/mount.8
+++ b/mount/mount.8
+@@ -535,11 +535,6 @@ Don't canonicalize paths. The mount command canonicalizes all paths
+ file. This option can be used together with the
+ .B \-f
+ flag for already canonicalized absolut paths.
+-.IP "\fB\-p, \-\-pass\-fd \fInum\fP"
+-In case of a loop mount with encryption, read the passphrase from
+-file descriptor
+-.I num
+-instead of from the terminal.
+ .IP "\fB\-s\fP"
+ Tolerate sloppy mount options rather than failing. This will ignore
+ mount options not supported by a filesystem type. Not all filesystems
+@@ -2708,8 +2703,8 @@ not specified or the filesystem is known for libblkid, for example:
+ .B "mount -t ext3 /tmp/disk.img /mnt"
+ .sp
+ .RE
+-This type of mount knows about four options, namely
+-.BR loop ", " offset ", " sizelimit " and " encryption ,
+This type of mount knows about three options, namely
+.BR loop ", " offset ", " sizelimit " ,
+ that are really options to
+ .BR \%losetup (8).
+ (These options can be used in addition to those specific
+diff --git a/mount/mount.c b/mount/mount.c
+index 396f357..b69fd61 100644
+--- a/mount/mount.c
+++ b/mount/mount.c
+@@ -83,9 +83,6 @@ static int mounttype = 0;
+ /* True if (ruid != euid) or (0 != ruid), i.e. only "user" mounts permitted.  */
+ static int restricted = 1;
+ 
+-/* Contains the fd to read the passphrase from, if any. */
+-static int pfd = -1;
+-
+ #ifdef HAVE_LIBMOUNT_MOUNT
+ static struct libmnt_update *mtab_update;
+ static char *mtab_opts;
+@@ -1262,7 +1259,7 @@ loop_check(const char **spec, const char **type, int *flags,
+       *type = opt_vfstype;
+   }
+ 
+-  *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_sizelimit || opt_encryption);
+  *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_sizelimit);
+   *loopfile = *spec;
+ 
+   /* Automatically create a loop device from a regular file if a filesystem
+@@ -1317,6 +1314,11 @@ loop_check(const char **spec, const char **type, int *flags,
+         return EX_FAIL;
+       }
+ 
+      if (opt_encryption) {
+        error("mount: %s", _("encryption not supported, use cryptsetup(8) instead"));
+        return EX_FAIL;
+      }
+
+       loopcxt_init(&lc, 0);
+       /* loopcxt_enable_debug(&lc, 1); */
+ 
+@@ -1525,14 +1527,6 @@ update_mtab_entry(const char *spec, const char *node, const char *type,
+ #endif /* !HAVE_LIBMOUNT_MOUNT */
+ 
+ static void
+-set_pfd(char *s) {
+-	if (!isdigit(*s))
+-		die(EX_USAGE,
+-		    _("mount: argument to -p or --pass-fd must be a number"));
+-	pfd = atoi(optarg);
+-}
+-
+-static void
+ cdrom_setspeed(const char *spec) {
+ #define CDROM_SELECT_SPEED      0x5322  /* Set the CD-ROM speed */
+ 	if (opt_speed) {
+@@ -2579,7 +2573,7 @@ main(int argc, char *argv[]) {
+ 			test_opts = append_opt(test_opts, optarg, NULL);
+ 			break;
+ 		case 'p':		/* fd on which to read passwd */
+-			set_pfd(optarg);
+                        error("mount: %s", _("--pass-fd is no longer supported"));
+ 			break;
+ 		case 'r':		/* mount readonly */
+ 			readonly = 1;
+diff --git a/sys-utils/losetup.8 b/sys-utils/losetup.8
+index f50b072..8c69689 100644
+--- a/sys-utils/losetup.8
+++ b/sys-utils/losetup.8
+@@ -40,8 +40,6 @@ Setup loop device:
+ .sp
+ .in +5
+ .B losetup
+-.RB [{ \-e | \-E }
+-.IR encryption ]
+ .RB [ \-o
+ .IR offset ]
+ .RB [ \-\-sizelimit
+@@ -82,8 +80,6 @@ force loop driver to reread size of the file associated with the specified loop
+ detach the file or device associated with the specified loop device(s)
+ .IP "\fB\-D, \-\-detach-all\fP"
+ detach all associated loop devices
+-.IP "\fB\-e, \-E, \-\-encryption \fIencryption_type\fP"
+-enable data encryption with specified name or number
+ .IP "\fB\-f, \-\-find\fP"
+ find the first unused loop device. If a
+ .I file
+@@ -98,10 +94,6 @@ the data start is moved \fIoffset\fP bytes into the specified file or
+ device
+ .IP "\fB\-\-sizelimit \fIsize\fP"
+ the data end is set to no more than \fIsize\fP bytes after the data start
+-.IP "\fB\-p, \-\-pass-fd \fInum\fP"
+-read the passphrase from file descriptor with number
+-.I num
+-instead of from the terminal
+ .IP "\fB\-P, \-\-partscan\fP"
+ force kernel to scan partition table on newly created loop device
+ .IP "\fB\-r, \-\-read-only\fP"
+@@ -116,25 +108,10 @@ argument are present.
+ verbose mode
+ 
+ .SH ENCRYPTION
+-.B Cryptoloop is deprecated in favor of dm-crypt. For more details see
+-.B cryptsetup (8). It is possible that all bug reports regarding to -E/-e
+-.B options will be ignored.
+-
+-
+-It is possible to specify transfer functions (for encryption/decryption
+-or other purposes) using one of the
+-.B \-E
+Cryptoloop is no longer supported in favor of dm-crypt. For more details see
+.B cryptsetup (8)
+ and
+-.B \-e
+-options.
+-There are two mechanisms to specify the desired encryption: by number
+-and by name. If an encryption is specified by number then one
+-has to make sure that the Linux kernel knows about the encryption with that
+-number, probably by patching the kernel. Standard numbers that are
+-always present are 0 (no encryption) and 1 (XOR encryption).
+-When the cryptoloop module is loaded (or compiled in), it uses number 18.
+-This cryptoloop module will take the name of an arbitrary encryption type
+-and find the module that knows how to perform that encryption.
+.B crypttab (5).
+ 
+ .SH RETURN VALUE
+ .B losetup
+diff --git a/sys-utils/losetup.c b/sys-utils/losetup.c
+index 9f03151..2513253 100644
+--- a/sys-utils/losetup.c
+++ b/sys-utils/losetup.c
+@@ -18,7 +18,6 @@
+ #include "nls.h"
+ #include "strutils.h"
+ #include "loopdev.h"
+-#include "xgetpass.h"
+ 
+ enum {
+ 	A_CREATE = 1,		/* setup a new device */
+@@ -164,10 +163,8 @@ static void usage(FILE *out)
+ 		" -j, --associated <file>       list all devices associated with <file>\n"), out);
+ 	fputs(USAGE_SEPARATOR, out);
+ 
+-	fputs(_(" -e, --encryption <type>       enable encryption with specified <name/num>\n"
+-		" -o, --offset <num>            start at offset <num> into file\n"
+	fputs(_(" -o, --offset <num>            start at offset <num> into file\n"
+ 		"     --sizelimit <num>         device limited to <num> bytes of the file\n"
+-		" -p, --pass-fd <num>           read passphrase from file descriptor <num>\n"
+ 		" -P, --partscan                create partitioned loop device\n"
+ 		" -r, --read-only               setup read-only loop device\n"
+ 		"     --show                    print device name after setup (with -f)\n"
+@@ -185,8 +182,8 @@ static void usage(FILE *out)
+ int main(int argc, char **argv)
+ {
+ 	struct loopdev_cxt lc;
+-	int act = 0, flags = 0, passfd = -1, c;
+-	char *file = NULL, *encryption = NULL;
+	int act = 0, flags = 0, c;
+	char *file = NULL;
+ 	uint64_t offset = 0, sizelimit = 0;
+ 	int res = 0, showdev = 0, lo_flags = 0;
+ 
+@@ -249,7 +246,7 @@ int main(int argc, char **argv)
+ 			break;
+ 		case 'E':
+ 		case 'e':
+-			encryption = optarg;
+			errx(EXIT_FAILURE, _("encryption not supported, use cryptsetup(8) instead"));
+ 			break;
+ 		case 'f':
+ 			act = A_FIND_FREE;
+@@ -268,8 +265,7 @@ int main(int argc, char **argv)
+ 			flags |= LOOPDEV_FL_OFFSET;
+ 			break;
+ 		case 'p':
+-			passfd = strtol_or_err(optarg,
+-					_("invalid passphrase file descriptor"));
+                        warn(_("--pass-fd is no longer supported"));
+ 			break;
+ 		case 'P':
+ 			lo_flags |= LO_FLAGS_PARTSCAN;
+@@ -327,10 +323,10 @@ int main(int argc, char **argv)
+ 	}
+ 
+ 	if (act != A_CREATE &&
+-	    (encryption || sizelimit || passfd != -1 || lo_flags || showdev))
+	    (sizelimit || lo_flags || showdev))
+ 		errx(EXIT_FAILURE,
+ 			_("the options %s are allowed to loop device setup only"),
+-			"--{encryption,sizelimit,pass-fd,read-only,show}");
+			"--{sizelimit,read-only,show}");
+ 
+ 	if ((flags & LOOPDEV_FL_OFFSET) &&
+ 	    act != A_CREATE && (act != A_SHOW || !file))
+@@ -339,16 +335,8 @@ int main(int argc, char **argv)
+ 	switch (act) {
+ 	case A_CREATE:
+ 	{
+-		char *pass = NULL;
+ 		int hasdev = loopcxt_has_device(&lc);
+ 
+-		if (encryption) {
+-#ifdef MCL_FUTURE
+-			if(mlockall(MCL_CURRENT | MCL_FUTURE))
+-				err(EXIT_FAILURE, _("couldn't lock into memory"));
+-#endif
+-			pass = xgetpass(passfd, _("Password: "));
+-		}
+ 		do {
+ 			/* Note that loopcxt_{find_unused,set_device}() resets
+ 			 * loopcxt struct.
+@@ -357,8 +345,6 @@ int main(int argc, char **argv)
+ 				warnx(_("not found unused device"));
+ 				break;
+ 			}
+-			if (encryption && pass)
+-				loopcxt_set_encryption(&lc, encryption, pass);
+ 			if (flags & LOOPDEV_FL_OFFSET)
+ 				loopcxt_set_offset(&lc, offset);
+ 			if (flags & LOOPDEV_FL_SIZELIMIT)
+@@ -379,8 +365,6 @@ int main(int argc, char **argv)
+ 			}
+ 		} while (hasdev == 0);
+ 
+-		free(pass);
+-
+ 		if (showdev && res == 0)
+ 			printf("%s\n", loopcxt_get_device(&lc));
+ 		break;
+diff --git a/sys-utils/mount.8 b/sys-utils/mount.8
+index 4f8af0a..73f5170 100644
+--- a/sys-utils/mount.8
+++ b/sys-utils/mount.8
+@@ -528,11 +528,6 @@ Don't canonicalize paths. The mount command canonicalizes all paths
+ file. This option can be used together with the
+ .B \-f
+ flag for already canonicalized absolut paths.
+-.IP "\fB\-p, \-\-pass\-fd \fInum\fP"
+-In case of a loop mount with encryption, read the passphrase from
+-file descriptor
+-.I num
+-instead of from the terminal.
+ .IP "\fB\-s\fP"
+ Tolerate sloppy mount options rather than failing. This will ignore
+ mount options not supported by a filesystem type. Not all filesystems
+@@ -2715,7 +2710,7 @@ not specified or the filesystem is known for libblkid, for example:
+ .sp
+ .RE
+ This type of mount knows about four options, namely
+-.BR loop ", " offset ", " sizelimit " and " encryption ,
+.BR loop ", " offset ", " sizelimit ",
+ that are really options to
+ .BR \%losetup (8).
+ (These options can be used in addition to those specific
+diff --git a/sys-utils/mount.c b/sys-utils/mount.c
+index 7f2d5d8..031fd31 100644
+--- a/sys-utils/mount.c
+++ b/sys-utils/mount.c
+@@ -36,7 +36,6 @@
+ #include "env.h"
+ #include "optutils.h"
+ #include "strutils.h"
+-#include "xgetpass.h"
+ #include "exitcodes.h"
+ #include "xalloc.h"
+ 
+@@ -49,7 +48,6 @@
+  *  --options-source-force				MNT_OMODE_FORCE
+  */
+ 
+-static int passfd = -1;
+ static int readwrite;
+ 
+ static int mk_exit_code(struct libmnt_context *cxt, int rc);
+@@ -103,32 +101,6 @@ static int table_parser_errcb(struct libmnt_table *tb __attribute__((__unused__)
+ 	return 0;
+ }
+ 
+-static char *encrypt_pass_get(struct libmnt_context *cxt)
+-{
+-	if (!cxt)
+-		return 0;
+-
+-#ifdef MCL_FUTURE
+-	if (mlockall(MCL_CURRENT | MCL_FUTURE)) {
+-		warn(_("couldn't lock into memory"));
+-		return NULL;
+-	}
+-#endif
+-	return xgetpass(passfd, _("Password: "));
+-}
+-
+-static void encrypt_pass_release(struct libmnt_context *cxt
+-			__attribute__((__unused__)), char *pwd)
+-{
+-	char *p = pwd;
+-
+-	while (p && *p)
+-		*p++ = '\0';
+-
+-	free(pwd);
+-	munlockall();
+-}
+-
+ static void print_all(struct libmnt_context *cxt, char *pattern, int show_label)
+ {
+ 	struct libmnt_table *tb;
+@@ -616,7 +588,6 @@ static void __attribute__((__noreturn__)) usage(FILE *out)
+ 	fprintf(out, _(
+ 	" -o, --options <list>    comma-separated list of mount options\n"
+ 	" -O, --test-opts <list>  limit the set of filesystems (use with -a)\n"
+-	" -p, --pass-fd <num>     read the passphrase from file descriptor\n"
+ 	" -r, --read-only         mount the filesystem read-only (same as -o ro)\n"
+ 	" -t, --types <list>      limit the set of filesystem types\n"));
+ 	fprintf(out, _(
+@@ -782,8 +753,7 @@ int main(int argc, char **argv)
+ 				err(MOUNT_EX_SYSERR, _("failed to set options pattern"));
+ 			break;
+ 		case 'p':
+-			passfd = strtol_or_err(optarg,
+-					_("invalid passphrase file descriptor"));
+                        warnx(_("--pass-fd is no longer supported"));
+ 			break;
+ 		case 'L':
+ 		case 'U':
+@@ -864,8 +834,6 @@ int main(int argc, char **argv)
+ 	else if (types)
+ 		mnt_context_set_fstype(cxt, types);
+ 
+-	mnt_context_set_passwd_cb(cxt, encrypt_pass_get, encrypt_pass_release);
+-
+ 	if (all) {
+ 		/*
+ 		 * A) Mount all
+-- 
+1.7.7
+
--- a/util-linux.changes
+++ b/util-linux.changes
@ -9,6 +9,12 @@ Fri Jun 15 12:57:06 UTC 2012 - puzel@suse.com
  - mount-new-improve-error-messages.patch
  - libmount-add-MNT_ERR_LOOPDEV.patch

+-------------------------------------------------------------------
+Fri Jun 15 10:07:26 UTC 2012 - lnussel@suse.de
+
+- remove encryption options completely as upstream will do that as
+  well in the next release (bnc#748879).
+
 -------------------------------------------------------------------
 Thu Jun 14 13:04:40 UTC 2012 - puzel@suse.com

--- a/util-linux.spec
+++ b/util-linux.spec
@ -97,6 +97,10 @@ Patch7:         libmount-add-special-MNT_ERR-codes.patch
 Patch8:         mount-new-use-MNT_ERR-for-error-messages.patch
 Patch9:         libmount-add-MNT_ERR_LOOPDEV.patch
 Patch10:        mount-new-add-loopdev-specific-error-message.patch
+
+# disable encryption
+Patch11:        util-linux-2.21.2-noenc.diff
+Patch12:        util-linux-2.21.2-noenc-suse.diff
 #####

 ##
@ -207,6 +211,8 @@ Files to develop applications using the libmount library.
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
+%patch12 -p1

 #
 cd adjtimex-*