diff --git a/util-linux-2.13-mount_losetup_crypto.patch b/util-linux-mount_losetup_crypto.patch similarity index 85% rename from util-linux-2.13-mount_losetup_crypto.patch rename to util-linux-mount_losetup_crypto.patch index ed6b607..57a815d 100644 --- a/util-linux-2.13-mount_losetup_crypto.patch +++ b/util-linux-mount_losetup_crypto.patch @@ -1,51 +1,69 @@ -* password hashing based on debian patch (rmd160, sha*) adds losetup options -k - and -H -* add support for loop-AES compatible strings like "twofish256" +From a062df268df66641ed94d5c0e968e92c67b585e4 Mon Sep 17 00:00:00 2001 +From: Ludwig Nussel +Date: Thu, 29 Nov 2007 17:46:36 +0100 +Subject: [PATCH] losetup: support password hashing and specifying the key length + +* add support for password hashing (sha512, sha384, sha256, rmd160). +* add support for loop-AES style strings like "twofish256" for + specifying the encryption algorithm and key length. + +Based on the SUSE patch from Ludwig Nussel , +this patch adds password hashing for cryptoloop devices. While +cryptoloop is deprecated, users may still wish to access existing +volumes. + +Incompatible change: + Default is now to hash using sha256, sha384 or sha512 depending + on key length (16, 24, or 32 bytes). Debian users will need to + specify "--phash rmd160" to access existing Debian devices. + Others will need to specify '--phash none'. + +sha512.c is from loop-AES. Signed-off-by: Ludwig Nussel +--- + mount/Makefile.am | 2 + + mount/lomount.c | 178 +++++++++++++++--- + mount/lomount.h | 4 +- + mount/losetup.8 | 11 + + mount/mount.8 | 13 ++ + mount/mount.c | 23 ++- + mount/my_dev_t.h | 5 + + mount/rmd160.c | 532 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + mount/rmd160.h | 11 + + mount/sha512.c | 432 +++++++++++++++++++++++++++++++++++++++++++ + mount/sha512.h | 45 +++++ + 11 files changed, 1225 insertions(+), 31 deletions(-) + create mode 100644 mount/my_dev_t.h + create mode 100644 mount/rmd160.c + create mode 100644 mount/rmd160.h + create mode 100644 mount/sha512.c + create mode 100644 mount/sha512.h -Index: util-linux-ng-2.13.0.1+git20071121/mount/Makefile.am -=================================================================== ---- util-linux-ng-2.13.0.1+git20071121.orig/mount/Makefile.am -+++ util-linux-ng-2.13.0.1+git20071121/mount/Makefile.am -@@ -12,7 +12,7 @@ headers_common = fstab.h mount_mntent.h - mount_paths.h lomount.h fsprobe.h realpath.h xmalloc.h \ +diff --git a/mount/Makefile.am b/mount/Makefile.am +index 01643b2..cb7af0a 100644 +--- a/mount/Makefile.am ++++ b/mount/Makefile.am +@@ -13,6 +13,7 @@ headers_common = fstab.h mount_mntent.h mount_constants.h \ getusername.h loop.h sundries.h --mount_common = fstab.c mount_mntent.c getusername.c lomount.c \ -+mount_common = fstab.c mount_mntent.c getusername.c lomount.c rmd160.c sha512.c \ + mount_common = fstab.c mount_mntent.c getusername.c lomount.c \ ++ rmd160.c sha512.c \ $(utils_common) $(headers_common) ../lib/env.c ../lib/linux_version.c \ ../lib/blkdev.c -@@ -26,7 +26,7 @@ umount_LDFLAGS = $(SUID_LDFLAGS) $(AM_LD - +@@ -27,6 +28,7 @@ umount_LDFLAGS = $(SUID_LDFLAGS) $(AM_LDFLAGS) swapon_SOURCES = swapon.c swap_constants.h $(utils_common) --losetup_SOURCES = lomount.c sundries.c xmalloc.c realpath.c \ -+losetup_SOURCES = lomount.c sundries.c xmalloc.c realpath.c rmd160.c sha512.c \ + losetup_SOURCES = lomount.c sundries.c xmalloc.c realpath.c \ ++ rmd160.c sha512.c \ loop.h lomount.h xmalloc.h sundries.h realpath.h losetup_CPPFLAGS = -DMAIN $(AM_CPPFLAGS) -Index: util-linux-ng-2.13.0.1+git20071121/mount/rmd160.h -=================================================================== ---- /dev/null -+++ util-linux-ng-2.13.0.1+git20071121/mount/rmd160.h -@@ -0,0 +1,11 @@ -+#ifndef RMD160_H -+#define RMD160_H -+ -+#define RMD160_HASH_SIZE 20 -+ -+void -+rmd160_hash_buffer( unsigned char *outbuf, const unsigned char *buffer, size_t length ); -+ -+#endif /*RMD160_H*/ -+ -+ -Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c -=================================================================== ---- util-linux-ng-2.13.0.1+git20071121.orig/mount/lomount.c -+++ util-linux-ng-2.13.0.1+git20071121/mount/lomount.c +diff --git a/mount/lomount.c b/mount/lomount.c +index 5bd8954..98f144f 100644 +--- a/mount/lomount.c ++++ b/mount/lomount.c @@ -20,12 +20,18 @@ #include "loop.h" @@ -58,8 +76,8 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c #include "xmalloc.h" #include "realpath.h" -+#ifndef MAX -+#define MAX(a,b) ((a>b)?(a):(b)) ++#ifndef MIN ++#define MIN(a,b) ((a>3:LO_KEY_SIZE; @@ -218,13 +238,16 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c + if(!keysz) { + if(verbose) + fprintf(stderr, _("please specify a key length\n")); -+ close(fd); -+ close(ffd); + return 1; + } + loopinfo64.lo_encrypt_key_size = keysz>>3; + } + ++ if((unsigned)loopinfo64.lo_encrypt_key_size > sizeof(loopinfo64.lo_encrypt_key)) { ++ fprintf(stderr, _("invalid key length\n")); ++ return 1; ++ } ++ + if (phash) { + if(!strcasecmp(phash, "sha512")) { + hfunc = sha512_hash_buffer; @@ -233,28 +256,26 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c + } else if(!strcasecmp(phash, "sha256")) { + hfunc = sha256_hash_buffer; + } else if(!strcasecmp(phash, "rmd160")) { -+ hfunc = phash_rmd160; -+ } else if(!strcasecmp(phash, "none")) { -+ hfunc = phash_none; -+ } else { -+ fprintf(stderr, _("unsupported hash method '%s'\n"), phash); -+ close(fd); -+ close(ffd); -+ return 1; -+ } -+ } ++ hfunc = phash_rmd160; ++ } else if(!strcasecmp(phash, "none")) { ++ hfunc = phash_none; ++ } else { ++ fprintf(stderr, _("unsupported hash method '%s'\n"), phash); ++ return 1; ++ } ++ } + -+ if(hfunc) { -+ hfunc((unsigned char*)pass, strlen(pass), loopinfo64.lo_encrypt_key, loopinfo64.lo_encrypt_key_size); -+ } ++ if(hfunc) { ++ hfunc((unsigned char*)pass, strlen(pass), loopinfo64.lo_encrypt_key, loopinfo64.lo_encrypt_key_size); ++ } + -+ // zero buffer ++ // zero buffer memset(pass, 0, strlen(pass)); - loopinfo64.lo_encrypt_key_size = LO_KEY_SIZE; } if (ioctl(fd, LOOP_SET_FD, ffd) < 0) { -@@ -532,8 +638,8 @@ mutter(void) { +@@ -532,8 +640,8 @@ mutter(void) { } int @@ -265,11 +286,11 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c mutter(); return 1; } -@@ -569,7 +675,13 @@ usage(void) { +@@ -569,7 +677,13 @@ usage(void) { " %1$s [ options ] {-f|--find|loop_device} file # setup\n" "\nOptions:\n" " -e | --encryption enable data encryption with specified \n" -+ " -H | --phash hash password using specified algorithm (rmd160/sha512/sha256/sha384/none)\n" ++ " -H | --phash hash password using specified algorithm (sha512/sha256/sha384/rmd160/none)\n" " -h | --help this help\n" + " -k | --keybits specify number of bits in the hashed key given\n" + " to the cipher. Some ciphers support several key\n" @@ -279,7 +300,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c " -o | --offset start at offset into file\n" " -p | --pass-fd read passphrase from file descriptor \n" " -r | --read-only setup read-only loop device\n" -@@ -582,11 +694,14 @@ usage(void) { +@@ -582,11 +696,14 @@ usage(void) { int main(int argc, char **argv) { char *p, *offset, *encryption, *passfd, *device, *file; @@ -294,7 +315,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c unsigned long long off; struct option longopts[] = { { "all", 0, 0, 'a' }, -@@ -594,6 +709,8 @@ main(int argc, char **argv) { +@@ -594,6 +711,8 @@ main(int argc, char **argv) { { "encryption", 1, 0, 'e' }, { "find", 0, 0, 'f' }, { "help", 0, 0, 'h' }, @@ -303,7 +324,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c { "offset", 1, 0, 'o' }, { "pass-fd", 1, 0, 'p' }, { "read-only", 0, 0, 'r' }, -@@ -609,12 +726,13 @@ main(int argc, char **argv) { +@@ -609,12 +728,13 @@ main(int argc, char **argv) { delete = find = all = 0; off = 0; offset = encryption = passfd = NULL; @@ -314,11 +335,11 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c progname = p+1; - while ((c = getopt_long(argc, argv, "ade:E:fho:p:rsv", -+ while ((c = getopt_long(argc, argv, "ade:E:fhk:No:p:rsvH:", ++ while ((c = getopt_long(argc, argv, "ade:E:fhk:o:p:rsvH:", longopts, NULL)) != -1) { switch (c) { case 'a': -@@ -633,6 +751,12 @@ main(int argc, char **argv) { +@@ -633,6 +753,12 @@ main(int argc, char **argv) { case 'f': find = 1; break; @@ -331,7 +352,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c case 'o': offset = optarg; break; -@@ -696,8 +820,10 @@ main(int argc, char **argv) { +@@ -696,8 +822,10 @@ main(int argc, char **argv) { usage(); if (passfd && sscanf(passfd, "%d", &pfd) != 1) usage(); @@ -343,10 +364,82 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c if (res == 2 && find) { if (verbose) printf("stolen loop=%s...trying again\n", -Index: util-linux-ng-2.13.0.1+git20071121/mount/mount.c -=================================================================== ---- util-linux-ng-2.13.0.1+git20071121.orig/mount/mount.c -+++ util-linux-ng-2.13.0.1+git20071121/mount/mount.c +diff --git a/mount/lomount.h b/mount/lomount.h +index 38b3a48..3a6210f 100644 +--- a/mount/lomount.h ++++ b/mount/lomount.h +@@ -1,5 +1,5 @@ +-extern int set_loop(const char *, const char *, unsigned long long, +- const char *, int, int *); ++extern int set_loop(const char *device, const char *file, unsigned long long offset, ++ const char *encryption, const char* phash, int pfd, int *loopro, int keysz); + extern int del_loop(const char *); + extern int is_loop_device(const char *); + extern char * find_unused_loop_device(void); +diff --git a/mount/losetup.8 b/mount/losetup.8 +index db2929f..54bbc94 100644 +--- a/mount/losetup.8 ++++ b/mount/losetup.8 +@@ -76,6 +76,15 @@ find the first unused loop device. If a + argument is present, use this device. Otherwise, print its name. + .IP "\fB\-h, \-\-help\fP" + print help ++.IP "\fB\-H, \-\-phash \fIhash_type\fP" ++Specify the password hash function. Valid values are: ++.BR sha512 (default), ++.BR sha256 , ++.BR sha384 , ++.BR rmd160 , ++.BR none . ++.IP "\fB\-k, \-\-keybits \fInum\fP" ++set the number of bits to use in key to \fInum\fP. + .IP "\fB\-o, \-\-offset \fIoffset\fP" + The data start is moved \fIoffset\fP bytes into the specified file or + device. +@@ -140,6 +149,8 @@ the command + .fi + .SH RESTRICTION + DES encryption is painfully slow. On the other hand, XOR is terribly weak. ++Both are insecure nowadays. Some ciphers may require a licence for you to be ++allowed to use them. + + Cryptoloop is deprecated in favor of dm-crypt. For more details see + .B cryptsetup(8). +diff --git a/mount/mount.8 b/mount/mount.8 +index 54b11d4..e79ea04 100644 +--- a/mount/mount.8 ++++ b/mount/mount.8 +@@ -615,6 +615,15 @@ This option implies the options + (unless overridden by subsequent options, as in the option line + .BR group,dev,suid ). + .TP ++.B encryption ++Specifies an encryption algorithm to use. Used in conjunction with the ++.BR loop " option." ++.TP ++.B keybits ++Specifies the key size to use for an encryption algorithm. Used in conjunction ++with the ++.BR loop " and " encryption " options." ++.TP + .B mand + Allow mandatory locks on this filesystem. See + .BR fcntl (2). +@@ -2010,6 +2019,10 @@ that are really options to + .BR \%losetup (8). + (These options can be used in addition to those specific + to the filesystem type.) ++If the mount requires a passphrase, you will be prompted for one unless ++you specify a file descriptor to read from instead with the ++.BR \-\-pass-fd ++option. + + If no explicit loop device is mentioned + (but just an option `\fB\-o loop\fP' is given), then +diff --git a/mount/mount.c b/mount/mount.c +index 60fe4fe..164ae3c 100644 +--- a/mount/mount.c ++++ b/mount/mount.c @@ -88,6 +88,9 @@ static int suid = 0; /* Contains the fd to read the passphrase from, if any. */ static int pfd = -1; @@ -357,25 +450,24 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/mount.c /* Map from -o and fstab option strings to the flag argument to mount(2). */ struct opt_map { const char *opt; /* option name */ -@@ -185,6 +188,7 @@ static int opt_nofail = 0; +@@ -182,6 +185,7 @@ static const struct opt_map opt_map[] = { static const char *opt_loopdev, *opt_vfstype, *opt_offset, *opt_encryption, *opt_speed, *opt_comment, *opt_uhelper; -+static const char *opt_keybits, *opt_phash, *opt_nohashpass; ++static const char *opt_keybits, *opt_phash; static int mounted (const char *spec0, const char *node0); static int check_special_mountprog(const char *spec, const char *node, -@@ -199,6 +203,9 @@ static struct string_opt_map { +@@ -196,6 +200,8 @@ static struct string_opt_map { { "vfs=", 1, &opt_vfstype }, { "offset=", 0, &opt_offset }, { "encryption=", 0, &opt_encryption }, + { "phash=", 0, &opt_phash }, + { "keybits=", 0, &opt_keybits }, -+ { "nohashpass", 0, &opt_nohashpass }, { "speed=", 0, &opt_speed }, { "comment=", 1, &opt_comment }, { "uhelper=", 0, &opt_uhelper }, -@@ -902,7 +909,7 @@ loop_check(const char **spec, const char +@@ -897,7 +903,7 @@ loop_check(const char **spec, const char **type, int *flags, *type = opt_vfstype; } @@ -384,27 +476,20 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/mount.c *loopfile = *spec; if (*loop) { -@@ -928,9 +935,17 @@ loop_check(const char **spec, const char +@@ -923,9 +929,10 @@ loop_check(const char **spec, const char **type, int *flags, return EX_SYSERR; /* no more loop devices */ if (verbose) printf(_("mount: going to use the loop device %s\n"), *loopdev); - + if (!keysz && opt_keybits) + keysz = strtoul(opt_keybits, NULL, 0); -+ if (opt_nohashpass) { -+ if(opt_phash && strcmp(opt_phash, "none")) { -+ error(_("mount: please specify either phash=%s or nohashpass\n"), opt_phash); -+ return EX_FAIL; -+ } -+ opt_phash = "none"; -+ } if ((res = set_loop(*loopdev, *loopfile, offset, - opt_encryption, pfd, &loopro))) { + opt_encryption, opt_phash, pfd, &loopro, keysz))) { if (res == 2) { /* loop dev has been grabbed by some other process, try again, if not given explicitly */ -@@ -1668,6 +1683,7 @@ static struct option longopts[] = { +@@ -1661,6 +1668,7 @@ static struct option longopts[] = { { "options", 1, 0, 'o' }, { "test-opts", 1, 0, 'O' }, { "pass-fd", 1, 0, 'p' }, @@ -412,7 +497,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/mount.c { "types", 1, 0, 't' }, { "bind", 0, 0, 128 }, { "move", 0, 0, 133 }, -@@ -1814,6 +1830,7 @@ main(int argc, char *argv[]) { +@@ -1807,6 +1815,7 @@ main(int argc, char *argv[]) { char *options = NULL, *test_opts = NULL, *node; const char *spec = NULL; char *label = NULL; @@ -420,7 +505,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/mount.c char *uuid = NULL; char *types = NULL; char *p; -@@ -1844,7 +1861,7 @@ main(int argc, char *argv[]) { +@@ -1837,7 +1846,7 @@ main(int argc, char *argv[]) { initproctitle(argc, argv); #endif @@ -429,7 +514,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/mount.c longopts, NULL)) != -1) { switch (c) { case 'a': /* mount everything in fstab */ -@@ -1862,6 +1879,9 @@ main(int argc, char *argv[]) { +@@ -1855,6 +1864,9 @@ main(int argc, char *argv[]) { case 'i': external_allowed = 0; break; @@ -439,7 +524,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/mount.c case 'l': list_with_volumelabel = 1; break; -@@ -1998,6 +2018,9 @@ main(int argc, char *argv[]) { +@@ -1991,6 +2003,9 @@ main(int argc, char *argv[]) { atexit(unlock_mtab); @@ -449,10 +534,22 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/mount.c switch (argc+specseen) { case 0: /* mount -a */ -Index: util-linux-ng-2.13.0.1+git20071121/mount/rmd160.c -=================================================================== +diff --git a/mount/my_dev_t.h b/mount/my_dev_t.h +new file mode 100644 +index 0000000..5c4c0a1 --- /dev/null -+++ util-linux-ng-2.13.0.1+git20071121/mount/rmd160.c ++++ b/mount/my_dev_t.h +@@ -0,0 +1,5 @@ ++/* silliness to get dev_t defined as the kernel defines it */ ++/* glibc uses a different dev_t */ ++ ++#include ++#define my_dev_t __kernel_old_dev_t +diff --git a/mount/rmd160.c b/mount/rmd160.c +new file mode 100644 +index 0000000..3430954 +--- /dev/null ++++ b/mount/rmd160.c @@ -0,0 +1,532 @@ +/* rmd160.c - RIPE-MD160 + * Copyright (C) 1998 Free Software Foundation, Inc. @@ -986,10 +1083,28 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/rmd160.c + rmd160_final( &hd ); + memcpy( outbuf, hd.buf, 20 ); +} -Index: util-linux-ng-2.13.0.1+git20071121/mount/sha512.c -=================================================================== +diff --git a/mount/rmd160.h b/mount/rmd160.h +new file mode 100644 +index 0000000..4b2c61d --- /dev/null -+++ util-linux-ng-2.13.0.1+git20071121/mount/sha512.c ++++ b/mount/rmd160.h +@@ -0,0 +1,11 @@ ++#ifndef RMD160_H ++#define RMD160_H ++ ++#define RMD160_HASH_SIZE 20 ++ ++void ++rmd160_hash_buffer( unsigned char *outbuf, const unsigned char *buffer, size_t length ); ++ ++#endif /*RMD160_H*/ ++ ++ +diff --git a/mount/sha512.c b/mount/sha512.c +new file mode 100644 +index 0000000..e4c9c13 +--- /dev/null ++++ b/mount/sha512.c @@ -0,0 +1,432 @@ +/* + * sha512.c @@ -1110,7 +1225,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/sha512.c + (((u_int32_t)(datap[2]))<<8 ) | ((u_int32_t)(datap[3])); + datap += 4; + } while(++j < 16); -+ ++ + /* initialize variables a...h */ + a = ctx->sha_H[0]; + b = ctx->sha_H[1]; @@ -1197,7 +1312,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/sha512.c + ctx->sha_out[62] = bitLength >> 8; + ctx->sha_out[63] = bitLength; + sha256_transform(ctx, &ctx->sha_out[0]); -+ ++ + /* return results in ctx->sha_out[0...31] */ + datap = &ctx->sha_out[0]; + j = 0; @@ -1267,7 +1382,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/sha512.c + (((u_int64_t)(datap[6]))<<8 ) | ((u_int64_t)(datap[7])); + datap += 8; + } while(++j < 16); -+ ++ + /* initialize variables a...h */ + a = ctx->sha_H[0]; + b = ctx->sha_H[1]; @@ -1364,7 +1479,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/sha512.c + ctx->sha_out[126] = bitLength >> 8; + ctx->sha_out[127] = bitLength; + sha512_transform(ctx, &ctx->sha_out[0]); -+ ++ + /* return results in ctx->sha_out[0...63] */ + datap = &ctx->sha_out[0]; + j = 0; @@ -1423,10 +1538,11 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/sha512.c + memset(&ctx, 0, sizeof(ctx)); +} +#endif -Index: util-linux-ng-2.13.0.1+git20071121/mount/sha512.h -=================================================================== +diff --git a/mount/sha512.h b/mount/sha512.h +new file mode 100644 +index 0000000..4b57c01 --- /dev/null -+++ util-linux-ng-2.13.0.1+git20071121/mount/sha512.h ++++ b/mount/sha512.h @@ -0,0 +1,45 @@ +/* + * sha512.h @@ -1473,15 +1589,6 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/sha512.h +/* no sha384_write(), use sha512_write() */ +/* no sha384_final(), use sha512_final(), result in ctx->sha_out[0...47] */ +extern void sha384_hash_buffer(const unsigned char *, size_t, unsigned char *, size_t); -Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.h -=================================================================== ---- util-linux-ng-2.13.0.1+git20071121.orig/mount/lomount.h -+++ util-linux-ng-2.13.0.1+git20071121/mount/lomount.h -@@ -1,5 +1,5 @@ --extern int set_loop(const char *, const char *, unsigned long long, -- const char *, int, int *); -+extern int set_loop(const char *device, const char *file, unsigned long long offset, -+ const char *encryption, const char* phash, int pfd, int *loopro, int keysz); - extern int del_loop(const char *); - extern int is_loop_device(const char *); - extern char * find_unused_loop_device(void); +-- +1.5.3.4 + diff --git a/util-linux.changes b/util-linux.changes index 035989b..37f5d54 100644 --- a/util-linux.changes +++ b/util-linux.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Thu Nov 29 17:51:17 CET 2007 - lnussel@suse.de + +- update crypto patch + * fix mount buffer overflow when reading the passphrase (#332148) + * add loop_fish2 compatability code to losetup/mount again (#332095) + * change default hash size for 128bit keys to sha256 again + + ------------------------------------------------------------------- Wed Nov 21 13:43:31 CET 2007 - mkoenig@suse.de diff --git a/util-linux.spec b/util-linux.spec index 9f6a7ba..09ad141 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -21,7 +21,7 @@ License: BSD 3-Clause; GPL v2 or later Group: System/Base AutoReqProv: on Version: 2.13.0.1+git20071121 -Release: 1 +Release: 5 Summary: A collection of basic system utilities Source: ftp://ftp.kernel.org/pub/linux/utils/util-linux/%name-ng-%version.tar.bz2 Source1: util-linux-2.13-rpmlintrc @@ -64,7 +64,7 @@ Patch5: util-linux-2.12r-fdisk_remove_bogus_warnings.patch # TODO: Needs to be ported to new version Patch38: util-linux-2.12r-mount_swapon_swsuspend_resume.patch # 304861 - support password hashing and key length -Patch10: util-linux-2.13-mount_losetup_crypto.patch +Patch10: util-linux-mount_losetup_crypto.patch Patch11: util-linux-2.13-mount_fd_leak.patch Patch12: util-linux-2.13-fdisk_cfdisk_ncursesw.patch ## @@ -557,7 +557,13 @@ fi #/usr/bin/i386 #/usr/bin/ia64 #%endif + %changelog +* Thu Nov 29 2007 - lnussel@suse.de +- update crypto patch + * fix mount buffer overflow when reading the passphrase (#332148) + * add loop_fish2 compatability code to losetup/mount again (#332095) + * change default hash size for 128bit keys to sha256 again * Wed Nov 21 2007 - mkoenig@suse.de - update to git20071121: add sector size check for mkfs.minix [#308256]