rpms/cryptsetup
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Backport upstream changes to disallow images with invalid CAPI cipher.

Browse Source 
- Resolves: #2212771
This commit is contained in:
Daniel Zatovic 2023-06-30 14:00:38 +02:00
parent c295d04e45
commit 149624426e
3 changed files with 25 additions and 2623 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2631
cryptsetup-2.7.0-Fix-activation-of-LUKS2-with-capi-format-cipher-and-.patch
View File

File diff suppressed because it is too large Load Diff

15
cryptsetup.spec
View File

@ -1,7 +1,7 @@
Summary: Utility for setting up encrypted disks Summary: Utility for setting up encrypted disks
Name: cryptsetup Name: cryptsetup
Version: 2.6.0 Version: 2.6.0
Release: 2%{?dist} Release: 3%{?dist}
License: GPLv2+ and LGPLv2+ License: GPLv2+ and LGPLv2+
URL: https://gitlab.com/cryptsetup/cryptsetup URL: https://gitlab.com/cryptsetup/cryptsetup
BuildRequires: openssl-devel, popt-devel, device-mapper-devel BuildRequires: openssl-devel, popt-devel, device-mapper-devel
@ -26,6 +26,11 @@ Patch0000: %{name}-2.6.1-Run-PBKDF-benchmark-with-8-bytes-long-well-known-pas.pa
Patch0001: %{name}-2.6.1-Change-tests-to-use-passphrases-with-minimal-8-chars.patch Patch0001: %{name}-2.6.1-Change-tests-to-use-passphrases-with-minimal-8-chars.patch
Patch0002: %{name}-2.6.1-Enable-crypt_header_is_detached-for-empty-contexts.patch Patch0002: %{name}-2.6.1-Enable-crypt_header_is_detached-for-empty-contexts.patch
Patch0003: %{name}-2.6.1-Abort-encryption-when-header-and-data-devices-are-sa.patch Patch0003: %{name}-2.6.1-Abort-encryption-when-header-and-data-devices-are-sa.patch
Patch0004: %{name}-2.7.0-Disallow-use-of-internal-kenrel-crypto-driver-names-.patch
Patch0005: %{name}-2.7.0-Also-disallow-active-devices-with-internal-kernel-na.patch
Patch0006: %{name}-2.7.0-Fix-init_by_name-to-allow-unknown-cipher-format-in-d.patch
Patch0007: %{name}-2.7.0-Fix-reencryption-to-fail-properly-for-unknown-cipher.patch
Patch0008: %{name}-2.7.0-Fix-activation-of-LUKS2-with-capi-format-cipher-and-.patch
Patch9998: %{name}-Add-FIPS-related-error-message-in-keyslot-add-code.patch Patch9998: %{name}-Add-FIPS-related-error-message-in-keyslot-add-code.patch
Patch9999: %{name}-add-system-library-paths.patch Patch9999: %{name}-add-system-library-paths.patch
@ -111,6 +116,14 @@ rm -rf %{buildroot}%{_libdir}/*.la
%ghost %attr(700, -, -) %dir /run/cryptsetup %ghost %attr(700, -, -) %dir /run/cryptsetup
%changelog %changelog
* Fri Jun 30 2023 Daniel Zatovic <dzatovic@redhat.com> - 2.6.0-3
- patch: Disallow use of internal kenrel crypto driver names in "capi"
- patch: Also disallow active devices with internal kernel names
- patch: Fix init_by_name to allow unknown cipher format in dm-crypt
- patch: Fix reencryption to fail properly for unknown cipher
- patch: Fix activation of LUKS2 with capi format cipher and kernel
- Resolves: #2212771
* Wed Dec 14 2022 Daniel Zatovic <dzatovic@redhat.com> - 2.6.0-2 * Wed Dec 14 2022 Daniel Zatovic <dzatovic@redhat.com> - 2.6.0-2
- Fix FIPS related bugs. - Fix FIPS related bugs.
- Abort encryption when header and data devices are same. - Abort encryption when header and data devices are same.

2
sources
View File

@ -1,2 +1,2 @@
SHA512 (tests.tar.xz) = 0227dd25d76c50f415a14773d1dcee74dd761e642a6920dbc62e2aec86cf2d612190802a276c8eab79243ffb472c412b32a419af07d6b3147ad99b43cb57726e SHA512 (tests.tar.xz) = 6365003e6308c88c68416166fdd9c802c1d47dc3f51692918b941369ff014d4127385821ab1f9cc6ab7cc7f5b9b846c9788f548315350c181619a4a5e47f3355
SHA512 (cryptsetup-2.6.0.tar.xz) = 64d7b318b58fe96143ac7a12476852a38cc30126ef431b4687d0f3f399d56f6569c716e0311cfc2802e4f025520ee41edc17c82c2421da7cc56788478e646983 SHA512 (cryptsetup-2.6.0.tar.xz) = 64d7b318b58fe96143ac7a12476852a38cc30126ef431b4687d0f3f399d56f6569c716e0311cfc2802e4f025520ee41edc17c82c2421da7cc56788478e646983