rpms/cryptsetup
5
0
Fork 0
Code Issues Pull Requests Releases Activity

import cryptsetup-2.4.3-1.el9

Browse Source
This commit is contained in:
CentOS Sources 2022-03-01 08:05:52 -05:00 committed by Stepan Oksanichenko
parent ebeecff70c
commit 308e9576ca
6 changed files with 21 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cryptsetup.metadata
View File

@ -1 +1 @@
8f25d5d69a4724e08e75697c82ce80a292d69b30 SOURCES/cryptsetup-2.4.1.tar.xz
1597b4642a9ef6b73ad191516f26bd2292055680 SOURCES/cryptsetup-2.4.3.tar.xz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/cryptsetup-2.4.1.tar.xz
SOURCES/cryptsetup-2.4.3.tar.xz

48
SOURCES/cryptsetup-2.4.2-Check-if-DM-create-device-failed-in-an-early-phase.patch
View File

@ -1,48 +0,0 @@
From 10b1d6493e3be04953ac9f65d2b2d992ab87bdde Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Tue, 21 Sep 2021 15:54:07 +0200
Subject: [PATCH 2/7] Check if DM create device failed in an early phase.
This happens when concurrent creation of DM devices meets
in the very early state (no device node exists but creation fails).
Return -ENODEV here instead of -EINVAL.
(Should "fix" random verity concurrent test failure.)
---
lib/libdevmapper.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c
index 09fd9588..1594f877 100644
--- a/lib/libdevmapper.c
+++ b/lib/libdevmapper.c
@@ -1346,12 +1346,6 @@ err:
return r;
}
-static bool dm_device_exists(struct crypt_device *cd, const char *name)
-{
- int r = dm_status_device(cd, name);
- return (r >= 0 || r == -EEXIST);
-}
-
static int _dm_create_device(struct crypt_device *cd, const char *name, const char *type,
struct crypt_dm_active_device *dmd)
{
@@ -1402,8 +1396,11 @@ static int _dm_create_device(struct crypt_device *cd, const char *name, const ch
goto out;
if (!dm_task_run(dmt)) {
- if (dm_device_exists(cd, name))
+ r = dm_status_device(cd, name);;
+ if (r >= 0)
r = -EEXIST;
+ if (r != -EEXIST && r != -ENODEV)
+ r = -EINVAL;
goto out;
}
--
2.27.0

53
SOURCES/cryptsetup-2.4.2-Do-not-try-to-set-compiler-optimization-flag-if-wipe.patch
View File

@ -1,53 +0,0 @@
From a76310b53fbb117e620f2c37350b68dd267f1088 Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Mon, 20 Sep 2021 17:42:20 +0200
Subject: [PATCH 1/7] Do not try to set compiler optimization flag if wipe is
implemented in libc.
If zeroing memory is implemented through libc call (like memset_bzero),
compiler should never remove such call. It is not needed to set O0
optimization flag explicitly.
Various checkers like annocheck causes problems with these flags,
just remove it where it makes no sense.
(Moreover, we use the same pattern without compiler magic
in crypt_backend_memzero() already.)
---
lib/crypto_backend/argon2/core.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/lib/crypto_backend/argon2/core.c b/lib/crypto_backend/argon2/core.c
index b204ba98..db9a7741 100644
--- a/lib/crypto_backend/argon2/core.c
+++ b/lib/crypto_backend/argon2/core.c
@@ -120,18 +120,24 @@ void free_memory(const argon2_context *context, uint8_t *memory,
}
}
-void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) {
#if defined(_MSC_VER) && VC_GE_2005(_MSC_VER)
+void secure_wipe_memory(void *v, size_t n) {
SecureZeroMemory(v, n);
+}
#elif defined memset_s
+void secure_wipe_memory(void *v, size_t n) {
memset_s(v, n, 0, n);
+}
#elif defined(HAVE_EXPLICIT_BZERO)
+void secure_wipe_memory(void *v, size_t n) {
explicit_bzero(v, n);
+}
#else
+void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) {
static void *(*const volatile memset_sec)(void *, int, size_t) = &memset;
memset_sec(v, 0, n);
-#endif
}
+#endif
/* Memory clear flag defaults to true. */
int FLAG_clear_internal_memory = 1;
--
2.27.0

12
SOURCES/cryptsetup-2.5.0-Fix-typo-in-repair-prompt.patch Normal file
View File

@ -0,0 +1,12 @@
diff -rupN cryptsetup-2.4.3.old/src/cryptsetup.c cryptsetup-2.4.3/src/cryptsetup.c
--- cryptsetup-2.4.3.old/src/cryptsetup.c 2022-01-21 13:14:56.864817351 +0100
+++ cryptsetup-2.4.3/src/cryptsetup.c 2022-01-21 13:15:15.579947027 +0100
@@ -1188,7 +1188,7 @@ static int reencrypt_metadata_repair(str
_("Operation aborted.\n")))
return -EINVAL;
- r = tools_get_key(_("Enter passphrase to protect and uppgrade reencryption metadata: "),
+ r = tools_get_key(_("Enter passphrase to protect and upgrade reencryption metadata: "),
&password, &passwordLen, ARG_UINT64(OPT_KEYFILE_OFFSET_ID),
ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID), ARG_UINT32(OPT_TIMEOUT_ID),
_verify_passphrase(0), 0, cd);

10
SPECS/cryptsetup.spec
View File

@ -1,6 +1,6 @@
Summary: Utility for setting up encrypted disks
Name: cryptsetup
Version: 2.4.1
Version: 2.4.3
Release: 1%{?dist}
License: GPLv2+ and LGPLv2+
URL: https://gitlab.com/cryptsetup/cryptsetup
@ -14,8 +14,7 @@ Requires: libpwquality >= 1.2.0
%global upstream_version %{version}
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{upstream_version}.tar.xz
# Following patch has to applied last
Patch0000: %{name}-2.4.2-Do-not-try-to-set-compiler-optimization-flag-if-wipe.patch
Patch0001: %{name}-2.4.2-Check-if-DM-create-device-failed-in-an-early-phase.patch
Patch0000: %{name}-2.5.0-Fix-typo-in-repair-prompt.patch
Patch9999: %{name}-add-system-library-paths.patch
%description
@ -113,6 +112,11 @@ rm -rf %{buildroot}%{_libdir}/*.la
%ghost %attr(700, -, -) %dir /run/cryptsetup
%changelog
* Fri Jan 21 2022 Ondrej Kozina <okozina@redhat.com> - 2.4.3-1
- Update to cryptsetup 2.4.3.
- patch: Fix typo in repair command prompt.
Resolves: #2022309 #2023316 #2032782
* Wed Sep 29 2021 Ondrej Kozina <okozina@redhat.com> - 2.4.1-1
- Update to cryptsetup 2.4.1.
Resolves: #2005035 #2005877