import cryptsetup-2.4.3-1.el9

.cryptsetup.metadata

@@ -1 +1 @@
-8f25d5d69a4724e08e75697c82ce80a292d69b30 SOURCES/cryptsetup-2.4.1.tar.xz
+1597b4642a9ef6b73ad191516f26bd2292055680 SOURCES/cryptsetup-2.4.3.tar.xz

.gitignore

@@ -1 +1 @@
-SOURCES/cryptsetup-2.4.1.tar.xz
+SOURCES/cryptsetup-2.4.3.tar.xz

SOURCES/cryptsetup-2.4.2-Check-if-DM-create-device-failed-in-an-early-phase.patch

@@ -1,48 +0,0 @@
-From 10b1d6493e3be04953ac9f65d2b2d992ab87bdde Mon Sep 17 00:00:00 2001
-From: Milan Broz <gmazyland@gmail.com>
-Date: Tue, 21 Sep 2021 15:54:07 +0200
-Subject: [PATCH 2/7] Check if DM create device failed in an early phase.
-
-This happens when concurrent creation of DM devices meets
-in the very early state (no device node exists but creation fails).
-
-Return -ENODEV here instead of -EINVAL.
-
-(Should "fix" random verity concurrent test failure.)
----
- lib/libdevmapper.c | 11 ++++-------
- 1 file changed, 4 insertions(+), 7 deletions(-)
-
-diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c
-index 09fd9588..1594f877 100644
---- a/lib/libdevmapper.c
-+++ b/lib/libdevmapper.c
-@@ -1346,12 +1346,6 @@ err:
- 	return r;
- }
- 
--static bool dm_device_exists(struct crypt_device *cd, const char *name)
--{
--	int r = dm_status_device(cd, name);
--	return (r >= 0 || r == -EEXIST);
--}
--
- static int _dm_create_device(struct crypt_device *cd, const char *name, const char *type,
- 			     struct crypt_dm_active_device *dmd)
- {
-@@ -1402,8 +1396,11 @@ static int _dm_create_device(struct crypt_device *cd, const char *name, const ch
- 		goto out;
- 
- 	if (!dm_task_run(dmt)) {
--		if (dm_device_exists(cd, name))
-+		r = dm_status_device(cd, name);;
-+		if (r >= 0)
- 			r = -EEXIST;
-+		if (r != -EEXIST && r != -ENODEV)
-+			r = -EINVAL;
- 		goto out;
- 	}
- 
--- 
-2.27.0
-

SOURCES/cryptsetup-2.4.2-Do-not-try-to-set-compiler-optimization-flag-if-wipe.patch

@@ -1,53 +0,0 @@
-From a76310b53fbb117e620f2c37350b68dd267f1088 Mon Sep 17 00:00:00 2001
-From: Milan Broz <gmazyland@gmail.com>
-Date: Mon, 20 Sep 2021 17:42:20 +0200
-Subject: [PATCH 1/7] Do not try to set compiler optimization flag if wipe is
- implemented in libc.
-
-If zeroing memory is implemented through libc call (like memset_bzero),
-compiler should never remove such call. It is not needed to set O0
-optimization flag explicitly.
-
-Various checkers like annocheck causes problems with these flags,
-just remove it where it makes no sense.
-
-(Moreover, we use the same pattern without compiler magic
-in crypt_backend_memzero() already.)
----
- lib/crypto_backend/argon2/core.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/lib/crypto_backend/argon2/core.c b/lib/crypto_backend/argon2/core.c
-index b204ba98..db9a7741 100644
---- a/lib/crypto_backend/argon2/core.c
-+++ b/lib/crypto_backend/argon2/core.c
-@@ -120,18 +120,24 @@ void free_memory(const argon2_context *context, uint8_t *memory,
-     }
- }
- 
--void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) {
- #if defined(_MSC_VER) && VC_GE_2005(_MSC_VER)
-+void secure_wipe_memory(void *v, size_t n) {
-     SecureZeroMemory(v, n);
-+}
- #elif defined memset_s
-+void secure_wipe_memory(void *v, size_t n) {
-     memset_s(v, n, 0, n);
-+}
- #elif defined(HAVE_EXPLICIT_BZERO)
-+void secure_wipe_memory(void *v, size_t n) {
-     explicit_bzero(v, n);
-+}
- #else
-+void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) {
-     static void *(*const volatile memset_sec)(void *, int, size_t) = &memset;
-     memset_sec(v, 0, n);
--#endif
- }
-+#endif
- 
- /* Memory clear flag defaults to true. */
- int FLAG_clear_internal_memory = 1;
--- 
-2.27.0
-

SOURCES/cryptsetup-2.5.0-Fix-typo-in-repair-prompt.patch

@@ -0,0 +1,12 @@
+diff -rupN cryptsetup-2.4.3.old/src/cryptsetup.c cryptsetup-2.4.3/src/cryptsetup.c
+--- cryptsetup-2.4.3.old/src/cryptsetup.c	2022-01-21 13:14:56.864817351 +0100
++++ cryptsetup-2.4.3/src/cryptsetup.c	2022-01-21 13:15:15.579947027 +0100
+@@ -1188,7 +1188,7 @@ static int reencrypt_metadata_repair(str
+ 		       _("Operation aborted.\n")))
+ 		return -EINVAL;
+ 
+-	r = tools_get_key(_("Enter passphrase to protect and uppgrade reencryption metadata: "),
++	r = tools_get_key(_("Enter passphrase to protect and upgrade reencryption metadata: "),
+ 			  &password, &passwordLen, ARG_UINT64(OPT_KEYFILE_OFFSET_ID),
+ 			  ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID), ARG_UINT32(OPT_TIMEOUT_ID),
+ 			  _verify_passphrase(0), 0, cd);

SPECS/cryptsetup.spec

@@ -1,6 +1,6 @@
 Summary: Utility for setting up encrypted disks
 Name: cryptsetup
-Version: 2.4.1
+Version: 2.4.3
 Release: 1%{?dist}
 License: GPLv2+ and LGPLv2+
 URL: https://gitlab.com/cryptsetup/cryptsetup
@@ -14,8 +14,7 @@ Requires: libpwquality >= 1.2.0
 %global upstream_version %{version}
 Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{upstream_version}.tar.xz
 # Following patch has to applied last
-Patch0000: %{name}-2.4.2-Do-not-try-to-set-compiler-optimization-flag-if-wipe.patch
+Patch0000: %{name}-2.5.0-Fix-typo-in-repair-prompt.patch
-Patch0001: %{name}-2.4.2-Check-if-DM-create-device-failed-in-an-early-phase.patch
 Patch9999: %{name}-add-system-library-paths.patch
 
 %description
@@ -113,6 +112,11 @@ rm -rf %{buildroot}%{_libdir}/*.la
 %ghost %attr(700, -, -) %dir /run/cryptsetup
 
 %changelog
+* Fri Jan 21 2022 Ondrej Kozina <okozina@redhat.com> - 2.4.3-1
+- Update to cryptsetup 2.4.3.
+- patch: Fix typo in repair command prompt.
+  Resolves: #2022309 #2023316 #2032782
+
 * Wed Sep 29 2021 Ondrej Kozina <okozina@redhat.com> - 2.4.1-1
 - Update to cryptsetup 2.4.1.
   Resolves: #2005035 #2005877