import cryptsetup-2.4.3-1.el9
This commit is contained in:
		
							parent
							
								
									ebeecff70c
								
							
						
					
					
						commit
						308e9576ca
					
				| @ -1 +1 @@ | ||||
| 8f25d5d69a4724e08e75697c82ce80a292d69b30 SOURCES/cryptsetup-2.4.1.tar.xz | ||||
| 1597b4642a9ef6b73ad191516f26bd2292055680 SOURCES/cryptsetup-2.4.3.tar.xz | ||||
|  | ||||
							
								
								
									
										2
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							| @ -1 +1 @@ | ||||
| SOURCES/cryptsetup-2.4.1.tar.xz | ||||
| SOURCES/cryptsetup-2.4.3.tar.xz | ||||
|  | ||||
| @ -1,48 +0,0 @@ | ||||
| From 10b1d6493e3be04953ac9f65d2b2d992ab87bdde Mon Sep 17 00:00:00 2001 | ||||
| From: Milan Broz <gmazyland@gmail.com> | ||||
| Date: Tue, 21 Sep 2021 15:54:07 +0200 | ||||
| Subject: [PATCH 2/7] Check if DM create device failed in an early phase. | ||||
| 
 | ||||
| This happens when concurrent creation of DM devices meets | ||||
| in the very early state (no device node exists but creation fails). | ||||
| 
 | ||||
| Return -ENODEV here instead of -EINVAL. | ||||
| 
 | ||||
| (Should "fix" random verity concurrent test failure.) | ||||
| ---
 | ||||
|  lib/libdevmapper.c | 11 ++++------- | ||||
|  1 file changed, 4 insertions(+), 7 deletions(-) | ||||
| 
 | ||||
| diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c
 | ||||
| index 09fd9588..1594f877 100644
 | ||||
| --- a/lib/libdevmapper.c
 | ||||
| +++ b/lib/libdevmapper.c
 | ||||
| @@ -1346,12 +1346,6 @@ err:
 | ||||
|  	return r; | ||||
|  } | ||||
|   | ||||
| -static bool dm_device_exists(struct crypt_device *cd, const char *name)
 | ||||
| -{
 | ||||
| -	int r = dm_status_device(cd, name);
 | ||||
| -	return (r >= 0 || r == -EEXIST);
 | ||||
| -}
 | ||||
| -
 | ||||
|  static int _dm_create_device(struct crypt_device *cd, const char *name, const char *type, | ||||
|  			     struct crypt_dm_active_device *dmd) | ||||
|  { | ||||
| @@ -1402,8 +1396,11 @@ static int _dm_create_device(struct crypt_device *cd, const char *name, const ch
 | ||||
|  		goto out; | ||||
|   | ||||
|  	if (!dm_task_run(dmt)) { | ||||
| -		if (dm_device_exists(cd, name))
 | ||||
| +		r = dm_status_device(cd, name);;
 | ||||
| +		if (r >= 0)
 | ||||
|  			r = -EEXIST; | ||||
| +		if (r != -EEXIST && r != -ENODEV)
 | ||||
| +			r = -EINVAL;
 | ||||
|  		goto out; | ||||
|  	} | ||||
|   | ||||
| -- 
 | ||||
| 2.27.0 | ||||
| 
 | ||||
| @ -1,53 +0,0 @@ | ||||
| From a76310b53fbb117e620f2c37350b68dd267f1088 Mon Sep 17 00:00:00 2001 | ||||
| From: Milan Broz <gmazyland@gmail.com> | ||||
| Date: Mon, 20 Sep 2021 17:42:20 +0200 | ||||
| Subject: [PATCH 1/7] Do not try to set compiler optimization flag if wipe is | ||||
|  implemented in libc. | ||||
| 
 | ||||
| If zeroing memory is implemented through libc call (like memset_bzero), | ||||
| compiler should never remove such call. It is not needed to set O0 | ||||
| optimization flag explicitly. | ||||
| 
 | ||||
| Various checkers like annocheck causes problems with these flags, | ||||
| just remove it where it makes no sense. | ||||
| 
 | ||||
| (Moreover, we use the same pattern without compiler magic | ||||
| in crypt_backend_memzero() already.) | ||||
| ---
 | ||||
|  lib/crypto_backend/argon2/core.c | 10 ++++++++-- | ||||
|  1 file changed, 8 insertions(+), 2 deletions(-) | ||||
| 
 | ||||
| diff --git a/lib/crypto_backend/argon2/core.c b/lib/crypto_backend/argon2/core.c
 | ||||
| index b204ba98..db9a7741 100644
 | ||||
| --- a/lib/crypto_backend/argon2/core.c
 | ||||
| +++ b/lib/crypto_backend/argon2/core.c
 | ||||
| @@ -120,18 +120,24 @@ void free_memory(const argon2_context *context, uint8_t *memory,
 | ||||
|      } | ||||
|  } | ||||
|   | ||||
| -void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) {
 | ||||
|  #if defined(_MSC_VER) && VC_GE_2005(_MSC_VER) | ||||
| +void secure_wipe_memory(void *v, size_t n) {
 | ||||
|      SecureZeroMemory(v, n); | ||||
| +}
 | ||||
|  #elif defined memset_s | ||||
| +void secure_wipe_memory(void *v, size_t n) {
 | ||||
|      memset_s(v, n, 0, n); | ||||
| +}
 | ||||
|  #elif defined(HAVE_EXPLICIT_BZERO) | ||||
| +void secure_wipe_memory(void *v, size_t n) {
 | ||||
|      explicit_bzero(v, n); | ||||
| +}
 | ||||
|  #else | ||||
| +void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) {
 | ||||
|      static void *(*const volatile memset_sec)(void *, int, size_t) = &memset; | ||||
|      memset_sec(v, 0, n); | ||||
| -#endif
 | ||||
|  } | ||||
| +#endif
 | ||||
|   | ||||
|  /* Memory clear flag defaults to true. */ | ||||
|  int FLAG_clear_internal_memory = 1; | ||||
| -- 
 | ||||
| 2.27.0 | ||||
| 
 | ||||
							
								
								
									
										12
									
								
								SOURCES/cryptsetup-2.5.0-Fix-typo-in-repair-prompt.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								SOURCES/cryptsetup-2.5.0-Fix-typo-in-repair-prompt.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,12 @@ | ||||
| diff -rupN cryptsetup-2.4.3.old/src/cryptsetup.c cryptsetup-2.4.3/src/cryptsetup.c
 | ||||
| --- cryptsetup-2.4.3.old/src/cryptsetup.c	2022-01-21 13:14:56.864817351 +0100
 | ||||
| +++ cryptsetup-2.4.3/src/cryptsetup.c	2022-01-21 13:15:15.579947027 +0100
 | ||||
| @@ -1188,7 +1188,7 @@ static int reencrypt_metadata_repair(str
 | ||||
|  		       _("Operation aborted.\n"))) | ||||
|  		return -EINVAL; | ||||
|   | ||||
| -	r = tools_get_key(_("Enter passphrase to protect and uppgrade reencryption metadata: "),
 | ||||
| +	r = tools_get_key(_("Enter passphrase to protect and upgrade reencryption metadata: "),
 | ||||
|  			  &password, &passwordLen, ARG_UINT64(OPT_KEYFILE_OFFSET_ID), | ||||
|  			  ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID), ARG_UINT32(OPT_TIMEOUT_ID), | ||||
|  			  _verify_passphrase(0), 0, cd); | ||||
| @ -1,6 +1,6 @@ | ||||
| Summary: Utility for setting up encrypted disks | ||||
| Name: cryptsetup | ||||
| Version: 2.4.1 | ||||
| Version: 2.4.3 | ||||
| Release: 1%{?dist} | ||||
| License: GPLv2+ and LGPLv2+ | ||||
| URL: https://gitlab.com/cryptsetup/cryptsetup | ||||
| @ -14,8 +14,7 @@ Requires: libpwquality >= 1.2.0 | ||||
| %global upstream_version %{version} | ||||
| Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{upstream_version}.tar.xz | ||||
| # Following patch has to applied last | ||||
| Patch0000: %{name}-2.4.2-Do-not-try-to-set-compiler-optimization-flag-if-wipe.patch | ||||
| Patch0001: %{name}-2.4.2-Check-if-DM-create-device-failed-in-an-early-phase.patch | ||||
| Patch0000: %{name}-2.5.0-Fix-typo-in-repair-prompt.patch | ||||
| Patch9999: %{name}-add-system-library-paths.patch | ||||
| 
 | ||||
| %description | ||||
| @ -113,6 +112,11 @@ rm -rf %{buildroot}%{_libdir}/*.la | ||||
| %ghost %attr(700, -, -) %dir /run/cryptsetup | ||||
| 
 | ||||
| %changelog | ||||
| * Fri Jan 21 2022 Ondrej Kozina <okozina@redhat.com> - 2.4.3-1 | ||||
| - Update to cryptsetup 2.4.3. | ||||
| - patch: Fix typo in repair command prompt. | ||||
|   Resolves: #2022309 #2023316 #2032782 | ||||
| 
 | ||||
| * Wed Sep 29 2021 Ondrej Kozina <okozina@redhat.com> - 2.4.1-1 | ||||
| - Update to cryptsetup 2.4.1. | ||||
|   Resolves: #2005035 #2005877 | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user