Update to cryptsetup 2.8.1.
Resolves: RHEL-96291
This commit is contained in:
Kristina Hanicova
parent
650cec047f
commit
3f66b81b6b
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
||||
/cryptsetup-2.7.5.tar.xz
|
||||
/cryptsetup-2.8.1.tar.xz
|
||||
|
||||
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmbW3FUACgkQ2bBXe9k+
|
||||
mPwFbA//ZmEE58/+S4mDszoVeBtJAZDpSd0UBm+R6JTqNjwGSQw2KQbRW+qXLWIj
|
||||
EUKd/xtW8iSDh+cqKFO12RN7BTHMHePt+qB8aw3L1WWbj2rQfLbEv+dQMg36Rweu
|
||||
AZMR69PDhD8JX2xVV2nD/rrQFHoNfKT9od83QHmaK/knwOvd7ZHJ2sOyMmZvCNE8
|
||||
N8/454ERiT8W9hnHxWjsGtkzr81ucGpjbZDYlINaeD728QR64HDHnAkReAHegJt8
|
||||
uAejzAz+BGNkSkUFeRLP+3zOYUKBW6Ex/OIBQ4m+rrAR/b3TVNwGPUUAbelHZJWN
|
||||
+jf+aPzo4Vv1v+Hl92CEbq29czpHyaLRrRNdhs57no7XdUkivJ+gdhr51xjaV9Zq
|
||||
HnANYLVT+O/PPfFaALg1Qp5hfmhVCaVPLK05ug2qj9jVF0jIahvQsEzq1YfLiZNT
|
||||
8UtAnV8ULA83GZlh1MDsuEp5815CKjs5dzpUpobStsVIZ6lkHabEFRfxr2Ae+7lw
|
||||
veqmpNLN1K5+yXA1L8e9BtoxRxeczIS3ImPlYvojpCFgkamwXPqCoI4wVOCbG/Pu
|
||||
5L1uDk1TAHEgmf4Iy31bPKLDQcv16aLV5S/w4fCWtybbBasax7qNqKTBAIZQp7o2
|
||||
C1hkxCcRxaNyMwEoof9myMjv9fn/0xidJ14GlgXpeANbq9jtXQo=
|
||||
=S6/S
|
||||
-----END PGP SIGNATURE-----
|
||||
16
cryptsetup-2.8.1.tar.sign
Normal file
16
cryptsetup-2.8.1.tar.sign
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmikPjAACgkQ2bBXe9k+
|
||||
mPzw4hAAqew2XZt7qfeHXNrx4Qx+5fh8J6kNBByMoBBBoNV778MUeE35hZ57L+0G
|
||||
fCRJTcWvZX9WUomSY3L/n1h/kGrk/G59clBNXyBo/VlqGy4TnDIyX/5RfN93Ysfr
|
||||
XzdZptH7PFLnhf6R9Y6bkRTCVdutW6WSW+CTeB6LnQHR97y2Jz/L+qTpExs9ujk9
|
||||
FMuMI2bO+i5QaisvAqS7/z0ba18xdgNqplj8DUFygtuJiUeshtW/RHBr21Y762Ut
|
||||
ZaliJbkww/XbI0CVyjoT0OrgRIpqr1tb1AwPNCU81MgCrB5q5pYOdcGkuRGIGKSG
|
||||
+BC2qrHqlbNIu8SOu6JZ7mq2gkiyzz+Gg7AuKsvV9HPFkFEd40SIE2xNMxgwZtwB
|
||||
jW9d07Cg90qGcKLqESwb5bNXRFxw8aBXHaaZraC5mAoYfOXaQAL+FlBtbcsADoFy
|
||||
7TJEDyqC47nRB7dC0c8Cd7rqZ7nFWenf7oPXK87wFDIRDdv7OTtwD03fQdhy7j6N
|
||||
+jX1vVH/xRDpEpcUTQyuo3CO/gN5w2TWPKHYFBkAV3qvQOTLKZXQCxyYNfSBfFmJ
|
||||
IyeRPYb/Euk46jX+xpCeoP540YAL6BoLTHyis5wjjM9jTXTMKFa5ZivrMlWaRKS5
|
||||
pp4EIpJlxuE8kGmKvMgPO3kgS4w3akjNpfdkeRWAPKaVVMzBY1Y=
|
||||
=tRD6
|
||||
-----END PGP SIGNATURE-----
|
||||
@ -1,23 +1,23 @@
|
||||
From 293abb5435e2b4bec7f8333fb11c88d5c1f45800 Mon Sep 17 00:00:00 2001
|
||||
From 48af2c543e4bee3dff9bd95529bbf45106aa457e Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Kozina <okozina@redhat.com>
|
||||
Date: Mon, 5 Dec 2022 13:35:24 +0100
|
||||
Subject: [PATCH 3/3] Add FIPS related error message in keyslot add code.
|
||||
Subject: [PATCH] Add FIPS related error message in keyslot add code.
|
||||
|
||||
Add hints on what went wrong when creating new LUKS
|
||||
keyslots. The hint is printed only in FIPS mode and
|
||||
when pbkdf2 failed with passphrase shorter than 8
|
||||
bytes.
|
||||
---
|
||||
lib/luks1/keymanage.c | 5 ++++-
|
||||
lib/luks1/keymanage.c | 2 ++
|
||||
lib/luks2/luks2_keyslot_luks2.c | 2 ++
|
||||
2 files changed, 6 insertions(+), 1 deletion(-)
|
||||
2 files changed, 4 insertions(+)
|
||||
|
||||
Index: cryptsetup-2.7.2/lib/luks1/keymanage.c
|
||||
===================================================================
|
||||
--- cryptsetup-2.7.2.orig/lib/luks1/keymanage.c
|
||||
+++ cryptsetup-2.7.2/lib/luks1/keymanage.c
|
||||
@@ -926,6 +926,8 @@ int LUKS_set_key(unsigned int keyIndex,
|
||||
derived_key->key, hdr->keyBytes,
|
||||
diff --git a/lib/luks1/keymanage.c b/lib/luks1/keymanage.c
|
||||
index 37929810..a7ef0a25 100644
|
||||
--- a/lib/luks1/keymanage.c
|
||||
+++ b/lib/luks1/keymanage.c
|
||||
@@ -916,6 +916,8 @@ int LUKS_set_key(unsigned int keyIndex,
|
||||
derived_key, hdr->keyBytes,
|
||||
hdr->keyblock[keyIndex].passwordIterations, 0, 0);
|
||||
if (r < 0) {
|
||||
+ if (crypt_fips_mode() && passwordLen < 8)
|
||||
@ -25,16 +25,19 @@ Index: cryptsetup-2.7.2/lib/luks1/keymanage.c
|
||||
if ((crypt_backend_flags() & CRYPT_BACKEND_PBKDF2_INT) &&
|
||||
hdr->keyblock[keyIndex].passwordIterations > INT_MAX)
|
||||
log_err(ctx, _("PBKDF2 iteration value overflow."));
|
||||
Index: cryptsetup-2.7.2/lib/luks2/luks2_keyslot_luks2.c
|
||||
===================================================================
|
||||
--- cryptsetup-2.7.2.orig/lib/luks2/luks2_keyslot_luks2.c
|
||||
+++ cryptsetup-2.7.2/lib/luks2/luks2_keyslot_luks2.c
|
||||
@@ -269,6 +269,8 @@ static int luks2_keyslot_set_key(struct
|
||||
pbkdf.iterations > INT_MAX)
|
||||
diff --git a/lib/luks2/luks2_keyslot_luks2.c b/lib/luks2/luks2_keyslot_luks2.c
|
||||
index ec68236c..f309125d 100644
|
||||
--- a/lib/luks2/luks2_keyslot_luks2.c
|
||||
+++ b/lib/luks2/luks2_keyslot_luks2.c
|
||||
@@ -260,6 +260,8 @@ static int luks2_keyslot_set_key(struct crypt_device *cd,
|
||||
log_err(cd, _("PBKDF2 iteration value overflow."));
|
||||
crypt_free_volume_key(derived_key);
|
||||
if (r == -ENOMEM)
|
||||
log_err(cd, _("Not enough memory for keyslot key derivation."));
|
||||
+ if (crypt_fips_mode() && passwordLen < 8 && !strcmp(pbkdf.type, "pbkdf2"))
|
||||
+ log_err(cd, _("Invalid passphrase for PBKDF2 in FIPS mode."));
|
||||
return r;
|
||||
goto out;
|
||||
}
|
||||
|
||||
--
|
||||
2.50.1
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: Utility for setting up encrypted disks
|
||||
Name: cryptsetup
|
||||
Version: 2.7.5
|
||||
Release: 2%{?dist}
|
||||
Version: 2.8.1
|
||||
Release: 1%{?dist}
|
||||
License: GPL-2.0-or-later WITH cryptsetup-OpenSSL-exception AND LGPL-2.1-or-later WITH cryptsetup-OpenSSL-exception
|
||||
URL: https://gitlab.com/cryptsetup/cryptsetup
|
||||
BuildRequires: autoconf, automake, libtool, gettext-devel,
|
||||
@ -16,7 +16,7 @@ Obsoletes: %{name}-reencrypt <= %{version}
|
||||
Provides: %{name}-reencrypt = %{version}
|
||||
|
||||
%global upstream_version %{version_no_tilde}
|
||||
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-%{upstream_version}.tar.xz
|
||||
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.8/cryptsetup-%{upstream_version}.tar.xz
|
||||
|
||||
# Following patch has to applied last
|
||||
Patch0001: %{name}-Add-FIPS-related-error-message-in-keyslot-add-code.patch
|
||||
@ -102,13 +102,17 @@ rm -rf %{buildroot}%{_libdir}/%{name}/*.la
|
||||
%{_libdir}/pkgconfig/libcryptsetup.pc
|
||||
|
||||
%files libs -f cryptsetup.lang
|
||||
%license COPYING COPYING.LGPL
|
||||
%license COPYING docs/licenses/COPYING.LGPL-2.1-or-later-WITH-cryptsetup-OpenSSL-exception
|
||||
%{_libdir}/libcryptsetup.so.*
|
||||
%dir %{_libdir}/%{name}/
|
||||
%{_tmpfilesdir}/cryptsetup.conf
|
||||
%ghost %attr(700, -, -) %dir /run/cryptsetup
|
||||
|
||||
%changelog
|
||||
* Wed Sep 03 2025 Kristina Hanicova <khanicov@redhat.com> - 2.8.1-1
|
||||
- Update to cryptsetup 2.8.1
|
||||
- Resolves: RHEL-96291
|
||||
|
||||
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.7.5-2
|
||||
- Bump release for October 2024 mass rebuild:
|
||||
Resolves: RHEL-64018
|
||||
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (cryptsetup-2.7.5.tar.xz) = 13eca93cdb00a143d2ca60b6f66ede5adc4072ca0c4bfebd8454a3541e69d269fcdb4afc97ad799e87a999b2bd46c1f31fa924a3d616d72a3337970b1e718d55
|
||||
SHA512 (cryptsetup-2.8.1.tar.xz) = a5171e18c55bfbc57330f2d46ab06b5ac6957392a77aef74c3d1c5295eb39962d1db19ddd3420ea1154d730b361d09e72bf5315c7a3d56eb36cee9c2531bca5d
|
||||
|
||||
Loading…
Reference in New Issue
Block a user