From 3f66b81b6beb05209ec922960156b3d4502dea5b Mon Sep 17 00:00:00 2001
From: Kristina Hanicova <khanicov@redhat.com>
Date: Wed, 3 Sep 2025 11:23:03 +0200
Subject: [PATCH] Update to cryptsetup 2.8.1.

Resolves: RHEL-96291
---
 .gitignore                                    |  1 +
 cryptsetup-2.7.5.tar.sign                     | 16 --------
 cryptsetup-2.8.1.tar.sign                     | 16 ++++++++
 ...ed-error-message-in-keyslot-add-code.patch | 39 ++++++++++---------
 cryptsetup.spec                               | 12 ++++--
 sources                                       |  2 +-
 6 files changed, 47 insertions(+), 39 deletions(-)
 delete mode 100644 cryptsetup-2.7.5.tar.sign
 create mode 100644 cryptsetup-2.8.1.tar.sign

diff --git a/.gitignore b/.gitignore
index e784048..f8d6597 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 /cryptsetup-2.7.5.tar.xz
+/cryptsetup-2.8.1.tar.xz
diff --git a/cryptsetup-2.7.5.tar.sign b/cryptsetup-2.7.5.tar.sign
deleted file mode 100644
index cc00fa3..0000000
--- a/cryptsetup-2.7.5.tar.sign
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmbW3FUACgkQ2bBXe9k+
-mPwFbA//ZmEE58/+S4mDszoVeBtJAZDpSd0UBm+R6JTqNjwGSQw2KQbRW+qXLWIj
-EUKd/xtW8iSDh+cqKFO12RN7BTHMHePt+qB8aw3L1WWbj2rQfLbEv+dQMg36Rweu
-AZMR69PDhD8JX2xVV2nD/rrQFHoNfKT9od83QHmaK/knwOvd7ZHJ2sOyMmZvCNE8
-N8/454ERiT8W9hnHxWjsGtkzr81ucGpjbZDYlINaeD728QR64HDHnAkReAHegJt8
-uAejzAz+BGNkSkUFeRLP+3zOYUKBW6Ex/OIBQ4m+rrAR/b3TVNwGPUUAbelHZJWN
-+jf+aPzo4Vv1v+Hl92CEbq29czpHyaLRrRNdhs57no7XdUkivJ+gdhr51xjaV9Zq
-HnANYLVT+O/PPfFaALg1Qp5hfmhVCaVPLK05ug2qj9jVF0jIahvQsEzq1YfLiZNT
-8UtAnV8ULA83GZlh1MDsuEp5815CKjs5dzpUpobStsVIZ6lkHabEFRfxr2Ae+7lw
-veqmpNLN1K5+yXA1L8e9BtoxRxeczIS3ImPlYvojpCFgkamwXPqCoI4wVOCbG/Pu
-5L1uDk1TAHEgmf4Iy31bPKLDQcv16aLV5S/w4fCWtybbBasax7qNqKTBAIZQp7o2
-C1hkxCcRxaNyMwEoof9myMjv9fn/0xidJ14GlgXpeANbq9jtXQo=
-=S6/S
------END PGP SIGNATURE-----
diff --git a/cryptsetup-2.8.1.tar.sign b/cryptsetup-2.8.1.tar.sign
new file mode 100644
index 0000000..4459bed
--- /dev/null
+++ b/cryptsetup-2.8.1.tar.sign
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmikPjAACgkQ2bBXe9k+
+mPzw4hAAqew2XZt7qfeHXNrx4Qx+5fh8J6kNBByMoBBBoNV778MUeE35hZ57L+0G
+fCRJTcWvZX9WUomSY3L/n1h/kGrk/G59clBNXyBo/VlqGy4TnDIyX/5RfN93Ysfr
+XzdZptH7PFLnhf6R9Y6bkRTCVdutW6WSW+CTeB6LnQHR97y2Jz/L+qTpExs9ujk9
+FMuMI2bO+i5QaisvAqS7/z0ba18xdgNqplj8DUFygtuJiUeshtW/RHBr21Y762Ut
+ZaliJbkww/XbI0CVyjoT0OrgRIpqr1tb1AwPNCU81MgCrB5q5pYOdcGkuRGIGKSG
++BC2qrHqlbNIu8SOu6JZ7mq2gkiyzz+Gg7AuKsvV9HPFkFEd40SIE2xNMxgwZtwB
+jW9d07Cg90qGcKLqESwb5bNXRFxw8aBXHaaZraC5mAoYfOXaQAL+FlBtbcsADoFy
+7TJEDyqC47nRB7dC0c8Cd7rqZ7nFWenf7oPXK87wFDIRDdv7OTtwD03fQdhy7j6N
++jX1vVH/xRDpEpcUTQyuo3CO/gN5w2TWPKHYFBkAV3qvQOTLKZXQCxyYNfSBfFmJ
+IyeRPYb/Euk46jX+xpCeoP540YAL6BoLTHyis5wjjM9jTXTMKFa5ZivrMlWaRKS5
+pp4EIpJlxuE8kGmKvMgPO3kgS4w3akjNpfdkeRWAPKaVVMzBY1Y=
+=tRD6
+-----END PGP SIGNATURE-----
diff --git a/cryptsetup-Add-FIPS-related-error-message-in-keyslot-add-code.patch b/cryptsetup-Add-FIPS-related-error-message-in-keyslot-add-code.patch
index 9c303e4..cfbd204 100644
--- a/cryptsetup-Add-FIPS-related-error-message-in-keyslot-add-code.patch
+++ b/cryptsetup-Add-FIPS-related-error-message-in-keyslot-add-code.patch
@@ -1,23 +1,23 @@
-From 293abb5435e2b4bec7f8333fb11c88d5c1f45800 Mon Sep 17 00:00:00 2001
+From 48af2c543e4bee3dff9bd95529bbf45106aa457e Mon Sep 17 00:00:00 2001
 From: Ondrej Kozina <okozina@redhat.com>
 Date: Mon, 5 Dec 2022 13:35:24 +0100
-Subject: [PATCH 3/3] Add FIPS related error message in keyslot add code.
+Subject: [PATCH] Add FIPS related error message in keyslot add code.
 
 Add hints on what went wrong when creating new LUKS
 keyslots. The hint is printed only in FIPS mode and
 when pbkdf2 failed with passphrase shorter than 8
 bytes.
 ---
- lib/luks1/keymanage.c           | 5 ++++-
+ lib/luks1/keymanage.c           | 2 ++
  lib/luks2/luks2_keyslot_luks2.c | 2 ++
- 2 files changed, 6 insertions(+), 1 deletion(-)
+ 2 files changed, 4 insertions(+)
 
-Index: cryptsetup-2.7.2/lib/luks1/keymanage.c
-===================================================================
---- cryptsetup-2.7.2.orig/lib/luks1/keymanage.c
-+++ cryptsetup-2.7.2/lib/luks1/keymanage.c
-@@ -926,6 +926,8 @@ int LUKS_set_key(unsigned int keyIndex,
- 			derived_key->key, hdr->keyBytes,
+diff --git a/lib/luks1/keymanage.c b/lib/luks1/keymanage.c
+index 37929810..a7ef0a25 100644
+--- a/lib/luks1/keymanage.c
++++ b/lib/luks1/keymanage.c
+@@ -916,6 +916,8 @@ int LUKS_set_key(unsigned int keyIndex,
+ 			derived_key, hdr->keyBytes,
  			hdr->keyblock[keyIndex].passwordIterations, 0, 0);
  	if (r < 0) {
 +		if (crypt_fips_mode() && passwordLen < 8)
@@ -25,16 +25,19 @@ Index: cryptsetup-2.7.2/lib/luks1/keymanage.c
  		if ((crypt_backend_flags() & CRYPT_BACKEND_PBKDF2_INT) &&
  		     hdr->keyblock[keyIndex].passwordIterations > INT_MAX)
  			log_err(ctx, _("PBKDF2 iteration value overflow."));
-Index: cryptsetup-2.7.2/lib/luks2/luks2_keyslot_luks2.c
-===================================================================
---- cryptsetup-2.7.2.orig/lib/luks2/luks2_keyslot_luks2.c
-+++ cryptsetup-2.7.2/lib/luks2/luks2_keyslot_luks2.c
-@@ -269,6 +269,8 @@ static int luks2_keyslot_set_key(struct
- 		     pbkdf.iterations > INT_MAX)
+diff --git a/lib/luks2/luks2_keyslot_luks2.c b/lib/luks2/luks2_keyslot_luks2.c
+index ec68236c..f309125d 100644
+--- a/lib/luks2/luks2_keyslot_luks2.c
++++ b/lib/luks2/luks2_keyslot_luks2.c
+@@ -260,6 +260,8 @@ static int luks2_keyslot_set_key(struct crypt_device *cd,
  			log_err(cd, _("PBKDF2 iteration value overflow."));
- 		crypt_free_volume_key(derived_key);
+ 		if (r == -ENOMEM)
+ 			log_err(cd, _("Not enough memory for keyslot key derivation."));
 +		if (crypt_fips_mode() && passwordLen < 8 && !strcmp(pbkdf.type, "pbkdf2"))
 +			log_err(cd, _("Invalid passphrase for PBKDF2 in FIPS mode."));
- 		return r;
+ 		goto out;
  	}
  
+-- 
+2.50.1
+
diff --git a/cryptsetup.spec b/cryptsetup.spec
index 0c609f8..8852fc4 100644
--- a/cryptsetup.spec
+++ b/cryptsetup.spec
@@ -1,7 +1,7 @@
 Summary: Utility for setting up encrypted disks
 Name: cryptsetup
-Version: 2.7.5
-Release: 2%{?dist}
+Version: 2.8.1
+Release: 1%{?dist}
 License: GPL-2.0-or-later WITH cryptsetup-OpenSSL-exception AND LGPL-2.1-or-later WITH cryptsetup-OpenSSL-exception
 URL: https://gitlab.com/cryptsetup/cryptsetup
 BuildRequires: autoconf, automake, libtool, gettext-devel,
@@ -16,7 +16,7 @@ Obsoletes: %{name}-reencrypt <= %{version}
 Provides: %{name}-reencrypt = %{version}
 
 %global upstream_version %{version_no_tilde}
-Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-%{upstream_version}.tar.xz
+Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.8/cryptsetup-%{upstream_version}.tar.xz
 
 # Following patch has to applied last
 Patch0001: %{name}-Add-FIPS-related-error-message-in-keyslot-add-code.patch
@@ -102,13 +102,17 @@ rm -rf %{buildroot}%{_libdir}/%{name}/*.la
 %{_libdir}/pkgconfig/libcryptsetup.pc
 
 %files libs -f cryptsetup.lang
-%license COPYING COPYING.LGPL
+%license COPYING docs/licenses/COPYING.LGPL-2.1-or-later-WITH-cryptsetup-OpenSSL-exception
 %{_libdir}/libcryptsetup.so.*
 %dir %{_libdir}/%{name}/
 %{_tmpfilesdir}/cryptsetup.conf
 %ghost %attr(700, -, -) %dir /run/cryptsetup
 
 %changelog
+* Wed Sep 03 2025 Kristina Hanicova <khanicov@redhat.com> - 2.8.1-1
+- Update to cryptsetup 2.8.1
+- Resolves: RHEL-96291
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.7.5-2
 - Bump release for October 2024 mass rebuild:
   Resolves: RHEL-64018
diff --git a/sources b/sources
index 6411b72..9832dc9 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (cryptsetup-2.7.5.tar.xz) = 13eca93cdb00a143d2ca60b6f66ede5adc4072ca0c4bfebd8454a3541e69d269fcdb4afc97ad799e87a999b2bd46c1f31fa924a3d616d72a3337970b1e718d55
+SHA512 (cryptsetup-2.8.1.tar.xz) = a5171e18c55bfbc57330f2d46ab06b5ac6957392a77aef74c3d1c5295eb39962d1db19ddd3420ea1154d730b361d09e72bf5315c7a3d56eb36cee9c2531bca5d