Auto sync2gitlab import of cryptsetup-2.3.7-3.el8.src.rpm

cryptsetup-2.6.0-Code-cleanup.patch

@@ -0,0 +1,28 @@
+From 23903951505cd4ad9f3469e037278494c14a7791 Mon Sep 17 00:00:00 2001
+From: Ondrej Kozina <okozina@redhat.com>
+Date: Wed, 12 Oct 2022 12:05:00 +0200
+Subject: [PATCH 3/5] Code cleanup.
+
+Type cast is not needed here.
+---
+ lib/libdevmapper.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c
+index 7fcf843f..6a239e14 100644
+--- a/lib/libdevmapper.c
++++ b/lib/libdevmapper.c
+@@ -1992,9 +1992,7 @@ static int _dm_target_query_crypt(struct crypt_device *cd, uint32_t get_flags,
+ 
+ 	/* cipher */
+ 	if (get_flags & DM_ACTIVE_CRYPT_CIPHER) {
+-		r = crypt_capi_to_cipher(CONST_CAST(char**)&cipher,
+-				CONST_CAST(char**)&integrity,
+-				rcipher, rintegrity);
++		r = crypt_capi_to_cipher(&cipher, &integrity, rcipher, rintegrity);
+ 		if (r < 0)
+ 			goto err;
+ 	}
+-- 
+2.38.1
+

cryptsetup-2.6.0-Copy-also-integrity-string-in-legacy-mode.patch

@@ -0,0 +1,34 @@
+From 19c15a652f878458493f0ac335110e2779f3cbe3 Mon Sep 17 00:00:00 2001
+From: Ondrej Kozina <okozina@redhat.com>
+Date: Wed, 12 Oct 2022 11:59:09 +0200
+Subject: [PATCH 4/5] Copy also integrity string in legacy mode.
+
+So that it handles integrity string same as it does
+with cipher string.
+---
+ lib/utils_crypt.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/lib/utils_crypt.c b/lib/utils_crypt.c
+index 4f4dbba8..93f846d7 100644
+--- a/lib/utils_crypt.c
++++ b/lib/utils_crypt.c
+@@ -284,7 +284,14 @@ int crypt_capi_to_cipher(char **org_c, char **org_i, const char *c_dm, const cha
+ 	if (strncmp(c_dm, "capi:", 4)) {
+ 		if (!(*org_c = strdup(c_dm)))
+ 			return -ENOMEM;
+-		*org_i = NULL;
++		if (i_dm) {
++			if (!(*org_i = strdup(i_dm))) {
++				free(*org_c);
++				*org_c = NULL;
++				return -ENOMEM;
++			}
++		} else
++			*org_i = NULL;
+ 		return 0;
+ 	}
+ 
+-- 
+2.38.1
+

cryptsetup-2.6.0-Fix-cipher-convert-routines-naming-confusion.patch

@@ -0,0 +1,53 @@
+From 3616da631f83a004a13a575a54df8123f0d65c29 Mon Sep 17 00:00:00 2001
+From: Ondrej Kozina <okozina@redhat.com>
+Date: Mon, 17 Oct 2022 15:18:42 +0200
+Subject: [PATCH 1/5] Fix cipher convert routines naming confusion.
+
+The function names were in fact swaped.
+---
+ lib/libdevmapper.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c
+index 6c2eab78..0e45a789 100644
+--- a/lib/libdevmapper.c
++++ b/lib/libdevmapper.c
+@@ -481,7 +481,7 @@ static size_t int_log10(uint64_t x)
+ #define CAPIL  144   /* should be enough to fit whole capi string */
+ #define CAPIS "143"  /* for sscanf of crypto API string + 16  + \0 */
+ 
+-static int cipher_c2dm(const char *org_c, const char *org_i, unsigned tag_size,
++static int cipher_dm2c(const char *org_c, const char *org_i, unsigned tag_size,
+ 		       char *c_dm, int c_dm_size,
+ 		       char *i_dm, int i_dm_size)
+ {
+@@ -543,7 +543,7 @@ static int cipher_c2dm(const char *org_c, const char *org_i, unsigned tag_size,
+ 	return 0;
+ }
+ 
+-static int cipher_dm2c(char **org_c, char **org_i, const char *c_dm, const char *i_dm)
++static int cipher_c2dm(char **org_c, char **org_i, const char *c_dm, const char *i_dm)
+ {
+ 	char cipher[CLEN], mode[CLEN], iv[CLEN], auth[CLEN];
+ 	char tmp[CAPIL], dmcrypt_tmp[CAPIL*2], capi[CAPIL+1];
+@@ -629,7 +629,7 @@ static char *get_dm_crypt_params(const struct dm_target *tgt, uint32_t flags)
+ 	if (!tgt)
+ 		return NULL;
+ 
+-	r = cipher_c2dm(tgt->u.crypt.cipher, tgt->u.crypt.integrity, tgt->u.crypt.tag_size,
++	r = cipher_dm2c(tgt->u.crypt.cipher, tgt->u.crypt.integrity, tgt->u.crypt.tag_size,
+ 			cipher_dm, sizeof(cipher_dm), integrity_dm, sizeof(integrity_dm));
+ 	if (r < 0)
+ 		return NULL;
+@@ -2066,7 +2066,7 @@ static int _dm_target_query_crypt(struct crypt_device *cd, uint32_t get_flags,
+ 
+ 	/* cipher */
+ 	if (get_flags & DM_ACTIVE_CRYPT_CIPHER) {
+-		r = cipher_dm2c(CONST_CAST(char**)&cipher,
++		r = cipher_c2dm(CONST_CAST(char**)&cipher,
+ 				CONST_CAST(char**)&integrity,
+ 				rcipher, rintegrity);
+ 		if (r < 0)
+-- 
+2.38.1
+

cryptsetup-2.6.0-Fix-internal-crypt-segment-compare-routine.patch

@@ -0,0 +1,130 @@
+From 3e4c69a01709d35322ffa17c5360608907a207d7 Mon Sep 17 00:00:00 2001
+From: Ondrej Kozina <okozina@redhat.com>
+Date: Tue, 11 Oct 2022 11:48:13 +0200
+Subject: [PATCH 5/5] Fix internal crypt segment compare routine.
+
+The function is supposed to check if manipulated
+active dm-crypt device matches the on-disk metadata.
+Unfortunately it did not take into account differences
+between normal cipher specification (aes-xts-plain64)
+and capi format specification (capi:xts(aes)-plain64).
+The internal query function always converted capi format
+in normal format and therefor failed if capi format was
+used in metadata.
+
+Fixes: #759.
+---
+ lib/setup.c        | 36 ++++++++++++++++++++++++++----------
+ tests/api-test-2.c | 14 ++++++++++++--
+ 2 files changed, 38 insertions(+), 12 deletions(-)
+
+diff --git a/lib/setup.c b/lib/setup.c
+index 6d7411b5..809049b9 100644
+--- a/lib/setup.c
++++ b/lib/setup.c
+@@ -2458,6 +2458,9 @@ static int _compare_crypt_devices(struct crypt_device *cd,
+ 			       const struct dm_target *src,
+ 			       const struct dm_target *tgt)
+ {
++	char *src_cipher = NULL, *src_integrity = NULL;
++	int r = -EINVAL;
++
+ 	/* for crypt devices keys are mandatory */
+ 	if (!src->u.crypt.vk || !tgt->u.crypt.vk)
+ 		return -EINVAL;
+@@ -2465,21 +2468,30 @@ static int _compare_crypt_devices(struct crypt_device *cd,
+ 	/* CIPHER checks */
+ 	if (!src->u.crypt.cipher || !tgt->u.crypt.cipher)
+ 		return -EINVAL;
+-	if (strcmp(src->u.crypt.cipher, tgt->u.crypt.cipher)) {
+-		log_dbg(cd, "Cipher specs do not match.");
++
++	/*
++	 * dm_query_target converts capi cipher specification to dm-crypt format.
++	 * We need to do same for cipher specification requested in source
++	 * device.
++	 */
++	if (crypt_capi_to_cipher(&src_cipher, &src_integrity, src->u.crypt.cipher, src->u.crypt.integrity))
+ 		return -EINVAL;
++
++	if (strcmp(src_cipher, tgt->u.crypt.cipher)) {
++		log_dbg(cd, "Cipher specs do not match.");
++		goto out;
+ 	}
+ 
+ 	if (tgt->u.crypt.vk->keylength == 0 && crypt_is_cipher_null(tgt->u.crypt.cipher))
+ 		log_dbg(cd, "Existing device uses cipher null. Skipping key comparison.");
+ 	else if (_compare_volume_keys(src->u.crypt.vk, 0, tgt->u.crypt.vk, tgt->u.crypt.vk->key_description != NULL)) {
+ 		log_dbg(cd, "Keys in context and target device do not match.");
+-		return -EINVAL;
++		goto out;
+ 	}
+ 
+-	if (crypt_strcmp(src->u.crypt.integrity, tgt->u.crypt.integrity)) {
++	if (crypt_strcmp(src_integrity, tgt->u.crypt.integrity)) {
+ 		log_dbg(cd, "Integrity parameters do not match.");
+-		return -EINVAL;
++		goto out;
+ 	}
+ 
+ 	if (src->u.crypt.offset      != tgt->u.crypt.offset ||
+@@ -2487,15 +2499,19 @@ static int _compare_crypt_devices(struct crypt_device *cd,
+ 	    src->u.crypt.iv_offset   != tgt->u.crypt.iv_offset ||
+ 	    src->u.crypt.tag_size    != tgt->u.crypt.tag_size) {
+ 		log_dbg(cd, "Integer parameters do not match.");
+-		return -EINVAL;
++		goto out;
+ 	}
+ 
+-	if (device_is_identical(src->data_device, tgt->data_device) <= 0) {
++	if (device_is_identical(src->data_device, tgt->data_device) <= 0)
+ 		log_dbg(cd, "Data devices do not match.");
+-		return -EINVAL;
+-	}
++	else
++		r = 0;
+ 
+-	return 0;
++out:
++	free(src_cipher);
++	free(src_integrity);
++
++	return r;
+ }
+ 
+ static int _compare_integrity_devices(struct crypt_device *cd,
+diff --git a/tests/api-test-2.c b/tests/api-test-2.c
+index 0534677a..34002d1a 100644
+--- a/tests/api-test-2.c
++++ b/tests/api-test-2.c
+@@ -1585,8 +1585,8 @@ static void ResizeDeviceLuks2(void)
+ 
+ 	const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ 	size_t key_size = strlen(mk_hex) / 2;
+-	const char *cipher = "aes";
+-	const char *cipher_mode = "cbc-essiv:sha256";
++	const char *cipher = "aes", *capi_cipher = "capi:cbc(aes)";
++	const char *cipher_mode = "cbc-essiv:sha256", *capi_cipher_mode = "essiv:sha256";
+ 	uint64_t r_payload_offset, r_header_size, r_size;
+ 
+ 	/* Cannot use Argon2 in FIPS */
+@@ -1728,6 +1728,16 @@ static void ResizeDeviceLuks2(void)
+ 	OK_(crypt_deactivate(cd, CDEVICE_1));
+ 	CRYPT_FREE(cd);
+ 
++	OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
++	OK_(crypt_set_pbkdf_type(cd, &pbkdf));
++	OK_(crypt_format(cd, CRYPT_LUKS2, capi_cipher, capi_cipher_mode, NULL, key, key_size, NULL));
++	OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
++	OK_(crypt_resize(cd, CDEVICE_1, 8));
++	if (!t_device_size(DMDIR CDEVICE_1, &r_size))
++		EQ_(8, r_size >> SECTOR_SHIFT);
++	OK_(crypt_deactivate(cd, CDEVICE_1));
++	CRYPT_FREE(cd);
++
+ 	_cleanup_dmdevices();
+ }
+ 
+-- 
+2.38.1
+

cryptsetup-2.6.0-Move-cipher_dm2c-to-crypto-utilities.patch

@@ -0,0 +1,250 @@
+From 9a9ddc7d22e14e14c9a6e97860cffada406adac3 Mon Sep 17 00:00:00 2001
+From: Ondrej Kozina <okozina@redhat.com>
+Date: Tue, 11 Oct 2022 10:50:17 +0200
+Subject: [PATCH 2/5] Move cipher_dm2c to crypto utilities.
+
+(Gets renamed to crypt_capi_to_cipher)
+---
+ lib/libdevmapper.c | 84 +++-------------------------------------------
+ lib/utils_crypt.c  | 72 +++++++++++++++++++++++++++++++++++++++
+ lib/utils_crypt.h  | 11 ++++--
+ 3 files changed, 85 insertions(+), 82 deletions(-)
+
+diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c
+index 0e45a789..7fcf843f 100644
+--- a/lib/libdevmapper.c
++++ b/lib/libdevmapper.c
+@@ -476,27 +476,22 @@ static size_t int_log10(uint64_t x)
+ 	return r;
+ }
+ 
+-#define CLEN    64   /* 2*MAX_CIPHER_LEN */
+-#define CLENS  "63"  /* for sscanf length + '\0' */
+-#define CAPIL  144   /* should be enough to fit whole capi string */
+-#define CAPIS "143"  /* for sscanf of crypto API string + 16  + \0 */
+-
+ static int cipher_dm2c(const char *org_c, const char *org_i, unsigned tag_size,
+ 		       char *c_dm, int c_dm_size,
+ 		       char *i_dm, int i_dm_size)
+ {
+ 	int c_size = 0, i_size = 0, i;
+-	char cipher[CLEN], mode[CLEN], iv[CLEN+1], tmp[CLEN];
+-	char capi[CAPIL];
++	char cipher[MAX_CAPI_ONE_LEN], mode[MAX_CAPI_ONE_LEN], iv[MAX_CAPI_ONE_LEN+1],
++	     tmp[MAX_CAPI_ONE_LEN], capi[MAX_CAPI_LEN];
+ 
+ 	if (!c_dm || !c_dm_size || !i_dm || !i_dm_size)
+ 		return -EINVAL;
+ 
+-	i = sscanf(org_c, "%" CLENS "[^-]-%" CLENS "s", cipher, tmp);
++	i = sscanf(org_c, "%" MAX_CAPI_ONE_LEN_STR "[^-]-%" MAX_CAPI_ONE_LEN_STR "s", cipher, tmp);
+ 	if (i != 2)
+ 		return -EINVAL;
+ 
+-	i = sscanf(tmp, "%" CLENS "[^-]-%" CLENS "s", mode, iv);
++	i = sscanf(tmp, "%" MAX_CAPI_ONE_LEN_STR "[^-]-%" MAX_CAPI_ONE_LEN_STR "s", mode, iv);
+ 	if (i == 1) {
+ 		memset(iv, 0, sizeof(iv));
+ 		strncpy(iv, mode, sizeof(iv)-1);
+@@ -543,75 +538,6 @@ static int cipher_dm2c(const char *org_c, const char *org_i, unsigned tag_size,
+ 	return 0;
+ }
+ 
+-static int cipher_c2dm(char **org_c, char **org_i, const char *c_dm, const char *i_dm)
+-{
+-	char cipher[CLEN], mode[CLEN], iv[CLEN], auth[CLEN];
+-	char tmp[CAPIL], dmcrypt_tmp[CAPIL*2], capi[CAPIL+1];
+-	size_t len;
+-	int i;
+-
+-	if (!c_dm)
+-		return -EINVAL;
+-
+-	/* legacy mode */
+-	if (strncmp(c_dm, "capi:", 4)) {
+-		if (!(*org_c = strdup(c_dm)))
+-			return -ENOMEM;
+-		*org_i = NULL;
+-		return 0;
+-	}
+-
+-	/* modes with capi: prefix */
+-	i = sscanf(c_dm, "capi:%" CAPIS "[^-]-%" CLENS "s", tmp, iv);
+-	if (i != 2)
+-		return -EINVAL;
+-
+-	len = strlen(tmp);
+-	if (len < 2)
+-		return -EINVAL;
+-
+-	if (tmp[len-1] == ')')
+-		tmp[len-1] = '\0';
+-
+-	if (sscanf(tmp, "rfc4309(%" CAPIS "s", capi) == 1) {
+-		if (!(*org_i = strdup("aead")))
+-			return -ENOMEM;
+-	} else if (sscanf(tmp, "rfc7539(%" CAPIS "[^,],%" CLENS "s", capi, auth) == 2) {
+-		if (!(*org_i = strdup(auth)))
+-			return -ENOMEM;
+-	} else if (sscanf(tmp, "authenc(%" CLENS "[^,],%" CAPIS "s", auth, capi) == 2) {
+-		if (!(*org_i = strdup(auth)))
+-			return -ENOMEM;
+-	} else {
+-		if (i_dm) {
+-			if (!(*org_i = strdup(i_dm)))
+-				return -ENOMEM;
+-		} else
+-			*org_i = NULL;
+-		memset(capi, 0, sizeof(capi));
+-		strncpy(capi, tmp, sizeof(capi)-1);
+-	}
+-
+-	i = sscanf(capi, "%" CLENS "[^(](%" CLENS "[^)])", mode, cipher);
+-	if (i == 2)
+-		i = snprintf(dmcrypt_tmp, sizeof(dmcrypt_tmp), "%s-%s-%s", cipher, mode, iv);
+-	else
+-		i = snprintf(dmcrypt_tmp, sizeof(dmcrypt_tmp), "%s-%s", capi, iv);
+-	if (i < 0 || (size_t)i >= sizeof(dmcrypt_tmp)) {
+-		free(*org_i);
+-		*org_i = NULL;
+-		return -EINVAL;
+-	}
+-
+-	if (!(*org_c = strdup(dmcrypt_tmp))) {
+-		free(*org_i);
+-		*org_i = NULL;
+-		return -ENOMEM;
+-	}
+-
+-	return 0;
+-}
+-
+ static char *_uf(char *buf, size_t buf_size, const char *s, unsigned u)
+ {
+ 	size_t r = snprintf(buf, buf_size, " %s:%u", s, u);
+@@ -2066,7 +1992,7 @@ static int _dm_target_query_crypt(struct crypt_device *cd, uint32_t get_flags,
+ 
+ 	/* cipher */
+ 	if (get_flags & DM_ACTIVE_CRYPT_CIPHER) {
+-		r = cipher_c2dm(CONST_CAST(char**)&cipher,
++		r = crypt_capi_to_cipher(CONST_CAST(char**)&cipher,
+ 				CONST_CAST(char**)&integrity,
+ 				rcipher, rintegrity);
+ 		if (r < 0)
+diff --git a/lib/utils_crypt.c b/lib/utils_crypt.c
+index 83d0a2c5..4f4dbba8 100644
+--- a/lib/utils_crypt.c
++++ b/lib/utils_crypt.c
+@@ -31,6 +31,8 @@
+ #include "libcryptsetup.h"
+ #include "utils_crypt.h"
+ 
++#define MAX_CAPI_LEN_STR "143" /* for sscanf of crypto API string + 16  + \0 */
++
+ int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums,
+ 			      char *cipher_mode)
+ {
+@@ -266,3 +268,73 @@ bool crypt_is_cipher_null(const char *cipher_spec)
+ 		return false;
+ 	return (strstr(cipher_spec, "cipher_null") || !strcmp(cipher_spec, "null"));
+ }
++
++int crypt_capi_to_cipher(char **org_c, char **org_i, const char *c_dm, const char *i_dm)
++{
++	char cipher[MAX_CAPI_ONE_LEN], mode[MAX_CAPI_ONE_LEN], iv[MAX_CAPI_ONE_LEN],
++	     auth[MAX_CAPI_ONE_LEN], tmp[MAX_CAPI_LEN], dmcrypt_tmp[MAX_CAPI_LEN*2],
++	     capi[MAX_CAPI_LEN+1];
++	size_t len;
++	int i;
++
++	if (!c_dm)
++		return -EINVAL;
++
++	/* legacy mode */
++	if (strncmp(c_dm, "capi:", 4)) {
++		if (!(*org_c = strdup(c_dm)))
++			return -ENOMEM;
++		*org_i = NULL;
++		return 0;
++	}
++
++	/* modes with capi: prefix */
++	i = sscanf(c_dm, "capi:%" MAX_CAPI_LEN_STR "[^-]-%" MAX_CAPI_ONE_LEN_STR "s", tmp, iv);
++	if (i != 2)
++		return -EINVAL;
++
++	len = strlen(tmp);
++	if (len < 2)
++		return -EINVAL;
++
++	if (tmp[len-1] == ')')
++		tmp[len-1] = '\0';
++
++	if (sscanf(tmp, "rfc4309(%" MAX_CAPI_LEN_STR "s", capi) == 1) {
++		if (!(*org_i = strdup("aead")))
++			return -ENOMEM;
++	} else if (sscanf(tmp, "rfc7539(%" MAX_CAPI_LEN_STR "[^,],%" MAX_CAPI_ONE_LEN_STR "s", capi, auth) == 2) {
++		if (!(*org_i = strdup(auth)))
++			return -ENOMEM;
++	} else if (sscanf(tmp, "authenc(%" MAX_CAPI_ONE_LEN_STR "[^,],%" MAX_CAPI_LEN_STR "s", auth, capi) == 2) {
++		if (!(*org_i = strdup(auth)))
++			return -ENOMEM;
++	} else {
++		if (i_dm) {
++			if (!(*org_i = strdup(i_dm)))
++				return -ENOMEM;
++		} else
++			*org_i = NULL;
++		memset(capi, 0, sizeof(capi));
++		strncpy(capi, tmp, sizeof(capi)-1);
++	}
++
++	i = sscanf(capi, "%" MAX_CAPI_ONE_LEN_STR "[^(](%" MAX_CAPI_ONE_LEN_STR "[^)])", mode, cipher);
++	if (i == 2)
++		i = snprintf(dmcrypt_tmp, sizeof(dmcrypt_tmp), "%s-%s-%s", cipher, mode, iv);
++	else
++		i = snprintf(dmcrypt_tmp, sizeof(dmcrypt_tmp), "%s-%s", capi, iv);
++	if (i < 0 || (size_t)i >= sizeof(dmcrypt_tmp)) {
++		free(*org_i);
++		*org_i = NULL;
++		return -EINVAL;
++	}
++
++	if (!(*org_c = strdup(dmcrypt_tmp))) {
++		free(*org_i);
++		*org_i = NULL;
++		return -ENOMEM;
++	}
++
++	return 0;
++}
+diff --git a/lib/utils_crypt.h b/lib/utils_crypt.h
+index 5922350a..a4a9b6ca 100644
+--- a/lib/utils_crypt.h
++++ b/lib/utils_crypt.h
+@@ -27,9 +27,12 @@
+ #include <stdbool.h>
+ #include <unistd.h>
+ 
+-#define MAX_CIPHER_LEN		32
+-#define MAX_CIPHER_LEN_STR	"31"
+-#define MAX_KEYFILES		32
++#define MAX_CIPHER_LEN       32
++#define MAX_CIPHER_LEN_STR   "31"
++#define MAX_KEYFILES         32
++#define MAX_CAPI_ONE_LEN     2 * MAX_CIPHER_LEN
++#define MAX_CAPI_ONE_LEN_STR "63"  /* for sscanf length + '\0' */
++#define MAX_CAPI_LEN         144   /* should be enough to fit whole capi string */
+ 
+ int crypt_parse_name_and_mode(const char *s, char *cipher,
+ 			      int *key_nums, char *cipher_mode);
+@@ -46,4 +49,6 @@ void crypt_log_hex(struct crypt_device *cd,
+ 
+ bool crypt_is_cipher_null(const char *cipher_spec);
+ 
++int crypt_capi_to_cipher(char **org_c, char **org_i, const char *c_dm, const char *i_dm);
++
+ #endif /* _UTILS_CRYPT_H */
+-- 
+2.38.1
+

cryptsetup.spec

@@ -5,7 +5,7 @@ Obsoletes: cryptsetup-python3
 Summary: A utility for setting up encrypted disks
 Name: cryptsetup
 Version: 2.3.7
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+ and LGPLv2+
 Group: Applications/System
 URL: https://gitlab.com/cryptsetup/cryptsetup
@@ -28,6 +28,11 @@ Patch3:  %{name}-2.4.2-Fix-bogus-memory-allocation-if-LUKS2-header-size-is-.patc
 Patch4:  %{name}-2.5.0-Fix-typo-in-repair-prompt.patch
 Patch5:  %{name}-2.5.0-Fix-test-passphrase-when-device-in-reencryption.patch
 Patch6:  %{name}-2.5.0-Add-more-tests-for-test-passphrase-parameter.patch
+Patch7:  %{name}-2.6.0-Fix-cipher-convert-routines-naming-confusion.patch
+Patch8:  %{name}-2.6.0-Move-cipher_dm2c-to-crypto-utilities.patch
+Patch9:  %{name}-2.6.0-Code-cleanup.patch
+Patch10: %{name}-2.6.0-Copy-also-integrity-string-in-legacy-mode.patch
+Patch11: %{name}-2.6.0-Fix-internal-crypt-segment-compare-routine.patch
 
 %description
 The cryptsetup package contains a utility for setting up
@@ -89,6 +94,11 @@ can be used for offline reencryption of disk in situ.
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
+%patch11 -p1
 %patch0 -p1
 chmod -x misc/dracut_90reencrypt/*
 
@@ -148,6 +158,10 @@ rm -rf %{buildroot}/%{_libdir}/*.la
 %clean
 
 %changelog
+* Fri Nov 4 2022 Daniel Zatovic <dzatovic@redhat.com> - 2.3.7-3
+- patch: Fix internal crypt segment compare routine
+- Resolves: #2110810
+
 * Thu Feb 24 2022 Ondrej Kozina <okozina@redhat.com> - 2.3.7-2
 - patch: Fix cryptsetup --test-passphrase when device in
   reencryption