From b379355ffe1539b9fc9490ee1736ad6fb94988c6 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 5 Aug 2025 05:07:34 +0000 Subject: [PATCH] import UBI cryptsetup-2.7.2-3.el9_6.1 --- ....3-bitlk-Ignore-unknown-VMK-entry-24.patch | 43 +++++++++++++++++++ SPECS/cryptsetup.spec | 7 ++- 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 SOURCES/cryptsetup-2.7.3-bitlk-Ignore-unknown-VMK-entry-24.patch diff --git a/SOURCES/cryptsetup-2.7.3-bitlk-Ignore-unknown-VMK-entry-24.patch b/SOURCES/cryptsetup-2.7.3-bitlk-Ignore-unknown-VMK-entry-24.patch new file mode 100644 index 0000000..05d2bec --- /dev/null +++ b/SOURCES/cryptsetup-2.7.3-bitlk-Ignore-unknown-VMK-entry-24.patch @@ -0,0 +1,43 @@ +From ef653d00a72b8257819f5ae5d3de9bc9f5039b3c Mon Sep 17 00:00:00 2001 +From: Milan Broz +Date: Tue, 21 May 2024 10:54:55 +0200 +Subject: [PATCH] bitlk: Ignore unknown VMK entry 24 + +This VMK value looks like a password hint (masked email?) +we can safely ignore it. + +Fixes: #886 +--- + lib/bitlk/bitlk.c | 3 +++ + lib/bitlk/bitlk.h | 1 + + 2 files changed, 4 insertions(+) + +diff --git a/lib/bitlk/bitlk.c b/lib/bitlk/bitlk.c +index ae533e5a..230e7101 100644 +--- a/lib/bitlk/bitlk.c ++++ b/lib/bitlk/bitlk.c +@@ -324,6 +324,9 @@ static int parse_vmk_entry(struct crypt_device *cd, uint8_t *data, int start, in + /* unknown timestamps in recovery protected VMK */ + } else if (key_entry_value == BITLK_ENTRY_VALUE_RECOVERY_TIME) { + ; ++ /* optional hint (?) string (masked email?), we can safely ignore it */ ++ } else if (key_entry_value == BITLK_ENTRY_VALUE_HINT) { ++ ; + } else if (key_entry_value == BITLK_ENTRY_VALUE_STRING) { + if (key_entry_size < BITLK_ENTRY_HEADER_LEN) + return -EINVAL; +diff --git a/lib/bitlk/bitlk.h b/lib/bitlk/bitlk.h +index 7eb73211..af8f6298 100644 +--- a/lib/bitlk/bitlk.h ++++ b/lib/bitlk/bitlk.h +@@ -78,6 +78,7 @@ typedef enum { + BITLK_ENTRY_VALUE_OFFSET_SIZE = 0x000f, + BITLK_ENTRY_VALUE_RECOVERY_TIME = 0x015, + BITLK_ENTRY_VALUE_GUID = 0x0017, ++ BITLK_ENTRY_VALUE_HINT = 0x0018, + } BITLKFVEEntryValue; + + struct bitlk_vmk { +-- +2.49.0 + diff --git a/SPECS/cryptsetup.spec b/SPECS/cryptsetup.spec index 44ef72d..df1ff06 100644 --- a/SPECS/cryptsetup.spec +++ b/SPECS/cryptsetup.spec @@ -1,7 +1,7 @@ Summary: Utility for setting up encrypted disks Name: cryptsetup Version: 2.7.2 -Release: 3%{?dist} +Release: 3%{?dist}.1 License: GPLv2+ and LGPLv2+ URL: https://gitlab.com/cryptsetup/cryptsetup BuildRequires: openssl-devel, popt-devel, device-mapper-devel @@ -25,6 +25,7 @@ Patch0005: %{name}-2.7.5-Harden-online-reencryption-checks-in-initialization-.pa Patch0006: %{name}-2.7.5-Abort-online-reencryption-for-misconfigured-devices.patch Patch0007: %{name}-Enable-to-use-Argon2-in-FIPS-with-openssl-backend.patch Patch0008: %{name}-Warn-if-Argon2-keyslot-is-unlocked-in-FIPS-mode.patch +Patch0009: %{name}-2.7.3-bitlk-Ignore-unknown-VMK-entry-24.patch # Following patch has to applied last Patch9999: %{name}-add-system-library-paths.patch @@ -110,6 +111,10 @@ rm -rf %{buildroot}%{_libdir}/*.la %ghost %attr(700, -, -) %dir /run/cryptsetup %changelog +* Fri Jun 13 2025 Ondrej Kozina - 2.7.2-3.1 +- patch: Ignore unknown VMK entry 24 in bitlk metadata. +- Resolves: RHEL-96283 + * Mon Sep 02 2024 Ondrej Kozina - 2.7.2-3 - Specbump for correct target release. - Resolves: RHEL-39003 RHEL-41238