Update to cryptsetup 2.4.1.

- Resloves: #2005035 #200587
2021-09-29 13:48:53 +02:00 · 2021-09-29 13:48:53 +02:00 · b88e2aab8a
commit b88e2aab8a
parent 0f0b99b059
7 changed files with 126 additions and 19 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-/cryptsetup-2.4.0.tar.xz
+/cryptsetup-2.4.1.tar.xz
--- a/cryptsetup-2.4.0.tar.sign
+++ b/cryptsetup-2.4.0.tar.sign
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmEdJXMACgkQ2bBXe9k+
 mPwJSg/+OW43g7S4Q/K+vBi8S+RN3Pzqi8ao2K+OmGWK/7FhKWxrXSN7J8gJigxd
 uD+NukmQublFtYdfKXj2unF/Fd28YGHCqSfVrFvn2jmcMnlwxSz5220Bic1eai8a
 hq0Hve425n5RpTzNtpkBBZQbiLmY25J1wUkygcoEwT+spyFA0d6oZUhTWcAcqa2b
 IP9XkVFEociSWpjZfuhJGN5+jSG91JwYKbuNJFZvH1uez6zTLdNDj9+zoxfsrLW4
 BZYh8FQbZq54pUJnX4tafuRm7L/3LjK0DWWq60P3dvzTyj5b/qzORThNMpvCoolN
 I7Yfl7PD8j3B2WpgLQ+62jBVSOBjZGOpvj6PbQVizk2ELznF1LkTyneQ1rIwzxRw
 xWqHZfFU0Frj16yiNfRDrBKq4QsrYBOGov7q3OP3Xsw3H/C5lNxEOzx9NkC97LlA
 ryMiFSOXFHfCvTCXWQi90N311S4Usg/+n4qevwM4MxXmHJ6HfIqOLYMFftrWoiqC
 c+86lgZnNFtmFQnD+/Jvfu7AlAE0aLQodDz3w9otF4QfztDwnvnWsrjAntff4u1U
 WqL3EK7NGPJELDRvOpLq77l5eCJ1x5Qgma1RN2ag5APgs5IrmKBGz3H0WxEArz4K
 IWQ9FAHMMVIcJfblW96mE/zIoTc6dc0quUlpmROTFWKleijMk0I=
 =nfsi
 -----END PGP SIGNATURE-----
--- a/cryptsetup-2.4.1.tar.sign
+++ b/cryptsetup-2.4.1.tar.sign
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmFBwN8ACgkQ2bBXe9k+
 mPwndA//ZFMeCgbtSnTJugvZhmIBFHCHofq9yBiCDYyL8qEMw0m3BQLqSSaPt6Bd
 l1xm4ypuy9Rjen5hKbyRJtSko6tbbArCf+OsJfyy2Yr/r5cvnd0eLNwdIdUPKf/l
 3hgRPXBiCHdm63mSWsxM5tUr128Cyj0W4mkn5OmjKPblCd4qgnhNLawn7x7JYoWc
 JS6olNYS6c0M7GBuZ7icKCTtGfO1lKYCIBiCfkuNChJTQbvZ7JiqX/OprHYdBqn1
 WXgrrBrBjO8Ai2w9/uCOAWyPOhy1J8pewuHNX2Hh1LNXEu5z+47QexUpwhweq21/
 QzOITbgb0yZPdQXceAGqmZYa0BPfdo08MakTjaYGrO8rGR0XwgEvtpD5L2eMsVle
 hhg96f4E3f5/7yrtmsL2hbj2v8enhN39ycvn7u/LsfUyoRciCTNwxV/jHU9/laR5
 tDRLUGE3TiiNtTiMk4MucGRHNrae2d6exIpXhhFHN3nD2flOTFqb6KaQRtbdNmPt
 YCMMg4+ZoNzl+YLQYcbkYj4uGGrVosEoAmRl8ROfzPSwHM8mJdUhqGouylTRaQGt
 82SaEdlFO2VthoJUZBy05uCHKthXhwiRplp27MMbCOXOjv3rbnqxyQoMDNb4VQQy
 7CHF50XrEBLpdnyKFNbKFPKyZToBcBLBaPTnm5lf5eTyJ7whkXI=
 =dXjt
 -----END PGP SIGNATURE-----
--- a/cryptsetup-2.4.2-Check-if-DM-create-device-failed-in-an-early-phase.patch
+++ b/cryptsetup-2.4.2-Check-if-DM-create-device-failed-in-an-early-phase.patch
@ -0,0 +1,48 @@
 From 10b1d6493e3be04953ac9f65d2b2d992ab87bdde Mon Sep 17 00:00:00 2001
 From: Milan Broz <gmazyland@gmail.com>
 Date: Tue, 21 Sep 2021 15:54:07 +0200
 Subject: [PATCH 2/7] Check if DM create device failed in an early phase.
 This happens when concurrent creation of DM devices meets
 in the very early state (no device node exists but creation fails).
 Return -ENODEV here instead of -EINVAL.
 (Should "fix" random verity concurrent test failure.)
 ---
 lib/libdevmapper.c | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)
 diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c
 index 09fd9588..1594f877 100644
 --- a/lib/libdevmapper.c
 +++ b/lib/libdevmapper.c
@@ -1346,12 +1346,6 @@ err:
 	return r;
 }
 -static bool dm_device_exists(struct crypt_device *cd, const char *name)
 -{
 -	int r = dm_status_device(cd, name);
 -	return (r >= 0 || r == -EEXIST);
 -}
 -
 static int _dm_create_device(struct crypt_device *cd, const char *name, const char *type,
 			     struct crypt_dm_active_device *dmd)
 {
@@ -1402,8 +1396,11 @@ static int _dm_create_device(struct crypt_device *cd, const char *name, const ch
 		goto out;
 	if (!dm_task_run(dmt)) {
 -		if (dm_device_exists(cd, name))
 +		r = dm_status_device(cd, name);;
 +		if (r >= 0)
 			r = -EEXIST;
 +		if (r != -EEXIST && r != -ENODEV)
 +			r = -EINVAL;
 		goto out;
 	}
 -- 
 2.27.0
--- a/cryptsetup-2.4.2-Do-not-try-to-set-compiler-optimization-flag-if-wipe.patch
+++ b/cryptsetup-2.4.2-Do-not-try-to-set-compiler-optimization-flag-if-wipe.patch
@ -0,0 +1,53 @@
 From a76310b53fbb117e620f2c37350b68dd267f1088 Mon Sep 17 00:00:00 2001
 From: Milan Broz <gmazyland@gmail.com>
 Date: Mon, 20 Sep 2021 17:42:20 +0200
 Subject: [PATCH 1/7] Do not try to set compiler optimization flag if wipe is
 implemented in libc.
 If zeroing memory is implemented through libc call (like memset_bzero),
 compiler should never remove such call. It is not needed to set O0
 optimization flag explicitly.
 Various checkers like annocheck causes problems with these flags,
 just remove it where it makes no sense.
 (Moreover, we use the same pattern without compiler magic
 in crypt_backend_memzero() already.)
 ---
 lib/crypto_backend/argon2/core.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)
 diff --git a/lib/crypto_backend/argon2/core.c b/lib/crypto_backend/argon2/core.c
 index b204ba98..db9a7741 100644
 --- a/lib/crypto_backend/argon2/core.c
 +++ b/lib/crypto_backend/argon2/core.c
@@ -120,18 +120,24 @@ void free_memory(const argon2_context *context, uint8_t *memory,
     }
 }
 -void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) {
 #if defined(_MSC_VER) && VC_GE_2005(_MSC_VER)
 +void secure_wipe_memory(void *v, size_t n) {
     SecureZeroMemory(v, n);
 +}
 #elif defined memset_s
 +void secure_wipe_memory(void *v, size_t n) {
     memset_s(v, n, 0, n);
 +}
 #elif defined(HAVE_EXPLICIT_BZERO)
 +void secure_wipe_memory(void *v, size_t n) {
     explicit_bzero(v, n);
 +}
 #else
 +void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) {
     static void *(*const volatile memset_sec)(void *, int, size_t) = &memset;
     memset_sec(v, 0, n);
 -#endif
 }
 +#endif
 /* Memory clear flag defaults to true. */
 int FLAG_clear_internal_memory = 1;
 -- 
 2.27.0
--- a/cryptsetup.spec
+++ b/cryptsetup.spec
@ -1,6 +1,6 @@
 Summary: Utility for setting up encrypted disks
 Name: cryptsetup
-Version: 2.4.0
+Version: 2.4.1
 Release: 1%{?dist}
 License: GPLv2+ and LGPLv2+
 URL: https://gitlab.com/cryptsetup/cryptsetup
@ -14,6 +14,8 @@ Requires: libpwquality >= 1.2.0
 %global upstream_version %{version}
 Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{upstream_version}.tar.xz
 # Following patch has to applied last
 Patch0000: %{name}-2.4.2-Do-not-try-to-set-compiler-optimization-flag-if-wipe.patch
 Patch0001: %{name}-2.4.2-Check-if-DM-create-device-failed-in-an-early-phase.patch
 Patch9999: %{name}-add-system-library-paths.patch
 %description
@ -111,6 +113,10 @@ rm -rf %{buildroot}%{_libdir}/*.la
 %ghost %attr(700, -, -) %dir /run/cryptsetup
 %changelog
 * Wed Sep 29 2021 Ondrej Kozina <okozina@redhat.com> - 2.4.1-1
 - Update to cryptsetup 2.4.1.
  Resolves: #2005035 #2005877
 * Thu Aug 19 2021 Ondrej Kozina <okozina@redhat.com> - 2.4.0-1
 - Update to cryptsetup 2.4.0.
  Resolves: #1869553 #1972722 #1974271 #1975799
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (cryptsetup-2.4.0.tar.xz) = 9c868b1dee7145f91092160cf977d3ada57a14634b5312d54477e111250975b6f077a92c417373bb7de07244b01ab19553bcce5030ee456ca2c38030e3067186
+SHA512 (cryptsetup-2.4.1.tar.xz) = 17fc73c180e41acbd4ebeddebaf54f8baeef09fce7f154aa9c55936a58bda7adcc7b1bb257336c22295d7b5af426fc8dfd0e4e644e4a52098bcb8a2adb562ca7
`@ -1 +1 @@`
	`/cryptsetup-2.4.0.tar.xz`	`/cryptsetup-2.4.1.tar.xz`
`@ -1 +1 @@`
	`SHA512 (cryptsetup-2.4.0.tar.xz) = 9c868b1dee7145f91092160cf977d3ada57a14634b5312d54477e111250975b6f077a92c417373bb7de07244b01ab19553bcce5030ee456ca2c38030e3067186`	`SHA512 (cryptsetup-2.4.1.tar.xz) = 17fc73c180e41acbd4ebeddebaf54f8baeef09fce7f154aa9c55936a58bda7adcc7b1bb257336c22295d7b5af426fc8dfd0e4e644e4a52098bcb8a2adb562ca7`