Ondrej Kozina
parent
0f0b99b059
commit
b88e2aab8a
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
/cryptsetup-2.4.0.tar.xz
|
||||
/cryptsetup-2.4.1.tar.xz
|
||||
|
||||
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmEdJXMACgkQ2bBXe9k+
|
||||
mPwJSg/+OW43g7S4Q/K+vBi8S+RN3Pzqi8ao2K+OmGWK/7FhKWxrXSN7J8gJigxd
|
||||
uD+NukmQublFtYdfKXj2unF/Fd28YGHCqSfVrFvn2jmcMnlwxSz5220Bic1eai8a
|
||||
hq0Hve425n5RpTzNtpkBBZQbiLmY25J1wUkygcoEwT+spyFA0d6oZUhTWcAcqa2b
|
||||
IP9XkVFEociSWpjZfuhJGN5+jSG91JwYKbuNJFZvH1uez6zTLdNDj9+zoxfsrLW4
|
||||
BZYh8FQbZq54pUJnX4tafuRm7L/3LjK0DWWq60P3dvzTyj5b/qzORThNMpvCoolN
|
||||
I7Yfl7PD8j3B2WpgLQ+62jBVSOBjZGOpvj6PbQVizk2ELznF1LkTyneQ1rIwzxRw
|
||||
xWqHZfFU0Frj16yiNfRDrBKq4QsrYBOGov7q3OP3Xsw3H/C5lNxEOzx9NkC97LlA
|
||||
ryMiFSOXFHfCvTCXWQi90N311S4Usg/+n4qevwM4MxXmHJ6HfIqOLYMFftrWoiqC
|
||||
c+86lgZnNFtmFQnD+/Jvfu7AlAE0aLQodDz3w9otF4QfztDwnvnWsrjAntff4u1U
|
||||
WqL3EK7NGPJELDRvOpLq77l5eCJ1x5Qgma1RN2ag5APgs5IrmKBGz3H0WxEArz4K
|
||||
IWQ9FAHMMVIcJfblW96mE/zIoTc6dc0quUlpmROTFWKleijMk0I=
|
||||
=nfsi
|
||||
-----END PGP SIGNATURE-----
|
||||
16
cryptsetup-2.4.1.tar.sign
Normal file
16
cryptsetup-2.4.1.tar.sign
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmFBwN8ACgkQ2bBXe9k+
|
||||
mPwndA//ZFMeCgbtSnTJugvZhmIBFHCHofq9yBiCDYyL8qEMw0m3BQLqSSaPt6Bd
|
||||
l1xm4ypuy9Rjen5hKbyRJtSko6tbbArCf+OsJfyy2Yr/r5cvnd0eLNwdIdUPKf/l
|
||||
3hgRPXBiCHdm63mSWsxM5tUr128Cyj0W4mkn5OmjKPblCd4qgnhNLawn7x7JYoWc
|
||||
JS6olNYS6c0M7GBuZ7icKCTtGfO1lKYCIBiCfkuNChJTQbvZ7JiqX/OprHYdBqn1
|
||||
WXgrrBrBjO8Ai2w9/uCOAWyPOhy1J8pewuHNX2Hh1LNXEu5z+47QexUpwhweq21/
|
||||
QzOITbgb0yZPdQXceAGqmZYa0BPfdo08MakTjaYGrO8rGR0XwgEvtpD5L2eMsVle
|
||||
hhg96f4E3f5/7yrtmsL2hbj2v8enhN39ycvn7u/LsfUyoRciCTNwxV/jHU9/laR5
|
||||
tDRLUGE3TiiNtTiMk4MucGRHNrae2d6exIpXhhFHN3nD2flOTFqb6KaQRtbdNmPt
|
||||
YCMMg4+ZoNzl+YLQYcbkYj4uGGrVosEoAmRl8ROfzPSwHM8mJdUhqGouylTRaQGt
|
||||
82SaEdlFO2VthoJUZBy05uCHKthXhwiRplp27MMbCOXOjv3rbnqxyQoMDNb4VQQy
|
||||
7CHF50XrEBLpdnyKFNbKFPKyZToBcBLBaPTnm5lf5eTyJ7whkXI=
|
||||
=dXjt
|
||||
-----END PGP SIGNATURE-----
|
||||
@ -0,0 +1,48 @@
|
||||
From 10b1d6493e3be04953ac9f65d2b2d992ab87bdde Mon Sep 17 00:00:00 2001
|
||||
From: Milan Broz <gmazyland@gmail.com>
|
||||
Date: Tue, 21 Sep 2021 15:54:07 +0200
|
||||
Subject: [PATCH 2/7] Check if DM create device failed in an early phase.
|
||||
|
||||
This happens when concurrent creation of DM devices meets
|
||||
in the very early state (no device node exists but creation fails).
|
||||
|
||||
Return -ENODEV here instead of -EINVAL.
|
||||
|
||||
(Should "fix" random verity concurrent test failure.)
|
||||
---
|
||||
lib/libdevmapper.c | 11 ++++-------
|
||||
1 file changed, 4 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c
|
||||
index 09fd9588..1594f877 100644
|
||||
--- a/lib/libdevmapper.c
|
||||
+++ b/lib/libdevmapper.c
|
||||
@@ -1346,12 +1346,6 @@ err:
|
||||
return r;
|
||||
}
|
||||
|
||||
-static bool dm_device_exists(struct crypt_device *cd, const char *name)
|
||||
-{
|
||||
- int r = dm_status_device(cd, name);
|
||||
- return (r >= 0 || r == -EEXIST);
|
||||
-}
|
||||
-
|
||||
static int _dm_create_device(struct crypt_device *cd, const char *name, const char *type,
|
||||
struct crypt_dm_active_device *dmd)
|
||||
{
|
||||
@@ -1402,8 +1396,11 @@ static int _dm_create_device(struct crypt_device *cd, const char *name, const ch
|
||||
goto out;
|
||||
|
||||
if (!dm_task_run(dmt)) {
|
||||
- if (dm_device_exists(cd, name))
|
||||
+ r = dm_status_device(cd, name);;
|
||||
+ if (r >= 0)
|
||||
r = -EEXIST;
|
||||
+ if (r != -EEXIST && r != -ENODEV)
|
||||
+ r = -EINVAL;
|
||||
goto out;
|
||||
}
|
||||
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@ -0,0 +1,53 @@
|
||||
From a76310b53fbb117e620f2c37350b68dd267f1088 Mon Sep 17 00:00:00 2001
|
||||
From: Milan Broz <gmazyland@gmail.com>
|
||||
Date: Mon, 20 Sep 2021 17:42:20 +0200
|
||||
Subject: [PATCH 1/7] Do not try to set compiler optimization flag if wipe is
|
||||
implemented in libc.
|
||||
|
||||
If zeroing memory is implemented through libc call (like memset_bzero),
|
||||
compiler should never remove such call. It is not needed to set O0
|
||||
optimization flag explicitly.
|
||||
|
||||
Various checkers like annocheck causes problems with these flags,
|
||||
just remove it where it makes no sense.
|
||||
|
||||
(Moreover, we use the same pattern without compiler magic
|
||||
in crypt_backend_memzero() already.)
|
||||
---
|
||||
lib/crypto_backend/argon2/core.c | 10 ++++++++--
|
||||
1 file changed, 8 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/lib/crypto_backend/argon2/core.c b/lib/crypto_backend/argon2/core.c
|
||||
index b204ba98..db9a7741 100644
|
||||
--- a/lib/crypto_backend/argon2/core.c
|
||||
+++ b/lib/crypto_backend/argon2/core.c
|
||||
@@ -120,18 +120,24 @@ void free_memory(const argon2_context *context, uint8_t *memory,
|
||||
}
|
||||
}
|
||||
|
||||
-void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) {
|
||||
#if defined(_MSC_VER) && VC_GE_2005(_MSC_VER)
|
||||
+void secure_wipe_memory(void *v, size_t n) {
|
||||
SecureZeroMemory(v, n);
|
||||
+}
|
||||
#elif defined memset_s
|
||||
+void secure_wipe_memory(void *v, size_t n) {
|
||||
memset_s(v, n, 0, n);
|
||||
+}
|
||||
#elif defined(HAVE_EXPLICIT_BZERO)
|
||||
+void secure_wipe_memory(void *v, size_t n) {
|
||||
explicit_bzero(v, n);
|
||||
+}
|
||||
#else
|
||||
+void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) {
|
||||
static void *(*const volatile memset_sec)(void *, int, size_t) = &memset;
|
||||
memset_sec(v, 0, n);
|
||||
-#endif
|
||||
}
|
||||
+#endif
|
||||
|
||||
/* Memory clear flag defaults to true. */
|
||||
int FLAG_clear_internal_memory = 1;
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Summary: Utility for setting up encrypted disks
|
||||
Name: cryptsetup
|
||||
Version: 2.4.0
|
||||
Version: 2.4.1
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2+ and LGPLv2+
|
||||
URL: https://gitlab.com/cryptsetup/cryptsetup
|
||||
@ -14,6 +14,8 @@ Requires: libpwquality >= 1.2.0
|
||||
%global upstream_version %{version}
|
||||
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{upstream_version}.tar.xz
|
||||
# Following patch has to applied last
|
||||
Patch0000: %{name}-2.4.2-Do-not-try-to-set-compiler-optimization-flag-if-wipe.patch
|
||||
Patch0001: %{name}-2.4.2-Check-if-DM-create-device-failed-in-an-early-phase.patch
|
||||
Patch9999: %{name}-add-system-library-paths.patch
|
||||
|
||||
%description
|
||||
@ -111,6 +113,10 @@ rm -rf %{buildroot}%{_libdir}/*.la
|
||||
%ghost %attr(700, -, -) %dir /run/cryptsetup
|
||||
|
||||
%changelog
|
||||
* Wed Sep 29 2021 Ondrej Kozina <okozina@redhat.com> - 2.4.1-1
|
||||
- Update to cryptsetup 2.4.1.
|
||||
Resolves: #2005035 #2005877
|
||||
|
||||
* Thu Aug 19 2021 Ondrej Kozina <okozina@redhat.com> - 2.4.0-1
|
||||
- Update to cryptsetup 2.4.0.
|
||||
Resolves: #1869553 #1972722 #1974271 #1975799
|
||||
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (cryptsetup-2.4.0.tar.xz) = 9c868b1dee7145f91092160cf977d3ada57a14634b5312d54477e111250975b6f077a92c417373bb7de07244b01ab19553bcce5030ee456ca2c38030e3067186
|
||||
SHA512 (cryptsetup-2.4.1.tar.xz) = 17fc73c180e41acbd4ebeddebaf54f8baeef09fce7f154aa9c55936a58bda7adcc7b1bb257336c22295d7b5af426fc8dfd0e4e644e4a52098bcb8a2adb562ca7
|
||||
|
||||
Loading…
Reference in New Issue
Block a user