rpms/cryptsetup
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to cryptsetup 2.8.1.

Browse Source 
Resolves: RHEL-100089
This commit is contained in:
Kristina Hanicova 2025-09-03 15:59:23 +02:00
parent 31e031ca73
commit e28f157888
13 changed files with 50 additions and 329 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -2,3 +2,4 @@
/tests.tar.xz
/cryptsetup-2.6.0.tar.xz
/cryptsetup-2.7.2.tar.xz
/cryptsetup-2.8.1.tar.xz

16
cryptsetup-2.6.0.tar.sign
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmOEnKwACgkQ2bBXe9k+
mPxHlg//Wt73l0gBiMwNUQdCtXL37+lWwUz2lxhfcs3Ud/tWb5M8/csw449JnF4c
MnTMCX8qz51Sxxq4GEvk0L6+gv8d5w5hdIwZIE6ArQIVx0CH2BcG0qlQ53vcFlcr
wvSVZyiggHsQX0YZgxWwrDX3+WRt+0S+F2tHTwW/1e/XXsb5Tqb2ksQcvFCvM71/
EhT5BAaEZRC7pfIiDjIXkMGOnjxWpvkiimYzwiFnlt+Veaq4Xie+dWqM/wgrWNpb
UYnD2ZIbQ3IXDTKUhCKoQHUcO743uB0WJf7I5DVNfWPAFmeSRvHrmgqk+Ijl5rnw
WMlKU/3l5f3rXp1H46cfBBmpqmnDz2ikuYYgkHBDmpYr7F1SRpz1OV25V4uctah3
SZ+Q0LpIiJAWOlgP64lRMYRZBsy0Vlx5sN2Y4OLUlPiRMeB0kcAPtoEN1302bzbs
fGFsFqqImAHnaV+udGH/tHlrjNeJf8Yf3YmMaa46xJgqcLJE+GjIdAQ+IHrzATSg
W4SLu2SZojeJq5rOMVJlYT6Ywg9hKWls7ltJilPqgBiwsDh9LWEWduTTNTzkXNs0
sye8ZdTJ5k5aT82mJWhh/opeD5D7nS1+A1kLwskcuUL/8Llp+fZw5nZrVWKLb9Ik
8NnlB0S90VDaQUh/bDzNRwH8P/EwdZ/W/iUAPONP48zUbxfd0Vk=
=lIrc
-----END PGP SIGNATURE-----

43
cryptsetup-2.7.3-bitlk-Ignore-unknown-VMK-entry-24.patch
View File

@ -1,43 +0,0 @@
From ef653d00a72b8257819f5ae5d3de9bc9f5039b3c Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Tue, 21 May 2024 10:54:55 +0200
Subject: [PATCH] bitlk: Ignore unknown VMK entry 24
This VMK value looks like a password hint (masked email?)
we can safely ignore it.
Fixes: #886
---
lib/bitlk/bitlk.c | 3 +++
lib/bitlk/bitlk.h | 1 +
2 files changed, 4 insertions(+)
diff --git a/lib/bitlk/bitlk.c b/lib/bitlk/bitlk.c
index ae533e5a..230e7101 100644
--- a/lib/bitlk/bitlk.c
+++ b/lib/bitlk/bitlk.c
@@ -324,6 +324,9 @@ static int parse_vmk_entry(struct crypt_device *cd, uint8_t *data, int start, in
/* unknown timestamps in recovery protected VMK */
} else if (key_entry_value == BITLK_ENTRY_VALUE_RECOVERY_TIME) {
;
+ /* optional hint (?) string (masked email?), we can safely ignore it */
+ } else if (key_entry_value == BITLK_ENTRY_VALUE_HINT) {
+ ;
} else if (key_entry_value == BITLK_ENTRY_VALUE_STRING) {
if (key_entry_size < BITLK_ENTRY_HEADER_LEN)
return -EINVAL;
diff --git a/lib/bitlk/bitlk.h b/lib/bitlk/bitlk.h
index 7eb73211..af8f6298 100644
--- a/lib/bitlk/bitlk.h
+++ b/lib/bitlk/bitlk.h
@@ -78,6 +78,7 @@ typedef enum {
BITLK_ENTRY_VALUE_OFFSET_SIZE = 0x000f,
BITLK_ENTRY_VALUE_RECOVERY_TIME = 0x015,
BITLK_ENTRY_VALUE_GUID = 0x0017,
+ BITLK_ENTRY_VALUE_HINT = 0x0018,
} BITLKFVEEntryValue;
struct bitlk_vmk {
--
2.49.0

39
cryptsetup-2.7.5-Abort-online-reencryption-for-misconfigured-devices.patch
View File

@ -1,39 +0,0 @@
From 63bb997b41b8e92fe09ce8cb6582e094e00e19a6 Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Mon, 26 Aug 2024 10:46:52 +0200
Subject: [PATCH 08/10] Abort online reencryption for misconfigured devices.
Hard abort is justified here. The online reencryption on
data devices that do not support O_DIRECT io flag is
dangerous and leads to data corruption. This should be
impossible to hit due to a patch that handles it
in initialization phase. Better safe than sorry.
---
lib/luks2/luks2_reencrypt.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/lib/luks2/luks2_reencrypt.c b/lib/luks2/luks2_reencrypt.c
index 6519c1e3..05f69d18 100644
--- a/lib/luks2/luks2_reencrypt.c
+++ b/lib/luks2/luks2_reencrypt.c
@@ -4230,9 +4230,14 @@ int crypt_reencrypt_run(
log_dbg(cd, "Resuming LUKS2 reencryption.");
- if (rh->online && reencrypt_init_device_stack(cd, rh)) {
- log_err(cd, _("Failed to initialize reencryption device stack."));
- return -EINVAL;
+ if (rh->online) {
+ /* This is last resort to avoid data corruption. Abort is justified here. */
+ assert(device_direct_io(crypt_data_device(cd)));
+
+ if (reencrypt_init_device_stack(cd, rh)) {
+ log_err(cd, _("Failed to initialize reencryption device stack."));
+ return -EINVAL;
+ }
}
log_dbg(cd, "Progress %" PRIu64 ", device_size %" PRIu64, rh->progress, rh->device_size);
--
2.46.0

35
cryptsetup-2.7.5-Do-not-handle-device-as-suspended-on-error.patch
View File

@ -1,35 +0,0 @@
From 53198bdea94e610e1e0378e3aff56e8d9f45ac09 Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Thu, 22 Aug 2024 13:39:06 +0200
Subject: [PATCH 01/10] Do not handle device as suspended on error.
Consider device is suspended only if dm_status_suspended return code
is true.
This function returned -EEXIST for dm devices with target types unknown
to libcryptsetup (for example dm-cache) and turned off O_DIRECT flag
for devices unexpectedly.
Turned out ignoring direct-io was a problem after all :).
Fixes: 0f51b5bacbf7 (Do not run sector read check on suspended device.)
---
lib/utils_device.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/utils_device.c b/lib/utils_device.c
index 3e2ac4f3..eccaf048 100644
--- a/lib/utils_device.c
+++ b/lib/utils_device.c
@@ -178,7 +178,7 @@ static int device_ready(struct crypt_device *cd, struct device *device)
if (devfd >= 0) {
/* skip check for suspended DM devices */
dm_name = device_dm_name(device);
- if (dm_name && dm_status_suspended(cd, dm_name)) {
+ if (dm_name && dm_status_suspended(cd, dm_name) > 0) {
close(devfd);
devfd = -1;
} else if (device_read_test(devfd) == 0) {
--
2.46.0

78
cryptsetup-2.7.5-Fix-detection-of-direct-io-with-suspended-devices.patch
View File

@ -1,78 +0,0 @@
From 4cdd022ba42df17b027be7c35c7028d01b54cecc Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Tue, 27 Aug 2024 12:13:54 +0200
Subject: [PATCH 06/10] Fix detection of direct-io with suspended devices.
Currently, direct-io is disabled if underlying device is suspended.
This was an unfortunate change, as it is part of data corruption
problem in online reenryption.
Let's relax the test to assume that suspended device
(suspended => must be a device-mapper device) supports direct-io.
The read test is still needed as some network based devices
misbehaves if opened with direct-io flag.
---
lib/utils_device.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/lib/utils_device.c b/lib/utils_device.c
index eccaf048..6b7af6e1 100644
--- a/lib/utils_device.c
+++ b/lib/utils_device.c
@@ -127,11 +127,19 @@ static size_t device_alignment_fd(int devfd)
return (size_t)alignment;
}
-static int device_read_test(int devfd)
+static int device_read_test(struct crypt_device *cd, int devfd, struct device *device)
{
char buffer[512];
int r = -EIO;
size_t minsize = 0, blocksize, alignment;
+ const char *dm_name;
+
+ /* skip check for suspended DM devices */
+ dm_name = device_dm_name(device);
+ if (dm_name && dm_status_suspended(cd, dm_name) > 0) {
+ log_dbg(cd, "Device %s is suspended, assuming direct-io is supported.", dm_name);
+ return 0;
+ }
blocksize = device_block_size_fd(devfd, &minsize);
alignment = device_alignment_fd(devfd);
@@ -148,6 +156,8 @@ static int device_read_test(int devfd)
if (read_blockwise(devfd, blocksize, alignment, buffer, minsize) == (ssize_t)minsize)
r = 0;
+ log_dbg(cd, "Direct-io is supported and works.");
+
crypt_safe_memzero(buffer, sizeof(buffer));
return r;
}
@@ -165,7 +175,6 @@ static int device_ready(struct crypt_device *cd, struct device *device)
int devfd = -1, r = 0;
struct stat st;
size_t tmp_size;
- const char *dm_name;
if (!device)
return -EINVAL;
@@ -176,12 +185,7 @@ static int device_ready(struct crypt_device *cd, struct device *device)
device->o_direct = 0;
devfd = open(device_path(device), O_RDONLY | O_DIRECT);
if (devfd >= 0) {
- /* skip check for suspended DM devices */
- dm_name = device_dm_name(device);
- if (dm_name && dm_status_suspended(cd, dm_name) > 0) {
- close(devfd);
- devfd = -1;
- } else if (device_read_test(devfd) == 0) {
+ if (device_read_test(cd, devfd, device) == 0) {
device->o_direct = 1;
} else {
close(devfd);
--
2.46.0

35
cryptsetup-2.7.5-Harden-online-reencryption-checks-in-initialization-.patch
View File

@ -1,35 +0,0 @@
From 9991cbc306963c8f03eb6dad82fa6c12f75d3b97 Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Mon, 26 Aug 2024 10:44:50 +0200
Subject: [PATCH 07/10] Harden online reencryption checks in initialization
phase.
Verify the data device supports O_DIRECT io flag in
the initialization phase. Online reencryption is not
safe unless we can read and write the data in direct
mode.
---
lib/luks2/luks2_reencrypt.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/lib/luks2/luks2_reencrypt.c b/lib/luks2/luks2_reencrypt.c
index c77de3f6..6519c1e3 100644
--- a/lib/luks2/luks2_reencrypt.c
+++ b/lib/luks2/luks2_reencrypt.c
@@ -3788,6 +3788,13 @@ static int reencrypt_init_by_passphrase(struct crypt_device *cd,
if (flags & CRYPT_REENCRYPT_RECOVERY)
return reencrypt_recovery_by_passphrase(cd, hdr, keyslot_old, keyslot_new, passphrase, passphrase_size);
+ if (name && !device_direct_io(crypt_data_device(cd))) {
+ log_dbg(cd, "Device %s does not support direct I/O.", device_path(crypt_data_device(cd)));
+ /* FIXME: Add more specific error mesage for translation later. */
+ log_err(cd, _("Failed to initialize reencryption device stack."));
+ return -EINVAL;
+ }
+
if (cipher && !crypt_cipher_wrapped_key(cipher, cipher_mode)) {
r = crypt_keyslot_get_key_size(cd, keyslot_new);
if (r < 0)
--
2.46.0

28
cryptsetup-2.7.5-Return-suspended-status-also-for-unknow-target-types.patch
View File

@ -1,28 +0,0 @@
From aeada055d19cddeda68661dc929a78b2bee35e25 Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Thu, 22 Aug 2024 13:41:03 +0200
Subject: [PATCH 1/9] Return suspended status also for unknow target types.
This patch allows dm_status_suspended() to report if device
is suspended or not also for unknown target types from
libcryptsetup perspective (e.g.: dm-cache).
---
lib/libdevmapper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c
index b8592ffa..a562a2d7 100644
--- a/lib/libdevmapper.c
+++ b/lib/libdevmapper.c
@@ -1911,7 +1911,7 @@ int dm_status_suspended(struct crypt_device *cd, const char *name)
r = dm_status_dmi(name, &dmi, NULL, NULL);
dm_exit_context();
- if (r < 0)
+ if (r < 0 && r != -EEXIST)
return r;
return dmi.suspended ? 1 : 0;
--
2.46.0

16
cryptsetup-2.8.1.tar.sign Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmikPjAACgkQ2bBXe9k+
mPzw4hAAqew2XZt7qfeHXNrx4Qx+5fh8J6kNBByMoBBBoNV778MUeE35hZ57L+0G
fCRJTcWvZX9WUomSY3L/n1h/kGrk/G59clBNXyBo/VlqGy4TnDIyX/5RfN93Ysfr
XzdZptH7PFLnhf6R9Y6bkRTCVdutW6WSW+CTeB6LnQHR97y2Jz/L+qTpExs9ujk9
FMuMI2bO+i5QaisvAqS7/z0ba18xdgNqplj8DUFygtuJiUeshtW/RHBr21Y762Ut
ZaliJbkww/XbI0CVyjoT0OrgRIpqr1tb1AwPNCU81MgCrB5q5pYOdcGkuRGIGKSG
+BC2qrHqlbNIu8SOu6JZ7mq2gkiyzz+Gg7AuKsvV9HPFkFEd40SIE2xNMxgwZtwB
jW9d07Cg90qGcKLqESwb5bNXRFxw8aBXHaaZraC5mAoYfOXaQAL+FlBtbcsADoFy
7TJEDyqC47nRB7dC0c8Cd7rqZ7nFWenf7oPXK87wFDIRDdv7OTtwD03fQdhy7j6N
+jX1vVH/xRDpEpcUTQyuo3CO/gN5w2TWPKHYFBkAV3qvQOTLKZXQCxyYNfSBfFmJ
IyeRPYb/Euk46jX+xpCeoP540YAL6BoLTHyis5wjjM9jTXTMKFa5ZivrMlWaRKS5
pp4EIpJlxuE8kGmKvMgPO3kgS4w3akjNpfdkeRWAPKaVVMzBY1Y=
=tRD6
-----END PGP SIGNATURE-----

39
cryptsetup-Add-FIPS-related-error-message-in-keyslot-add-code.patch
View File

@ -1,23 +1,23 @@
From 293abb5435e2b4bec7f8333fb11c88d5c1f45800 Mon Sep 17 00:00:00 2001
From 48af2c543e4bee3dff9bd95529bbf45106aa457e Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Mon, 5 Dec 2022 13:35:24 +0100
Subject: [PATCH 3/3] Add FIPS related error message in keyslot add code.
Subject: [PATCH] Add FIPS related error message in keyslot add code.
Add hints on what went wrong when creating new LUKS
keyslots. The hint is printed only in FIPS mode and
when pbkdf2 failed with passphrase shorter than 8
bytes.
---
lib/luks1/keymanage.c | 5 ++++-
lib/luks1/keymanage.c | 2 ++
lib/luks2/luks2_keyslot_luks2.c | 2 ++
2 files changed, 6 insertions(+), 1 deletion(-)
2 files changed, 4 insertions(+)
Index: cryptsetup-2.7.2/lib/luks1/keymanage.c
===================================================================
--- cryptsetup-2.7.2.orig/lib/luks1/keymanage.c
+++ cryptsetup-2.7.2/lib/luks1/keymanage.c
@@ -926,6 +926,8 @@ int LUKS_set_key(unsigned int keyIndex,
derived_key->key, hdr->keyBytes,
diff --git a/lib/luks1/keymanage.c b/lib/luks1/keymanage.c
index 37929810..a7ef0a25 100644
--- a/lib/luks1/keymanage.c
+++ b/lib/luks1/keymanage.c
@@ -916,6 +916,8 @@ int LUKS_set_key(unsigned int keyIndex,
derived_key, hdr->keyBytes,
hdr->keyblock[keyIndex].passwordIterations, 0, 0);
if (r < 0) {
+ if (crypt_fips_mode() && passwordLen < 8)
@ -25,16 +25,19 @@ Index: cryptsetup-2.7.2/lib/luks1/keymanage.c
if ((crypt_backend_flags() & CRYPT_BACKEND_PBKDF2_INT) &&
hdr->keyblock[keyIndex].passwordIterations > INT_MAX)
log_err(ctx, _("PBKDF2 iteration value overflow."));
Index: cryptsetup-2.7.2/lib/luks2/luks2_keyslot_luks2.c
===================================================================
--- cryptsetup-2.7.2.orig/lib/luks2/luks2_keyslot_luks2.c
+++ cryptsetup-2.7.2/lib/luks2/luks2_keyslot_luks2.c
@@ -269,6 +269,8 @@ static int luks2_keyslot_set_key(struct
pbkdf.iterations > INT_MAX)
diff --git a/lib/luks2/luks2_keyslot_luks2.c b/lib/luks2/luks2_keyslot_luks2.c
index ec68236c..f309125d 100644
--- a/lib/luks2/luks2_keyslot_luks2.c
+++ b/lib/luks2/luks2_keyslot_luks2.c
@@ -260,6 +260,8 @@ static int luks2_keyslot_set_key(struct crypt_device *cd,
log_err(cd, _("PBKDF2 iteration value overflow."));
crypt_free_volume_key(derived_key);
if (r == -ENOMEM)
log_err(cd, _("Not enough memory for keyslot key derivation."));
+ if (crypt_fips_mode() && passwordLen < 8 && !strcmp(pbkdf.type, "pbkdf2"))
+ log_err(cd, _("Invalid passphrase for PBKDF2 in FIPS mode."));
return r;
goto out;
}
--
2.50.1

23
cryptsetup-add-system-library-paths.patch
View File

@ -1,23 +0,0 @@
Index: cryptsetup-2.7.0/configure
===================================================================
--- cryptsetup-2.7.0.orig/configure
+++ cryptsetup-2.7.0/configure
@@ -14161,6 +14161,9 @@ fi
# before this can be enabled.
hardcode_into_libs=yes
+ # Add ABI-specific directories to the system library path.
+ sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib"
+
# Ideally, we could use ldconfig to report *all* directores which are
# searched for libraries, however this is still not possible. Aside from not
# being certain /sbin/ldconfig is available, command
@@ -14169,7 +14172,7 @@ fi
# appending ld.so.conf contents (and includes) to the search path.
if test -f /etc/ld.so.conf; then
lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra"
fi
# We used to test for /lib/ld.so.1 and disable shared libraries on

24
cryptsetup.spec
View File

@ -1,9 +1,10 @@
Summary: Utility for setting up encrypted disks
Name: cryptsetup
Version: 2.7.2
Release: 4%{?dist}
Version: 2.8.1
Release: 1%{?dist}
License: GPLv2+ and LGPLv2+
URL: https://gitlab.com/cryptsetup/cryptsetup
BuildRequires: autoconf, automake, libtool, gettext-devel,
BuildRequires: openssl-devel, popt-devel, device-mapper-devel
BuildRequires: libuuid-devel, gcc, json-c-devel
BuildRequires: libpwquality-devel, libblkid-devel
@ -18,16 +19,8 @@ Provides: %{name}-reencrypt = %{version}
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-%{upstream_version}.tar.xz
Patch0001: %{name}-Add-FIPS-related-error-message-in-keyslot-add-code.patch
Patch0002: %{name}-2.7.5-Do-not-handle-device-as-suspended-on-error.patch
Patch0003: %{name}-2.7.5-Return-suspended-status-also-for-unknow-target-types.patch
Patch0004: %{name}-2.7.5-Fix-detection-of-direct-io-with-suspended-devices.patch
Patch0005: %{name}-2.7.5-Harden-online-reencryption-checks-in-initialization-.patch
Patch0006: %{name}-2.7.5-Abort-online-reencryption-for-misconfigured-devices.patch
Patch0007: %{name}-Enable-to-use-Argon2-in-FIPS-with-openssl-backend.patch
Patch0008: %{name}-Warn-if-Argon2-keyslot-is-unlocked-in-FIPS-mode.patch
Patch0009: %{name}-2.7.3-bitlk-Ignore-unknown-VMK-entry-24.patch
# Following patch has to applied last
Patch9999: %{name}-add-system-library-paths.patch
Patch0002: %{name}-Enable-to-use-Argon2-in-FIPS-with-openssl-backend.patch
Patch0003: %{name}-Warn-if-Argon2-keyslot-is-unlocked-in-FIPS-mode.patch
%description
The cryptsetup package contains a utility for setting up
@ -69,6 +62,7 @@ disk integrity protection using dm-integrity kernel module.
%build
rm -f man/*.8
./autogen.sh
%configure --enable-fips --enable-pwquality --enable-internal-sse-argon2 --disable-ssh-token --enable-asciidoc --disable-hw-opal --with-plain-hash=ripemd160 --with-plain-cipher=aes --with-plain-mode=cbc-essiv:sha256
%make_build
@ -104,13 +98,17 @@ rm -rf %{buildroot}%{_libdir}/*.la
%{_libdir}/pkgconfig/libcryptsetup.pc
%files libs -f cryptsetup.lang
%license COPYING COPYING.LGPL
%license COPYING docs/licenses/COPYING.LGPL-2.1-or-later-WITH-cryptsetup-OpenSSL-exception
%{_libdir}/libcryptsetup.so.*
%dir %{_libdir}/%{name}/
%{_tmpfilesdir}/cryptsetup.conf
%ghost %attr(700, -, -) %dir /run/cryptsetup
%changelog
* Wed Sep 03 2025 Kristina Hanicova <khanicov@redhat.com> - 2.8.1-1
- Update to cryptsetup 2.8.1.
- Resolves: 100089
* Wed Jun 04 2025 Ondrej Kozina <okozina@redhat.com> - 2.7.2-4
- patch: Ignore unknown VMK entry 24 in bitlk metadata.
- Resolves: RHEL-94860

2
sources
View File

@ -1 +1 @@
SHA512 (cryptsetup-2.7.2.tar.xz) = 06f42f443b91d1f8af8af999dfedd4051ecb12ba5ef291cf2b44b6a5676e2c5cf1e686e19687f5cb6b1fd524dfc1a208cd25a3798367a480d80eac954aa8d6d4
SHA512 (cryptsetup-2.8.1.tar.xz) = a5171e18c55bfbc57330f2d46ab06b5ac6957392a77aef74c3d1c5295eb39962d1db19ddd3420ea1154d730b361d09e72bf5315c7a3d56eb36cee9c2531bca5d