diff --git a/0001-cryptsetup-add-system-library-paths.patch b/0001-cryptsetup-add-system-library-paths.patch deleted file mode 100644 index b09218ec01299ab129ca99592a21d2e625f7600a..0000000000000000000000000000000000000000 --- a/0001-cryptsetup-add-system-library-paths.patch +++ /dev/null @@ -1,35 +0,0 @@ -From b4d26d1500682dc375759c0ed16677197a433c64 Mon Sep 17 00:00:00 2001 -From: geruijun -Date: Sat, 18 Jul 2020 10:29:43 +0800 -Subject: [PATCH 1/2] cryptsetup add system library paths - ---- - configure | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/configure b/configure -index 145be42..7643af8 100755 ---- a/configure -+++ b/configure -@@ -12294,6 +12294,9 @@ fi - # before this can be enabled. - hardcode_into_libs=yes - -+ # Add ABI-specific directories to the system library path. -+ sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" -+ - # Ideally, we could use ldconfig to report *all* directores which are - # searched for libraries, however this is still not possible. Aside from not - # being certain /sbin/ldconfig is available, command -@@ -12302,7 +12305,7 @@ fi - # appending ld.so.conf contents (and includes) to the search path. - if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` -- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" -+ sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra" - fi - - # We used to test for /lib/ld.so.1 and disable shared libraries on --- -1.8.3.1 - diff --git a/0002-fix-compat-test.patch b/0002-fix-compat-test.patch deleted file mode 100644 index 172aa35ae3f4d828b9ab3e3517a16f0306885683..0000000000000000000000000000000000000000 --- a/0002-fix-compat-test.patch +++ /dev/null @@ -1,69 +0,0 @@ -From f73c9760f43897fce0d6aa32042f751a2e7d0de0 Mon Sep 17 00:00:00 2001 -From: hanzhijun -Date: Sat, 18 Jul 2020 10:30:03 +0800 -Subject: [PATCH 2/2] fix compat test - ---- - tests/compat-test | 15 ++++++++------- - 1 file changed, 8 insertions(+), 7 deletions(-) - -diff --git a/tests/compat-test b/tests/compat-test -index a71b247..9e395b1 100755 ---- a/tests/compat-test -+++ b/tests/compat-test -@@ -23,6 +23,7 @@ PWD0="compatkey" - PWD1="93R4P4pIqAH8" - PWD2="mymJeD8ivEhE" - PWD3="ocMakf3fAcQO" -+PWD4="hkj123HJGS12" - PWDW="rUkL4RUryBom" - VK_FILE="compattest_vkfile" - -@@ -239,17 +240,17 @@ echo $PWD1 | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail - echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT || fail - echo -e "$PWD0\n$PWD1" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail - echo "[4] change key" --echo -e "$PWD1\n$PWD0\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $IMG || fail -+echo -e "$PWD1\n$PWD4\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $IMG || fail - echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $IMG 2>/dev/null && fail - [ $? -ne 2 ] && fail "luksChangeKey should return EPERM exit code" - echo "[5] remove key" --# delete active keys PWD0, PWD2 -+# delete active keys PWD2, PWD4 - echo $PWD1 | $CRYPTSETUP luksRemoveKey $IMG 2>/dev/null && fail - [ $? -ne 2 ] && fail "luksRemove should return EPERM exit code" --echo $PWD0 | $CRYPTSETUP luksRemoveKey $IMG || fail - echo $PWD2 | $CRYPTSETUP luksRemoveKey $IMG || fail -+echo $PWD4 | $CRYPTSETUP luksRemoveKey $IMG || fail - # check if keys were deleted --echo $PWD0 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail -+echo $PWD4 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail - [ $? -ne 1 ] && fail "luksOpen should return ENOENT exit code" - echo $PWD2 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail - [ $? -ne 1 ] && fail "luksOpen should return ENOENT exit code" -@@ -866,11 +867,11 @@ set timeout $EXPECT_TIMEOUT - eval spawn $CRYPTSETUP_RAW luksOpen -v -T 2 $LOOPDEV $DEV_NAME - expect timeout abort "Enter passphrase for $EXPECT_DEV:" - sleep 0.1 --send "$PWD0 x\n" -+send "$PWD4 x\n" - expect timeout abort "No key available with this passphrase." - expect timeout abort "Enter passphrase for $EXPECT_DEV:" - sleep 0.1 --send "$PWD0 y\n" -+send "$PWD4 y\n" - expect timeout abort "No key available with this passphrase." - expect timeout abort eof - exit -@@ -886,7 +887,7 @@ expect timeout abort "Are you sure? (Type 'yes' in capital letters):" - send "YES\n" - expect timeout abort "Enter any remaining passphrase:" - sleep 0.1 --send "$PWD0\n" -+send "$PWD4\n" - expect timeout abort "Command successful." - expect timeout abort eof - eval spawn $CRYPTSETUP_RAW luksKillSlot -v $LOOPDEV 0 --- -2.30.0 - diff --git a/0003-fix-potential-null-pointer-dereference.patch b/0003-fix-potential-null-pointer-dereference.patch deleted file mode 100644 index 7d741ebb2bad6d1aa720225812347448fc1515e9..0000000000000000000000000000000000000000 --- a/0003-fix-potential-null-pointer-dereference.patch +++ /dev/null @@ -1,345 +0,0 @@ -From ec0efe7068081cf4787a881640eef155956f58b7 Mon Sep 17 00:00:00 2001 -From: wangzhiqiang -Date: Fri, 10 Feb 2023 15:02:23 +0800 -Subject: [PATCH] fix potential null pointer dereference. - -Signed-off-by: wangzhiqiang ---- - lib/luks2/luks2_digest_pbkdf2.c | 3 +++ - lib/luks2/luks2_json_format.c | 38 +++++++++++++++++++++++++++++---- - lib/luks2/luks2_json_metadata.c | 8 +++++++ - lib/luks2/luks2_keyslot.c | 8 +++++++ - lib/luks2/luks2_keyslot_luks2.c | 18 ++++++++++++++++ - lib/luks2/luks2_luks1_convert.c | 23 ++++++++++++++++++++ - src/cryptsetup.c | 3 +++ - src/integritysetup.c | 3 +++ - src/veritysetup.c | 3 +++ - tokens/ssh/cryptsetup-ssh.c | 8 ++++++- - 10 files changed, 110 insertions(+), 5 deletions(-) - -diff --git a/lib/luks2/luks2_digest_pbkdf2.c b/lib/luks2/luks2_digest_pbkdf2.c -index 1009cfb9..0eedb23d 100644 ---- a/lib/luks2/luks2_digest_pbkdf2.c -+++ b/lib/luks2/luks2_digest_pbkdf2.c -@@ -147,6 +147,9 @@ static int PBKDF2_digest_store(struct crypt_device *cd, - json_object_object_get_ex(hdr->jobj, "digests", &jobj_digests); - } - -+ if (!jobj_digest) -+ return -ENOMEM; -+ - json_object_object_add(jobj_digest, "type", json_object_new_string("pbkdf2")); - json_object_object_add(jobj_digest, "keyslots", json_object_new_array()); - json_object_object_add(jobj_digest, "segments", json_object_new_array()); -diff --git a/lib/luks2/luks2_json_format.c b/lib/luks2/luks2_json_format.c -index 44563588..1aca50c0 100644 ---- a/lib/luks2/luks2_json_format.c -+++ b/lib/luks2/luks2_json_format.c -@@ -299,29 +299,59 @@ int LUKS2_generate_hdr( - return -EINVAL; - - hdr->jobj = json_object_new_object(); -+ if (!hdr->jobj) { -+ r = -ENOMEM; -+ goto err; -+ } - - jobj_keyslots = json_object_new_object(); -+ if (!jobj_keyslots) { -+ r = -ENOMEM; -+ goto err; -+ } -+ - json_object_object_add(hdr->jobj, "keyslots", jobj_keyslots); - json_object_object_add(hdr->jobj, "tokens", json_object_new_object()); - jobj_segments = json_object_new_object(); -+ if (!jobj_segments) { -+ r = -ENOMEM; -+ goto err; -+ } -+ - json_object_object_add(hdr->jobj, "segments", jobj_segments); - json_object_object_add(hdr->jobj, "digests", json_object_new_object()); - jobj_config = json_object_new_object(); -+ if (!jobj_config) { -+ r = -ENOMEM; -+ goto err; -+ } -+ - json_object_object_add(hdr->jobj, "config", jobj_config); - - digest = LUKS2_digest_create(cd, "pbkdf2", hdr, vk); -- if (digest < 0) -+ if (digest < 0) { -+ r = -EINVAL; - goto err; -+ } - -- if (LUKS2_digest_segment_assign(cd, hdr, 0, digest, 1, 0) < 0) -+ if (LUKS2_digest_segment_assign(cd, hdr, 0, digest, 1, 0) < 0) { -+ r = -EINVAL; - goto err; -+ } - - jobj_segment = json_segment_create_crypt(data_offset, 0, NULL, cipher, sector_size, 0); -- if (!jobj_segment) -+ if (!jobj_segment) { -+ r = -EINVAL; - goto err; -+ } - - if (integrity) { - jobj_integrity = json_object_new_object(); -+ if (!jobj_integrity) { -+ r = -ENOMEM; -+ goto err; -+ } -+ - json_object_object_add(jobj_integrity, "type", json_object_new_string(integrity)); - json_object_object_add(jobj_integrity, "journal_encryption", json_object_new_string("none")); - json_object_object_add(jobj_integrity, "journal_integrity", json_object_new_string("none")); -@@ -338,7 +368,7 @@ int LUKS2_generate_hdr( - err: - json_object_put(hdr->jobj); - hdr->jobj = NULL; -- return -EINVAL; -+ return r; - } - - int LUKS2_wipe_header_areas(struct crypt_device *cd, -diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c -index 4771f040..f3e325e9 100644 ---- a/lib/luks2/luks2_json_metadata.c -+++ b/lib/luks2/luks2_json_metadata.c -@@ -88,6 +88,9 @@ struct json_object *LUKS2_array_remove(struct json_object *array, const char *nu - - /* Create new array without jobj_removing. */ - array_new = json_object_new_array(); -+ if (!array_new) -+ return NULL; -+ - for (i = 0; i < (int) json_object_array_length(array); i++) { - jobj1 = json_object_array_get_idx(array, i); - if (jobj1 != jobj_removing) -@@ -478,6 +481,9 @@ static int hdr_validate_json_size(struct crypt_device *cd, json_object *hdr_jobj - - json = json_object_to_json_string_ext(hdr_jobj, - JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE); -+ if (!json) -+ return 1; -+ - json_area_size = crypt_jobj_get_uint64(jobj1); - json_size = (uint64_t)strlen(json); - -@@ -1575,6 +1581,8 @@ int LUKS2_config_set_flags(struct crypt_device *cd, struct luks2_hdr *hdr, uint3 - return 0; - - jobj_flags = json_object_new_array(); -+ if (!jobj_flags) -+ return -ENOMEM; - - for (i = 0; persistent_flags[i].description; i++) { - if (flags & persistent_flags[i].flag) { -diff --git a/lib/luks2/luks2_keyslot.c b/lib/luks2/luks2_keyslot.c -index 5cf4b83d..8e6d99a4 100644 ---- a/lib/luks2/luks2_keyslot.c -+++ b/lib/luks2/luks2_keyslot.c -@@ -803,6 +803,9 @@ int placeholder_keyslot_alloc(struct crypt_device *cd, - return -EINVAL; - - jobj_keyslot = json_object_new_object(); -+ if (!jobj_keyslot) -+ return -ENOMEM; -+ - json_object_object_add(jobj_keyslot, "type", json_object_new_string("placeholder")); - /* - * key_size = -1 makes placeholder keyslot impossible to pass validation. -@@ -813,6 +816,11 @@ int placeholder_keyslot_alloc(struct crypt_device *cd, - - /* Area object */ - jobj_area = json_object_new_object(); -+ if (!jobj_area) { -+ json_object_put(jobj_keyslot); -+ return -ENOMEM; -+ } -+ - json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset)); - json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length)); - json_object_object_add(jobj_keyslot, "area", jobj_area); -diff --git a/lib/luks2/luks2_keyslot_luks2.c b/lib/luks2/luks2_keyslot_luks2.c -index 491dcad8..83905e33 100644 ---- a/lib/luks2/luks2_keyslot_luks2.c -+++ b/lib/luks2/luks2_keyslot_luks2.c -@@ -512,17 +512,32 @@ static int luks2_keyslot_alloc(struct crypt_device *cd, - } - - jobj_keyslot = json_object_new_object(); -+ if (!jobj_keyslot) { -+ r = -ENOMEM; -+ goto err; -+ } -+ - json_object_object_add(jobj_keyslot, "type", json_object_new_string("luks2")); - json_object_object_add(jobj_keyslot, "key_size", json_object_new_int(volume_key_len)); - - /* AF object */ - jobj_af = json_object_new_object(); -+ if (!jobj_af) { -+ r = -ENOMEM; -+ goto err; -+ } -+ - json_object_object_add(jobj_af, "type", json_object_new_string("luks1")); - json_object_object_add(jobj_af, "stripes", json_object_new_int(params->af.luks1.stripes)); - json_object_object_add(jobj_keyslot, "af", jobj_af); - - /* Area object */ - jobj_area = json_object_new_object(); -+ if (!jobj_area) { -+ r = -ENOMEM; -+ goto err; -+ } -+ - json_object_object_add(jobj_area, "type", json_object_new_string("raw")); - json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset)); - json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length)); -@@ -541,6 +556,9 @@ static int luks2_keyslot_alloc(struct crypt_device *cd, - json_object_object_del_by_uint(jobj_keyslots, keyslot); - - return r; -+err: -+ json_object_put(jobj_keyslot); -+ return r; - } - - static int luks2_keyslot_open(struct crypt_device *cd, -diff --git a/lib/luks2/luks2_luks1_convert.c b/lib/luks2/luks2_luks1_convert.c -index 6d3fa1e1..a51049c9 100644 ---- a/lib/luks2/luks2_luks1_convert.c -+++ b/lib/luks2/luks2_luks1_convert.c -@@ -67,11 +67,21 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc - int r; - - keyslot_obj = json_object_new_object(); -+ if (!keyslot_obj) { -+ r = -ENOMEM; -+ goto err; -+ } -+ - json_object_object_add(keyslot_obj, "type", json_object_new_string("luks2")); - json_object_object_add(keyslot_obj, "key_size", json_object_new_int64(hdr_v1->keyBytes)); - - /* KDF */ - jobj_kdf = json_object_new_object(); -+ if (!jobj_kdf) { -+ r = -ENOMEM; -+ goto err; -+ } -+ - json_object_object_add(jobj_kdf, "type", json_object_new_string(CRYPT_KDF_PBKDF2)); - json_object_object_add(jobj_kdf, "hash", json_object_new_string(hdr_v1->hashSpec)); - json_object_object_add(jobj_kdf, "iterations", json_object_new_int64(hdr_v1->keyblock[keyslot].passwordIterations)); -@@ -89,6 +99,11 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc - - /* AF */ - jobj_af = json_object_new_object(); -+ if (!jobj_af) { -+ r = -ENOMEM; -+ goto err; -+ } -+ - json_object_object_add(jobj_af, "type", json_object_new_string("luks1")); - json_object_object_add(jobj_af, "hash", json_object_new_string(hdr_v1->hashSpec)); - /* stripes field ignored, fixed to LUKS_STRIPES (4000) */ -@@ -97,6 +112,11 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc - - /* Area */ - jobj_area = json_object_new_object(); -+ if (!jobj_area) { -+ r = -ENOMEM; -+ goto err; -+ } -+ - json_object_object_add(jobj_area, "type", json_object_new_string("raw")); - - /* encryption algorithm field */ -@@ -124,6 +144,9 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc - - *keyslot_object = keyslot_obj; - return 0; -+err: -+ json_object_put(keyslot_obj); -+ return r; - } - - static int json_luks1_keyslots(const struct luks_phdr *hdr_v1, struct json_object **keyslots_object) -diff --git a/src/cryptsetup.c b/src/cryptsetup.c -index e387c1c1..e14ab8bb 100644 ---- a/src/cryptsetup.c -+++ b/src/cryptsetup.c -@@ -3439,6 +3439,9 @@ int main(int argc, const char **argv) - textdomain(PACKAGE); - - popt_context = poptGetContext(PACKAGE, argc, argv, popt_options, 0); -+ if (!popt_context) -+ exit(EXIT_FAILURE); -+ - poptSetOtherOptionHelp(popt_context, - _("[OPTION...] ")); - -diff --git a/src/integritysetup.c b/src/integritysetup.c -index eee61715..6d5b7cf9 100644 ---- a/src/integritysetup.c -+++ b/src/integritysetup.c -@@ -660,6 +660,9 @@ int main(int argc, const char **argv) - textdomain(PACKAGE); - - popt_context = poptGetContext("integrity", argc, argv, popt_options, 0); -+ if (!popt_context) -+ exit(EXIT_FAILURE); -+ - poptSetOtherOptionHelp(popt_context, - _("[OPTION...] ")); - -diff --git a/src/veritysetup.c b/src/veritysetup.c -index 8be81cc8..cd966389 100644 ---- a/src/veritysetup.c -+++ b/src/veritysetup.c -@@ -599,6 +599,9 @@ int main(int argc, const char **argv) - textdomain(PACKAGE); - - popt_context = poptGetContext("verity", argc, argv, popt_options, 0); -+ if (!popt_context) -+ exit(EXIT_FAILURE); -+ - poptSetOtherOptionHelp(popt_context, - _("[OPTION...] ")); - -diff --git a/tokens/ssh/cryptsetup-ssh.c b/tokens/ssh/cryptsetup-ssh.c -index 7c0bf02f..efc38f73 100644 ---- a/tokens/ssh/cryptsetup-ssh.c -+++ b/tokens/ssh/cryptsetup-ssh.c -@@ -80,13 +80,19 @@ static int token_add( - - r = -EINVAL; - jobj = json_object_new_object(); -- if (!jobj) -+ if (!jobj) { -+ r = -ENOMEM; - goto out; -+ } - - /* type is mandatory field in all tokens and must match handler name member */ - json_object_object_add(jobj, "type", json_object_new_string(TOKEN_NAME)); - - jobj_keyslots = json_object_new_array(); -+ if (!jobj_keyslots) { -+ r = -ENOMEM; -+ goto out; -+ } - - /* mandatory array field (may be empty and assigned later */ - json_object_object_add(jobj, "keyslots", jobj_keyslots); --- -2.33.0 - diff --git a/0004-Update-file-cryptsetup-ssh.c.patch b/0004-Update-file-cryptsetup-ssh.c.patch deleted file mode 100644 index d68a031df0c8573d115a02c1270806ec83a62d63..0000000000000000000000000000000000000000 --- a/0004-Update-file-cryptsetup-ssh.c.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 1f805cb35ae1d2ec9d19d8b9bad0bda98cbdc938 Mon Sep 17 00:00:00 2001 -From: wangzhiqiang -Date: Fri, 10 Feb 2023 16:48:19 +0000 -Subject: [PATCH] Update file cryptsetup-ssh.c - ---- - tokens/ssh/cryptsetup-ssh.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/tokens/ssh/cryptsetup-ssh.c b/tokens/ssh/cryptsetup-ssh.c -index efc38f73..e356898f 100644 ---- a/tokens/ssh/cryptsetup-ssh.c -+++ b/tokens/ssh/cryptsetup-ssh.c -@@ -78,7 +78,6 @@ static int token_add( - goto out; - } - -- r = -EINVAL; - jobj = json_object_new_object(); - if (!jobj) { - r = -ENOMEM; --- -2.33.0 - diff --git a/cryptsetup-2.6.0.tar.xz b/cryptsetup-2.6.1.tar.xz similarity index 59% rename from cryptsetup-2.6.0.tar.xz rename to cryptsetup-2.6.1.tar.xz index 6a86e6b7ff235e5068bd0481a00b92dff8f0b992..ae96a912f5ef5e0a41fc8bde0537724764057f32 100644 Binary files a/cryptsetup-2.6.0.tar.xz and b/cryptsetup-2.6.1.tar.xz differ diff --git a/cryptsetup.spec b/cryptsetup.spec index 80fc32a36bfae56c62f24591f8588a83829d4836..93a3f455d27f446a952a5751acc64229c2fe7e67 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -1,16 +1,11 @@ Name: cryptsetup -Version: 2.6.0 -Release: 2 +Version: 2.6.1 +Release: 1 Summary: Utility used to conveniently set up disk encryption License: GPLv2+ and CC0-1.0 and LGPLv2+ URL: https://gitlab.com/cryptsetup/cryptsetup Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-%{version}.tar.xz -Patch1: 0001-cryptsetup-add-system-library-paths.patch -Patch2: 0002-fix-compat-test.patch -Patch3: 0003-fix-potential-null-pointer-dereference.patch -Patch4: 0004-Update-file-cryptsetup-ssh.c.patch - BuildRequires: openssl-devel, popt-devel, device-mapper-devel, gcc, libssh-devel, asciidoctor BuildRequires: libuuid-devel, json-c-devel, libargon2-devel, libpwquality-devel, libblkid-devel Requires: libpwquality >= 1.2.0 @@ -104,6 +99,9 @@ make check %{_mandir}/man8/* %changelog +* Fri Nov 17 2023 zhangkea - 2.6.1-1 +- Update to cryptsetup 2.6.1 + * Wed Mar 22 2023 wangzhiqiang - 2.6.0-2 - fix potential null pointer dereference