diff --git a/0001-Emit-error-message-for-converting-inactive-keyslot.patch b/0001-Emit-error-message-for-converting-inactive-keyslot.patch deleted file mode 100644 index 5dacf4502a6fd817a346e0b47072948d0a920779..0000000000000000000000000000000000000000 --- a/0001-Emit-error-message-for-converting-inactive-keyslot.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 1c6d66fccc91ff37d7f991a3213bc33f5f6426b6 Mon Sep 17 00:00:00 2001 -From: Ondrej Kozina -Date: Fri, 14 Sep 2018 11:18:48 +0200 -Subject: [PATCH 040/324] Emit error message for converting inactive keyslot. - -Fixes: #416. ---- - src/cryptsetup.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/cryptsetup.c b/src/cryptsetup.c -index 52efd71..cc3520c 100644 ---- a/src/cryptsetup.c -+++ b/src/cryptsetup.c -@@ -1535,6 +1535,12 @@ static int action_luksConvertKey(void) - if ((r = crypt_load(cd, CRYPT_LUKS2, NULL))) - goto out; - -+ if (crypt_keyslot_status(cd, opt_key_slot) == CRYPT_SLOT_INACTIVE) { -+ r = -EINVAL; -+ log_err(_("Keyslot %d is not active."), opt_key_slot); -+ goto out; -+ } -+ - r = set_pbkdf_params(cd, crypt_get_type(cd)); - if (r) { - log_err(_("Failed to set pbkdf parameters.")); --- -2.19.1 - diff --git a/0000-cryptsetup-add-system-library-paths.patch b/0001-cryptsetup-add-system-library-paths.patch similarity index 68% rename from 0000-cryptsetup-add-system-library-paths.patch rename to 0001-cryptsetup-add-system-library-paths.patch index cc22adf7c5015b7fa970f7acbb5850590beae817..b09218ec01299ab129ca99592a21d2e625f7600a 100644 --- a/0000-cryptsetup-add-system-library-paths.patch +++ b/0001-cryptsetup-add-system-library-paths.patch @@ -1,7 +1,17 @@ -diff -rupN cryptsetup-2.0.4.old/configure cryptsetup-2.0.4/configure ---- cryptsetup-2.0.4.old/configure 2018-08-03 12:31:52.000000000 +0200 -+++ cryptsetup-2.0.4/configure 2018-08-03 13:42:50.605275535 +0200 -@@ -12300,6 +12300,9 @@ fi +From b4d26d1500682dc375759c0ed16677197a433c64 Mon Sep 17 00:00:00 2001 +From: geruijun +Date: Sat, 18 Jul 2020 10:29:43 +0800 +Subject: [PATCH 1/2] cryptsetup add system library paths + +--- + configure | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/configure b/configure +index 145be42..7643af8 100755 +--- a/configure ++++ b/configure +@@ -12294,6 +12294,9 @@ fi # before this can be enabled. hardcode_into_libs=yes @@ -11,7 +21,7 @@ diff -rupN cryptsetup-2.0.4.old/configure cryptsetup-2.0.4/configure # Ideally, we could use ldconfig to report *all* directores which are # searched for libraries, however this is still not possible. Aside from not # being certain /sbin/ldconfig is available, command -@@ -12308,7 +12311,7 @@ fi +@@ -12302,7 +12305,7 @@ fi # appending ld.so.conf contents (and includes) to the search path. if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` @@ -20,3 +30,6 @@ diff -rupN cryptsetup-2.0.4.old/configure cryptsetup-2.0.4/configure fi # We used to test for /lib/ld.so.1 and disable shared libraries on +-- +1.8.3.1 + diff --git a/0002-Move-blkid-scan-after-device-context-initialization.patch b/0002-Move-blkid-scan-after-device-context-initialization.patch deleted file mode 100644 index a7742d7530157e15e650b00f26197d72bd105f4c..0000000000000000000000000000000000000000 --- a/0002-Move-blkid-scan-after-device-context-initialization.patch +++ /dev/null @@ -1,103 +0,0 @@ -From b93b67633676e4b9ae627532774c60661e3a1613 Mon Sep 17 00:00:00 2001 -From: Ondrej Kozina -Date: Mon, 24 Sep 2018 14:58:16 +0200 -Subject: [PATCH 041/324] Move blkid scan after device context initialization. - -Fixes bug with misleading error message when target device -does not exist. ---- - src/cryptsetup.c | 30 ++++++++++++++++-------------- - src/integritysetup.c | 20 +++++++++++--------- - 2 files changed, 27 insertions(+), 23 deletions(-) - -diff --git a/src/cryptsetup.c b/src/cryptsetup.c -index cc3520c..371948f 100644 ---- a/src/cryptsetup.c -+++ b/src/cryptsetup.c -@@ -987,20 +987,6 @@ static int action_luksFormat(void) - - header_device = opt_header_device ?: action_argv[0]; - -- /* Print all present signatures in read-only mode */ -- r = tools_detect_signatures(header_device, 0, &signatures); -- if (r < 0) -- return r; -- -- r = asprintf(&msg, _("This will overwrite data on %s irrevocably."), header_device); -- if (r == -1) -- return -ENOMEM; -- -- r = yesDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL; -- free(msg); -- if (r < 0) -- return r; -- - r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(LUKS1), - cipher, NULL, cipher_mode); - if (r < 0) { -@@ -1028,6 +1014,22 @@ static int action_luksFormat(void) - return r; - } - -+ /* Print all present signatures in read-only mode */ -+ r = tools_detect_signatures(header_device, 0, &signatures); -+ if (r < 0) -+ goto out; -+ -+ r = asprintf(&msg, _("This will overwrite data on %s irrevocably."), header_device); -+ if (r == -1) { -+ r = -ENOMEM; -+ goto out; -+ } -+ -+ r = yesDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL; -+ free(msg); -+ if (r < 0) -+ goto out; -+ - keysize = (opt_key_size ?: DEFAULT_LUKS1_KEYBITS) / 8 + integrity_keysize; - - if (opt_random) -diff --git a/src/integritysetup.c b/src/integritysetup.c -index c1c31ee..a3b382f 100644 ---- a/src/integritysetup.c -+++ b/src/integritysetup.c -@@ -209,24 +209,26 @@ static int action_format(int arg) - params.journal_crypt = journal_crypt; - } - -- r = tools_detect_signatures(action_argv[0], 0, &signatures); -+ r = _read_keys(&integrity_key, ¶ms); -+ if (r) -+ goto out; -+ -+ r = crypt_init(&cd, action_argv[0]); - if (r < 0) -- return r; -+ goto out; - - r = asprintf(&msg, _("This will overwrite data on %s irrevocably."), action_argv[0]); -- if (r == -1) -- return -ENOMEM; -+ if (r == -1) { -+ r = -ENOMEM; -+ goto out; -+ } - - r = yesDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL; - free(msg); - if (r < 0) -- return r; -- -- r = _read_keys(&integrity_key, ¶ms); -- if (r) - goto out; - -- r = crypt_init(&cd, action_argv[0]); -+ r = tools_detect_signatures(action_argv[0], 0, &signatures); - if (r < 0) - goto out; - --- -2.19.1 - diff --git a/0013-fix-blockwise-compat-and-compat-test.patch b/0002-fix-compat-test.patch similarity index 62% rename from 0013-fix-blockwise-compat-and-compat-test.patch rename to 0002-fix-compat-test.patch index b849cd5c7e359a9f909a7c13e5222b229b906043..d302aa9e2f2d1f9681247aaf69578b3648ae9551 100644 --- a/0013-fix-blockwise-compat-and-compat-test.patch +++ b/0002-fix-compat-test.patch @@ -1,30 +1,17 @@ -From 6787f5239975b9fa65f36dadbd37486246827d1c Mon Sep 17 00:00:00 2001 +From f73c9760f43897fce0d6aa32042f751a2e7d0de0 Mon Sep 17 00:00:00 2001 From: hanzhijun -Date: Mon, 6 May 2019 16:23:24 +0800 -Subject: [PATCH] Fix blockwise compat and compat test failure +Date: Sat, 18 Jul 2020 10:30:03 +0800 +Subject: [PATCH 2/2] fix compat test --- - tests/blockwise-compat | 2 +- - tests/compat-test | 15 ++++++++------- - 2 files changed, 9 insertions(+), 8 deletions(-) + tests/compat-test | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) -diff --git a/tests/blockwise-compat b/tests/blockwise-compat -index da94ce8..64870dd 100755 ---- a/tests/blockwise-compat -+++ b/tests/blockwise-compat -@@ -65,7 +65,7 @@ - } - - falloc() { -- fallocate -l"$1"m $2 2>/dev/null || dd if=/dev/zero of=$2 bs=1M count=$1 2> /dev/null -+ dd if=/dev/zero of=$2 bs=1M count=$1 2> /dev/null - } - - run_all_in_fs() { diff --git a/tests/compat-test b/tests/compat-test ---- a/tests/compat-test 2019-04-30 14:21:49.588000000 +0800 -+++ b/tests/compat-test 2019-04-30 15:01:33.524000000 +0800 -@@ -21,6 +21,7 @@ +index a61453e..7ee946e 100755 +--- a/tests/compat-test ++++ b/tests/compat-test +@@ -22,6 +22,7 @@ PWD0="compatkey" PWD1="93R4P4pIqAH8" PWD2="mymJeD8ivEhE" PWD3="ocMakf3fAcQO" @@ -32,7 +19,7 @@ diff --git a/tests/compat-test b/tests/compat-test PWDW="rUkL4RUryBom" VK_FILE="compattest_vkfile" -@@ -193,17 +194,17 @@ +@@ -225,17 +226,17 @@ echo $PWD1 | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT || fail echo -e "$PWD0\n$PWD1" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail echo "[4] change key" @@ -51,12 +38,12 @@ diff --git a/tests/compat-test b/tests/compat-test # check if keys were deleted -echo $PWD0 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail +echo $PWD4 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail - [ $? -ne 2 ] && fail "luksOpen should return EPERM exit code" + [ $? -ne 1 ] && fail "luksOpen should return ENOENT exit code" echo $PWD2 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail - [ $? -ne 2 ] && fail "luksOpen should return EPERM exit code" -@@ -803,16 +804,16 @@ + [ $? -ne 1 ] && fail "luksOpen should return ENOENT exit code" +@@ -867,16 +868,16 @@ expect timeout abort "Are you sure? (Type 'yes' in capital letters):" send "YES\n" - expect timeout abort "Enter passphrase for $LOOPDEV:" + expect timeout abort "Enter passphrase for $EXPECT_DEV:" sleep 0.1 -send "$PWD0\n" +send "$PWD4\n" @@ -67,10 +54,13 @@ diff --git a/tests/compat-test b/tests/compat-test expect timeout abort "Command successful." expect timeout abort eof eval spawn $CRYPTSETUP luksOpen -v $LOOPDEV --test-passphrase - expect timeout abort "Enter passphrase for $LOOPDEV:" + expect timeout abort "Enter passphrase for $EXPECT_DEV:" sleep 0.1 -send "$PWD0\n" +send "$PWD4\n" expect timeout abort "Command successful." expect timeout abort eof exit +-- +1.8.3.1 + diff --git a/0003-Add-blkid-scan-when-attemting-to-open-plain-device.patch b/0003-Add-blkid-scan-when-attemting-to-open-plain-device.patch deleted file mode 100644 index d49ee82ed8496d09a061f33ea91ca87245869ed5..0000000000000000000000000000000000000000 --- a/0003-Add-blkid-scan-when-attemting-to-open-plain-device.patch +++ /dev/null @@ -1,110 +0,0 @@ -From ee689d88b4bd9584272e01f1c467aa4648280004 Mon Sep 17 00:00:00 2001 -From: Ondrej Kozina -Date: Mon, 24 Sep 2018 15:38:05 +0200 -Subject: [PATCH 042/324] Add blkid scan when attemting to open plain device. - -Warn user about existing device signatures on candidate ciphertext -device and prompt for action confirmation. - -Fixes #411. ---- - src/cryptsetup.c | 27 ++++++++++++++++++++++++--- - tests/device-test | 6 +++--- - tests/discards-test | 2 +- - 3 files changed, 28 insertions(+), 7 deletions(-) - -diff --git a/src/cryptsetup.c b/src/cryptsetup.c -index 371948f..90fc703 100644 ---- a/src/cryptsetup.c -+++ b/src/cryptsetup.c -@@ -166,7 +166,7 @@ static void _set_activation_flags(uint32_t *flags) - static int action_open_plain(void) - { - struct crypt_device *cd = NULL; -- char cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN]; -+ char *msg, cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN]; - struct crypt_params_plain params = { - .hash = opt_hash ?: DEFAULT_PLAIN_HASH, - .skip = opt_skip, -@@ -175,8 +175,8 @@ static int action_open_plain(void) - .sector_size = opt_sector_size, - }; - char *password = NULL; -- size_t passwordLen, key_size_max; -- size_t key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS) / 8; -+ size_t passwordLen, key_size_max, signatures, -+ key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS) / 8; - uint32_t activate_flags = 0; - int r; - -@@ -205,6 +205,27 @@ static int action_open_plain(void) - if ((r = crypt_init(&cd, action_argv[0]))) - goto out; - -+ /* Skip blkid scan when activating plain device with offset */ -+ if (!opt_offset) { -+ /* Print all present signatures in read-only mode */ -+ r = tools_detect_signatures(action_argv[0], 0, &signatures); -+ if (r < 0) -+ goto out; -+ } -+ -+ if (signatures) { -+ r = asprintf(&msg, _("Detected device signature(s) on %s. Proceeding further may damage existing data."), action_argv[0]); -+ if (r == -1) { -+ r = -ENOMEM; -+ goto out; -+ } -+ -+ r = yesDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL; -+ free(msg); -+ if (r < 0) -+ goto out; -+ } -+ - r = crypt_format(cd, CRYPT_PLAIN, - cipher, cipher_mode, - NULL, NULL, -diff --git a/tests/device-test b/tests/device-test -index b9ba98d..c49eb84 100755 ---- a/tests/device-test -+++ b/tests/device-test -@@ -97,11 +97,11 @@ if [ -z "$DM_PERF_CPU" ]; then - SKIP_COUNT=$((SKIP_COUNT+1)) - else - # plain -- echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail -+ echo -e "$PWD1" | $CRYPTSETUP open -q --type plain $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail - $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail - $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail - $CRYPTSETUP close $DEV_NAME || fail -- echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail -+ echo -e "$PWD1" | $CRYPTSETUP open -q --type plain $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail - $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail - $CRYPTSETUP status $DEV_NAME | grep -q discards || fail - $CRYPTSETUP close $DEV_NAME || fail -@@ -152,7 +152,7 @@ else - echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --sector-size 1234 >/dev/null 2>&1 && fail - for S in 512 1024 2048 4096; do - echo -n "[$S]" -- echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --sector-size $S || fail -+ echo -e "$PWD1" | $CRYPTSETUP open -q --type plain $DEV $DEV_NAME --sector-size $S || fail - check_sector_size $S - $CRYPTSETUP close $DEV_NAME || fail - done -diff --git a/tests/discards-test b/tests/discards-test -index 5ffe7ab..476c04d 100755 ---- a/tests/discards-test -+++ b/tests/discards-test -@@ -74,7 +74,7 @@ dmsetup table $DEV_NAME | grep allow_discards >/dev/null || fail - $CRYPTSETUP luksClose $DEV_NAME || fail - - echo "[2] Allowing discards for plain device" --echo $PWD1 | $CRYPTSETUP create $DEV_NAME $DEV --hash sha1 --allow-discards || fail -+echo $PWD1 | $CRYPTSETUP create -q $DEV_NAME $DEV --hash sha1 --allow-discards || fail - $CRYPTSETUP status $DEV_NAME | grep flags | grep discards >/dev/null || fail - $CRYPTSETUP resize $DEV_NAME --size 100 || fail - $CRYPTSETUP status $DEV_NAME | grep flags | grep discards >/dev/null || fail --- -2.19.1 - diff --git a/0004-Wiping-empty-device-should-not-fail.patch b/0004-Wiping-empty-device-should-not-fail.patch deleted file mode 100644 index acb5f4fb5e3860a1fb8b874abb253f75001d3103..0000000000000000000000000000000000000000 --- a/0004-Wiping-empty-device-should-not-fail.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 879e06db39cb2d1113bb64a9ec0b5480cb837fca Mon Sep 17 00:00:00 2001 -From: Milan Broz -Date: Thu, 11 Oct 2018 15:38:56 +0200 -Subject: [PATCH 061/324] Wiping empty device should not fail. - ---- - lib/utils_wipe.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/utils_wipe.c b/lib/utils_wipe.c -index 77550c7..04cc531 100644 ---- a/lib/utils_wipe.c -+++ b/lib/utils_wipe.c -@@ -161,7 +161,7 @@ int crypt_wipe_device(struct crypt_device *cd, - return errno ? -errno : -EINVAL; - - r = device_size(device, &dev_size); -- if (r) -+ if (r || dev_size == 0) - goto out; - - if (length) { --- -2.19.1 - diff --git a/0005-Do-not-copy-buffer-if-read-fails.patch b/0005-Do-not-copy-buffer-if-read-fails.patch deleted file mode 100644 index 02f4d1eb8e5ced0b4c76041ce9da954ee56e6426..0000000000000000000000000000000000000000 --- a/0005-Do-not-copy-buffer-if-read-fails.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 31532adf8636f9795ab5f077ace4e3f00148d399 Mon Sep 17 00:00:00 2001 -From: Milan Broz -Date: Thu, 11 Oct 2018 15:39:31 +0200 -Subject: [PATCH 062/324] Do not copy buffer if read fails. - ---- - lib/utils_io.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/lib/utils_io.c b/lib/utils_io.c -index 1facac0..d7e1cbe 100644 ---- a/lib/utils_io.c -+++ b/lib/utils_io.c -@@ -184,7 +184,8 @@ ssize_t read_blockwise(int fd, size_t bsize, size_t alignment, - out: - free(hangover_buf); - if (buf != orig_buf) { -- memcpy(orig_buf, buf, length); -+ if (ret == length) -+ memcpy(orig_buf, buf, length); - free(buf); - } - return ret; --- -2.19.1 - diff --git a/0006-Do-not-fail-if-device-is-smaller-than-requested-wipe.patch b/0006-Do-not-fail-if-device-is-smaller-than-requested-wipe.patch deleted file mode 100644 index 0b4e92bf27bc5c3668142c16b3a8fa4730996aa1..0000000000000000000000000000000000000000 --- a/0006-Do-not-fail-if-device-is-smaller-than-requested-wipe.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 36e883967538069d81634bd2e6fa188732f0a77a Mon Sep 17 00:00:00 2001 -From: Milan Broz -Date: Thu, 11 Oct 2018 21:19:35 +0200 -Subject: [PATCH 066/324] Do not fail if device is smaller than requested wipe - size. - ---- - lib/utils_wipe.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/lib/utils_wipe.c b/lib/utils_wipe.c -index 04cc531..b1afc0f 100644 ---- a/lib/utils_wipe.c -+++ b/lib/utils_wipe.c -@@ -164,6 +164,9 @@ int crypt_wipe_device(struct crypt_device *cd, - if (r || dev_size == 0) - goto out; - -+ if (dev_size < length) -+ length = 0; -+ - if (length) { - if ((dev_size <= offset) || (dev_size - offset) < length) { - r = -EINVAL; --- -2.19.1 - diff --git a/0007-Do-not-print-error-for-used-device-twice.patch b/0007-Do-not-print-error-for-used-device-twice.patch deleted file mode 100644 index 4e352098c07130eb747ba78a25db9a585588c5ff..0000000000000000000000000000000000000000 --- a/0007-Do-not-print-error-for-used-device-twice.patch +++ /dev/null @@ -1,30 +0,0 @@ -From bebd2fe7e7ca0d70981e50b919b3d230e9c945de Mon Sep 17 00:00:00 2001 -From: Milan Broz -Date: Fri, 12 Oct 2018 09:44:28 +0200 -Subject: [PATCH 067/324] Do not print error for used device twice. - ---- - lib/setup.c | 6 +----- - 1 file changed, 1 insertion(+), 5 deletions(-) - -diff --git a/lib/setup.c b/lib/setup.c -index e8ba704..9607bed 100644 ---- a/lib/setup.c -+++ b/lib/setup.c -@@ -1540,12 +1540,8 @@ static int _crypt_format_luks2(struct crypt_device *cd, - } - - r = device_check_access(cd, crypt_metadata_device(cd), DEV_EXCL); -- if (r < 0) { -- log_err(cd, _("Cannot use device %s which is in use " -- "(already mapped or mounted)."), -- device_path(crypt_metadata_device(cd))); -+ if (r < 0) - return r; -- } - - if (!(cd->type = strdup(CRYPT_LUKS2))) - return -ENOMEM; --- -2.19.1 - diff --git a/0008-Fix-issues-found-by-Coverity-scan.patch b/0008-Fix-issues-found-by-Coverity-scan.patch deleted file mode 100644 index 893a017e61e65a66ec606fca6a3e836cec0ca376..0000000000000000000000000000000000000000 --- a/0008-Fix-issues-found-by-Coverity-scan.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 27eaf46c8a4e512588792725a2a27afd4648700d Mon Sep 17 00:00:00 2001 -From: Milan Broz -Date: Sun, 14 Oct 2018 21:47:11 +0200 -Subject: [PATCH 077/324] Fix issues found by Coverity scan. - -- possible overflow of data offset calculation in wipe and -- dereferencing of pointer in a keyring error path. ---- - lib/luks1/keymanage.c | 2 +- - lib/utils_keyring.c | 3 ++- - 2 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/lib/utils_keyring.c b/lib/utils_keyring.c -index 2631405..35bf32b 100644 ---- a/lib/utils_keyring.c -+++ b/lib/utils_keyring.c -@@ -133,7 +133,8 @@ int keyring_get_passphrase(const char *key_desc, - - if (ret < 0) { - err = errno; -- crypt_memzero(buf, len); -+ if (buf) -+ crypt_memzero(buf, len); - free(buf); - return -err; - } --- -2.19.1 - diff --git a/0009-Properly-propagate-error-from-AF-diffuse-function.patch b/0009-Properly-propagate-error-from-AF-diffuse-function.patch deleted file mode 100644 index 5cd993f0bece3469c777589a2e407348cb7fb7f8..0000000000000000000000000000000000000000 --- a/0009-Properly-propagate-error-from-AF-diffuse-function.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 36c26b690370ce9a9fcf274bc97a5a50a3fd0e33 Mon Sep 17 00:00:00 2001 -From: Milan Broz -Date: Tue, 20 Nov 2018 15:25:53 +0100 -Subject: [PATCH 101/324] Properly propagate error from AF diffuse function. - ---- - lib/luks1/af.c | 38 ++++++++++++++++++++++---------------- - 1 file changed, 22 insertions(+), 16 deletions(-) - -diff --git a/lib/luks1/af.c b/lib/luks1/af.c -index af6c1af..3d7cf0b 100644 ---- a/lib/luks1/af.c -+++ b/lib/luks1/af.c -@@ -64,31 +64,34 @@ out: - /* diffuse: Information spreading over the whole dataset with - * the help of hash function. - */ -- - static int diffuse(char *src, char *dst, size_t size, const char *hash_name) - { - int hash_size = crypt_hash_size(hash_name); - unsigned int digest_size; -- unsigned int i, blocks, padding; -+ unsigned int i, r, blocks, padding; - - if (hash_size <= 0) -- return 1; -+ return -EINVAL; - digest_size = hash_size; - - blocks = size / digest_size; - padding = size % digest_size; - -- for (i = 0; i < blocks; i++) -- if(hash_buf(src + digest_size * i, -+ for (i = 0; i < blocks; i++) { -+ r = hash_buf(src + digest_size * i, - dst + digest_size * i, -- i, (size_t)digest_size, hash_name)) -- return 1; -+ i, (size_t)digest_size, hash_name); -+ if (r < 0) -+ return r; -+ } - -- if(padding) -- if(hash_buf(src + digest_size * i, -+ if (padding) { -+ r = hash_buf(src + digest_size * i, - dst + digest_size * i, -- i, (size_t)padding, hash_name)) -- return 1; -+ i, (size_t)padding, hash_name); -+ if (r < 0) -+ return r; -+ } - - return 0; - } -@@ -104,17 +107,19 @@ int AF_split(const char *src, char *dst, size_t blocksize, - { - unsigned int i; - char *bufblock; -- int r = -EINVAL; -+ int r; - - if((bufblock = calloc(blocksize, 1)) == NULL) return -ENOMEM; - - /* process everything except the last block */ - for(i=0; i -Date: Sat, 24 Nov 2018 17:47:55 +0100 -Subject: [PATCH 106/324] Check for device size and sector size misalignment. - -Kernel prevents activation of device that is not aligned -to requested sector size. - -Add early check to plain and LUKS2 formats to disallow -creation of such a device. -(Activation will fail in kernel later anyway.) - -Fixes #390. ---- - lib/setup.c | 20 ++++++++++++ - tests/align-test | 53 +++++++++++++++++++++++++++--- - tests/align-test2 | 83 +++++++++++++++++++++++++++++++++-------------- - 3 files changed, 127 insertions(+), 29 deletions(-) - -diff --git a/lib/setup.c b/lib/setup.c -index a07c29c..ef4d453 100644 ---- a/lib/setup.c -+++ b/lib/setup.c -@@ -1321,6 +1321,7 @@ static int _crypt_format_plain(struct crypt_device *cd, - struct crypt_params_plain *params) - { - unsigned int sector_size = params ? params->sector_size : SECTOR_SIZE; -+ uint64_t dev_size; - - if (!cipher || !cipher_mode) { - log_err(cd, _("Invalid plain crypt parameters.")); -@@ -1347,6 +1348,15 @@ static int _crypt_format_plain(struct crypt_device *cd, - return -EINVAL; - } - -+ if (sector_size > SECTOR_SIZE && !device_size(cd->device, &dev_size)) { -+ if (params && params->offset) -+ dev_size -= (params->offset * SECTOR_SIZE); -+ if (dev_size % sector_size) { -+ log_err(cd, _("Device size is not aligned to requested sector size.")); -+ return -EINVAL; -+ } -+ } -+ - if (!(cd->type = strdup(CRYPT_PLAIN))) - return -ENOMEM; - -@@ -1472,6 +1482,7 @@ static int _crypt_format_luks2(struct crypt_device *cd, - unsigned long alignment_offset = 0; - unsigned int sector_size = params ? params->sector_size : SECTOR_SIZE; - const char *integrity = params ? params->integrity : NULL; -+ uint64_t dev_size; - - cd->u.luks2.hdr.jobj = NULL; - -@@ -1578,6 +1589,15 @@ static int _crypt_format_luks2(struct crypt_device *cd, - if (r < 0) - goto out; - -+ if (!integrity && sector_size > SECTOR_SIZE && !device_size(crypt_data_device(cd), &dev_size)) { -+ dev_size -= (crypt_get_data_offset(cd) * SECTOR_SIZE); -+ if (dev_size % sector_size) { -+ log_err(cd, _("Device size is not aligned to requested sector size.")); -+ r = -EINVAL; -+ goto out; -+ } -+ } -+ - if (params && (params->label || params->subsystem)) { - r = LUKS2_hdr_labels(cd, &cd->u.luks2.hdr, - params->label, params->subsystem, 0); --- -2.19.1 - diff --git a/0011-Fix-a-possible-NULL-pointer-in-opt_type.patch b/0011-Fix-a-possible-NULL-pointer-in-opt_type.patch deleted file mode 100644 index 8e04f2808163b39074c725543dbbc7f309658fdc..0000000000000000000000000000000000000000 --- a/0011-Fix-a-possible-NULL-pointer-in-opt_type.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 6dc2f7231b5f03d1b9322725798de16cadd99330 Mon Sep 17 00:00:00 2001 -From: Milan Broz -Date: Mon, 21 Jan 2019 14:07:33 +0100 -Subject: [PATCH 208/324] Fix a possible NULL pointer in opt_type. - ---- - src/cryptsetup.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/cryptsetup.c b/src/cryptsetup.c -index 13461b2..f140136 100644 ---- a/src/cryptsetup.c -+++ b/src/cryptsetup.c -@@ -2609,7 +2609,7 @@ int main(int argc, const char **argv) - poptGetInvocationName(popt_context)); - - if ((opt_tcrypt_hidden || opt_tcrypt_system || opt_tcrypt_backup) && strcmp(aname, "tcryptDump") && -- (strcmp(aname, "open") || strcmp(opt_type, "tcrypt"))) -+ (strcmp(aname, "open") || !opt_type || strcmp(opt_type, "tcrypt"))) - usage(popt_context, EXIT_FAILURE, - _("Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device.\n"), - poptGetInvocationName(popt_context)); --- -2.19.1 - diff --git a/0012-Upstream-fixes-to-bundled-Argon2-code.patch b/0012-Upstream-fixes-to-bundled-Argon2-code.patch deleted file mode 100644 index eb577a6d91ac9ab790693333d658320c7f155d10..0000000000000000000000000000000000000000 --- a/0012-Upstream-fixes-to-bundled-Argon2-code.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 238b18b8ac339c09e11a913b913dffe03902edb5 Mon Sep 17 00:00:00 2001 -From: Milan Broz -Date: Wed, 13 Mar 2019 08:24:15 +0100 -Subject: [PATCH 293/324] Upstream fixes to bundled Argon2 code. - -Wait for already running threads if a thread creation failed. -Use explicit_bzero() on recent glibc versions. -(Without fixed logic, we have already macro definition through automake.) - -Fixes #444. ---- - lib/crypto_backend/argon2/core.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/lib/crypto_backend/argon2/core.c b/lib/crypto_backend/argon2/core.c -index 8e0a2a5..f5b0067 100644 ---- a/lib/crypto_backend/argon2/core.c -+++ b/lib/crypto_backend/argon2/core.c -@@ -125,7 +125,7 @@ void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) { - SecureZeroMemory(v, n); - #elif defined memset_s - memset_s(v, n, 0, n); --#elif defined(__OpenBSD__) -+#elif defined(HAVE_EXPLICIT_BZERO) - explicit_bzero(v, n); - #else - static void *(*const volatile memset_sec)(void *, int, size_t) = &memset; -@@ -299,7 +299,7 @@ static int fill_memory_blocks_mt(argon2_instance_t *instance) { - - for (r = 0; r < instance->passes; ++r) { - for (s = 0; s < ARGON2_SYNC_POINTS; ++s) { -- uint32_t l; -+ uint32_t l, ll; - - /* 2. Calling threads */ - for (l = 0; l < instance->lanes; ++l) { -@@ -324,6 +324,9 @@ static int fill_memory_blocks_mt(argon2_instance_t *instance) { - sizeof(argon2_position_t)); - if (argon2_thread_create(&thread[l], &fill_segment_thr, - (void *)&thr_data[l])) { -+ /* Wait for already running threads */ -+ for (ll = 0; ll < l; ++ll) -+ argon2_thread_join(thread[ll]); - rc = ARGON2_THREAD_FAIL; - goto fail; - } --- -2.19.1 - diff --git a/cryptsetup-2.0.4.tar.xz b/cryptsetup-2.3.3.tar.xz similarity index 80% rename from cryptsetup-2.0.4.tar.xz rename to cryptsetup-2.3.3.tar.xz index 315ad135c0cb064391da2a54386b36506f8608fd..674c6aa1a4242d0fd5d3d75dacddba8ed5078db8 100644 Binary files a/cryptsetup-2.0.4.tar.xz and b/cryptsetup-2.3.3.tar.xz differ diff --git a/cryptsetup.spec b/cryptsetup.spec index 562087c67f0af91442bc3ccb7759a441f4b84d50..6e8b572c86fdfb1aad517c9b53617a4a1d8368ee 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -1,39 +1,24 @@ Name: cryptsetup -Version: 2.0.4 -Release: 3 +Version: 2.3.3 +Release: 1 Summary: Utility used to conveniently set up disk encryption License: GPLv2+ and LGPLv2+ URL: https://gitlab.com/cryptsetup/cryptsetup -Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{version}.tar.xz - - -Patch0: 0000-cryptsetup-add-system-library-paths.patch -Patch1: 0001-Emit-error-message-for-converting-inactive-keyslot.patch -Patch2: 0002-Move-blkid-scan-after-device-context-initialization.patch -Patch3: 0003-Add-blkid-scan-when-attemting-to-open-plain-device.patch -Patch4: 0004-Wiping-empty-device-should-not-fail.patch -Patch5: 0005-Do-not-copy-buffer-if-read-fails.patch -Patch6: 0006-Do-not-fail-if-device-is-smaller-than-requested-wipe.patch -Patch7: 0007-Do-not-print-error-for-used-device-twice.patch -Patch8: 0008-Fix-issues-found-by-Coverity-scan.patch -Patch9: 0009-Properly-propagate-error-from-AF-diffuse-function.patch -Patch10: 0010-Check-for-device-size-and-sector-size-misalignment.patch -Patch11: 0011-Fix-a-possible-NULL-pointer-in-opt_type.patch -Patch12: 0012-Upstream-fixes-to-bundled-Argon2-code.patch -Patch13: 0013-fix-blockwise-compat-and-compat-test.patch - -BuildRequires: openssl-devel, popt-devel, device-mapper-devel git -BuildRequires: libuuid-devel, json-c-devel, libargon2-devel, libpwquality-devel libblkid-devel -BuildRequires: python2-devel python3-devel +Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-%{version}.tar.xz + +Patch1: 0001-cryptsetup-add-system-library-paths.patch +Patch2: 0002-fix-compat-test.patch + +BuildRequires: openssl-devel, popt-devel, device-mapper-devel, git +BuildRequires: libuuid-devel, json-c-devel, libargon2-devel, libpwquality-devel, libblkid-devel Requires: libpwquality >= 1.2.0 Provides: %{name}-luks = %{version}-%{release} Obsoletes: %{name}-luks < 1.4.0 Provides: %{name}-libs %{name}-libs%{?_isa} Obsoletes: %{name}-libs - -%{!?python_sitearch: %global python_sitearch %(%{__python} -c \ -"from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} +Obsoletes: python2-%{name} < 2.1.0 +Obsoletes: %{name}-python3 < 2.1.0 %description cryptsetup is a utility used to conveniently set up disk encryption based @@ -70,28 +55,6 @@ Requires: %{name} = %{version}-%{release} %description reencrypt It contains a utility for reencryption encrypted disks. -%package -n python2-cryptsetup -Summary: cryptsetup python2 version -Requires: %{name} = %{version}-%{release} -Provides: %{name}-python = %{version}-%{release} -Provides: %{name}-python%{?_isa} = %{version}-%{release} -Obsoletes: %{name}-python < %{version}-%{release} -Obsoletes: python-cryptsetup < 1.4.0 - -%description -n python2-cryptsetup -It contains python2 bindings for libcryptsetup. - - -%package python3 -Summary: cryptsetup python3 version -Requires: %{name} = %{version}-%{release} -%{?python_provide:%python_provide python3-cryptsetup} -Provides: python3-cryptsetup = %{version}-%{release} - -%description python3 -It contains python3 bindings for libcryptsetup. - - %package help Summary: Including man files for cryptsetup BuildArch: noarch @@ -103,21 +66,12 @@ This contains man files for the using of cryptsetup. %prep %autosetup -n %{name}-%{version} -p1 -S git -cp -a . %{py3dir} - %build -%configure --enable-python --enable-fips --enable-pwquality --enable-libargon2 --with-crypto_backend=openssl +%configure --enable-fips --enable-pwquality --enable-libargon2 --with-crypto_backend=openssl %make_build -pushd %{py3dir} -%configure --enable-python --with-python_version=3 --enable-fips --enable-pwquality --enable-libargon2 --with-crypto_backend=openssl -%make_build -popd - %install %make_install -%make_install -C %{py3dir} - %find_lang cryptsetup %post -n cryptsetup -p /sbin/ldconfig @@ -133,14 +87,12 @@ popd %ghost %dir /run/cryptsetup %exclude %{_libdir}/*.la - %files devel %doc docs/examples/* %{_libdir}/libcryptsetup.so %{_includedir}/libcryptsetup.h %{_libdir}/pkgconfig/libcryptsetup.pc - %files -n veritysetup %{_sbindir}/veritysetup @@ -151,24 +103,13 @@ popd %doc %attr(644,-,-)misc/dracut_90reencrypt %{_sbindir}/cryptsetup-reencrypt - -%files -n python2-cryptsetup -%doc python/pycryptsetup-test.py -%{python2_sitearch}/pycryptsetup.so -%exclude %{python2_sitearch}/pycryptsetup.la - - -%files python3 -%doc python/pycryptsetup-test.py -%{python3_sitearch}/pycryptsetup.so -%exclude %{python3_sitearch}/pycryptsetup.la - - %files help %{_mandir}/man8/* - %changelog +* Sat Jul 18 2020 Ruijun Ge - 2.3.3-1 +- update to 2.3.3 version + * Tue Jun 30 2020 Zhiqiang Liu - 2.0.4-3 - renumber patches.