diff --git a/0003-Properly-prefix-all-popt-variables-in-veritysetup.patch b/0003-Properly-prefix-all-popt-variables-in-veritysetup.patch new file mode 100644 index 0000000000000000000000000000000000000000..7ff6769c820addecd65395be6c4964e600628c6c --- /dev/null +++ b/0003-Properly-prefix-all-popt-variables-in-veritysetup.patch @@ -0,0 +1,168 @@ +From 76620881f42fb4cad4a55e8cf7dc94a37c83269e Mon Sep 17 00:00:00 2001 +From: Ondrej Kozina +Date: Thu, 23 Apr 2020 12:45:00 +0200 +Subject: [PATCH 793/818] Properly prefix all popt variables in veritysetup. + +--- + src/veritysetup.c | 72 +++++++++++++++++++++++------------------------ + 1 file changed, 36 insertions(+), 36 deletions(-) + +diff --git a/src/veritysetup.c b/src/veritysetup.c +index e29b75dc..75387f62 100644 +--- a/src/veritysetup.c ++++ b/src/veritysetup.c +@@ -23,16 +23,16 @@ + + #define PACKAGE_VERITY "veritysetup" + +-static int use_superblock = 1; +- +-static const char *fec_device = NULL; +-static int fec_roots = DEFAULT_VERITY_FEC_ROOTS; +-static const char *hash_algorithm = NULL; +-static int hash_type = 1; +-static int data_block_size = DEFAULT_VERITY_DATA_BLOCK; +-static int hash_block_size = DEFAULT_VERITY_HASH_BLOCK; ++static int opt_use_superblock = 1; ++ ++static const char *opt_fec_device = NULL; ++static int opt_fec_roots = DEFAULT_VERITY_FEC_ROOTS; ++static const char *opt_hash_algorithm = NULL; ++static int opt_hash_type = 1; ++static int opt_data_block_size = DEFAULT_VERITY_DATA_BLOCK; ++static int opt_hash_block_size = DEFAULT_VERITY_HASH_BLOCK; + static uint64_t data_blocks = 0; +-static const char *salt_string = NULL; ++static const char *opt_salt = NULL; + static uint64_t hash_offset = 0; + static uint64_t fec_offset = 0; + static const char *opt_uuid = NULL; +@@ -52,16 +52,16 @@ static int _prepare_format(struct crypt_params_verity *params, + char *salt = NULL; + int len; + +- params->hash_name = hash_algorithm ?: DEFAULT_VERITY_HASH; ++ params->hash_name = opt_hash_algorithm ?: DEFAULT_VERITY_HASH; + params->data_device = data_device; +- params->fec_device = fec_device; +- params->fec_roots = fec_roots; ++ params->fec_device = opt_fec_device; ++ params->fec_roots = opt_fec_roots; + +- if (salt_string && !strcmp(salt_string, "-")) { ++ if (opt_salt && !strcmp(opt_salt, "-")) { + params->salt_size = 0; + params->salt = NULL; +- } else if (salt_string) { +- len = crypt_hex_to_bytes(salt_string, &salt, 0); ++ } else if (opt_salt) { ++ len = crypt_hex_to_bytes(opt_salt, &salt, 0); + if (len < 0) { + log_err(_("Invalid salt string specified.")); + return -EINVAL; +@@ -73,12 +73,12 @@ static int _prepare_format(struct crypt_params_verity *params, + params->salt = NULL; + } + +- params->data_block_size = data_block_size; +- params->hash_block_size = hash_block_size; ++ params->data_block_size = opt_data_block_size; ++ params->hash_block_size = opt_hash_block_size; + params->data_size = data_blocks; + params->hash_area_offset = hash_offset; + params->fec_area_offset = fec_offset; +- params->hash_type = hash_type; ++ params->hash_type = opt_hash_type; + params->flags = flags; + + return 0; +@@ -101,13 +101,13 @@ static int action_format(int arg) + close(r); + } + /* Try to create FEC image if doesn't exist */ +- if (fec_device) { +- r = open(fec_device, O_WRONLY | O_EXCL | O_CREAT, S_IRUSR | S_IWUSR); ++ if (opt_fec_device) { ++ r = open(opt_fec_device, O_WRONLY | O_EXCL | O_CREAT, S_IRUSR | S_IWUSR); + if (r < 0 && errno != EEXIST) { +- log_err(_("Cannot create FEC image %s for writing."), fec_device); ++ log_err(_("Cannot create FEC image %s for writing."), opt_fec_device); + return -EINVAL; + } else if (r >= 0) { +- log_dbg("Created FEC image %s.", fec_device); ++ log_dbg("Created FEC image %s.", opt_fec_device); + close(r); + } + } +@@ -115,7 +115,7 @@ static int action_format(int arg) + if ((r = crypt_init(&cd, action_argv[1]))) + goto out; + +- if (!use_superblock) ++ if (!opt_use_superblock) + flags |= CRYPT_VERITY_NO_HEADER; + + r = _prepare_format(¶ms, action_argv[0], flags); +@@ -158,12 +158,12 @@ static int _activate(const char *dm_device, + if (opt_check_at_most_once) + activate_flags |= CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE; + +- if (use_superblock) { ++ if (opt_use_superblock) { + params.flags = flags; + params.hash_area_offset = hash_offset; + params.fec_area_offset = fec_offset; +- params.fec_device = fec_device; +- params.fec_roots = fec_roots; ++ params.fec_device = opt_fec_device; ++ params.fec_roots = opt_fec_roots; + r = crypt_load(cd, CRYPT_VERITY, ¶ms); + } else { + r = _prepare_format(¶ms, data_device, flags | CRYPT_VERITY_NO_HEADER); +@@ -326,7 +326,7 @@ static int action_status(int arg) + + if (vp.fec_device) { + log_std(" FEC device: %s\n", vp.fec_device); +- if ((backing_file = crypt_loop_backing_file(vp.fec_device))) { ++ if ((backing_file = crypt_loop_backing_file(opt_fec_device))) { + log_std(" FEC loop: %s\n", backing_file); + free(backing_file); + } +@@ -463,17 +463,17 @@ int main(int argc, const char **argv) + { NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL }, + { "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 0, N_("Shows more detailed error messages"), NULL }, + { "debug", '\0', POPT_ARG_NONE, &opt_debug, 0, N_("Show debug messages"), NULL }, +- { "no-superblock", 0, POPT_ARG_VAL, &use_superblock, 0, N_("Do not use verity superblock"), NULL }, +- { "format", 0, POPT_ARG_INT, &hash_type, 0, N_("Format type (1 - normal, 0 - original Chrome OS)"), N_("number") }, +- { "data-block-size", 0, POPT_ARG_INT, &data_block_size, 0, N_("Block size on the data device"), N_("bytes") }, +- { "hash-block-size", 0, POPT_ARG_INT, &hash_block_size, 0, N_("Block size on the hash device"), N_("bytes") }, +- { "fec-roots", 0, POPT_ARG_INT, &fec_roots, 0, N_("FEC parity bytes"), N_("bytes") }, ++ { "no-superblock", 0, POPT_ARG_VAL, &opt_use_superblock, 0, N_("Do not use verity superblock"), NULL }, ++ { "format", 0, POPT_ARG_INT, &opt_hash_type, 0, N_("Format type (1 - normal, 0 - original Chrome OS)"), N_("number") }, ++ { "data-block-size", 0, POPT_ARG_INT, &opt_data_block_size, 0, N_("Block size on the data device"), N_("bytes") }, ++ { "hash-block-size", 0, POPT_ARG_INT, &opt_hash_block_size, 0, N_("Block size on the hash device"), N_("bytes") }, ++ { "fec-roots", 0, POPT_ARG_INT, &opt_fec_roots, 0, N_("FEC parity bytes"), N_("bytes") }, + { "data-blocks", 0, POPT_ARG_STRING, &popt_tmp, 1, N_("The number of blocks in the data file"), N_("blocks") }, +- { "fec-device", 0, POPT_ARG_STRING, &fec_device, 0, N_("Path to device with error correction data"), N_("path") }, ++ { "fec-device", 0, POPT_ARG_STRING, &opt_fec_device, 0, N_("Path to device with error correction data"), N_("path") }, + { "hash-offset", 0, POPT_ARG_STRING, &popt_tmp, 2, N_("Starting offset on the hash device"), N_("bytes") }, + { "fec-offset", 0, POPT_ARG_STRING, &popt_tmp, 3, N_("Starting offset on the FEC device"), N_("bytes") }, +- { "hash", 'h', POPT_ARG_STRING, &hash_algorithm, 0, N_("Hash algorithm"), N_("string") }, +- { "salt", 's', POPT_ARG_STRING, &salt_string, 0, N_("Salt"), N_("hex string") }, ++ { "hash", 'h', POPT_ARG_STRING, &opt_hash_algorithm, 0, N_("Hash algorithm"), N_("string") }, ++ { "salt", 's', POPT_ARG_STRING, &opt_salt, 0, N_("Salt"), N_("hex string") }, + { "uuid", '\0', POPT_ARG_STRING, &opt_uuid, 0, N_("UUID for device to use"), NULL }, + { "root-hash-signature",'\0', POPT_ARG_STRING, &opt_root_hash_signature, 0, N_("Path to root hash signature file"), NULL }, + { "restart-on-corruption", 0,POPT_ARG_NONE,&opt_restart_on_corruption, 0, N_("Restart kernel if corruption is detected"), NULL }, +@@ -571,7 +571,7 @@ int main(int argc, const char **argv) + poptGetInvocationName(popt_context)); + } + +- if (data_block_size < 0 || hash_block_size < 0 || hash_type < 0) { ++ if (opt_data_block_size < 0 || opt_hash_block_size < 0 || opt_hash_type < 0) { + usage(popt_context, EXIT_FAILURE, + _("Negative number for option not permitted."), + poptGetInvocationName(popt_context)); +-- +2.21.1 (Apple Git-122.3) + diff --git a/0004-Group-all-string-options-variables-together.patch b/0004-Group-all-string-options-variables-together.patch new file mode 100644 index 0000000000000000000000000000000000000000..130bb3d9130db9c1fb15db4d78848a105fa9b5c3 --- /dev/null +++ b/0004-Group-all-string-options-variables-together.patch @@ -0,0 +1,245 @@ +From ce4fcd20091b75ae38c8a5af313452e710ad3be6 Mon Sep 17 00:00:00 2001 +From: Ondrej Kozina +Date: Thu, 23 Apr 2020 11:28:44 +0200 +Subject: [PATCH 794/818] Group all string options variables together. + +--- + src/cryptsetup.c | 52 ++++++++++++++++++-------------------- + src/cryptsetup_reencrypt.c | 18 +++++++------ + src/integritysetup.c | 25 ++++++++---------- + src/veritysetup.c | 12 ++++----- + 4 files changed, 52 insertions(+), 55 deletions(-) + +diff --git a/src/cryptsetup.c b/src/cryptsetup.c +index c527690e..b19722f8 100644 +--- a/src/cryptsetup.c ++++ b/src/cryptsetup.c +@@ -27,19 +27,40 @@ + static const char *opt_cipher = NULL; + static const char *opt_keyslot_cipher = NULL; + static const char *opt_hash = NULL; +-static int opt_verify_passphrase = 0; +- + static const char *opt_json_file = NULL; + static const char *opt_key_file = NULL; + static const char *opt_keyfile_stdin = NULL; +-static int opt_keyfiles_count = 0; + static const char *opt_keyfiles[MAX_KEYFILES]; +- + static const char *opt_master_key_file = NULL; + static const char *opt_header_backup_file = NULL; + static const char *opt_uuid = NULL; + static const char *opt_header_device = NULL; + static const char *opt_type = "luks"; ++static const char *opt_pbkdf = NULL; ++static const char *opt_priority = NULL; /* normal */ ++static const char *opt_integrity = NULL; /* none */ ++static const char *opt_key_description = NULL; ++static const char *opt_label = NULL; ++static const char *opt_subsystem = NULL; ++static const char *opt_active_name = NULL; ++static const char *opt_resilience_mode = "checksum"; // TODO: default resilience ++static const char *opt_resilience_hash = "sha256"; // TODO: default checksum hash ++ ++/* helper strings converted to uint64_t later */ ++static const char *opt_reduce_size_str = NULL; ++static const char *opt_hotzone_size_str = NULL; ++static const char *opt_device_size_str = NULL; ++static const char *opt_luks2_metadata_size_str = NULL; ++static const char *opt_luks2_keyslots_size_str = NULL; ++ ++static uint64_t opt_reduce_size = 0; ++static uint64_t opt_hotzone_size = 0; ++static uint64_t opt_device_size = 0; ++static uint64_t opt_luks2_metadata_size = 0; ++static uint64_t opt_luks2_keyslots_size = 0; ++ ++static int opt_keyfiles_count = 0; ++static int opt_verify_passphrase = 0; + static int opt_key_size = 0; + static int opt_keyslot_key_size = 0; + static long opt_keyfile_size = 0; +@@ -74,53 +95,30 @@ static int opt_veracrypt_query_pim = 0; + static int opt_deferred_remove = 0; + static int opt_serialize_memory_hard_pbkdf = 0; + //FIXME: check uint32 overflow for long type +-static const char *opt_pbkdf = NULL; + static long opt_pbkdf_memory = DEFAULT_LUKS2_MEMORY_KB; + static long opt_pbkdf_parallel = DEFAULT_LUKS2_PARALLEL_THREADS; + static long opt_pbkdf_iterations = 0; + static int opt_iteration_time = 0; + static int opt_disable_locks = 0; + static int opt_disable_keyring = 0; +-static const char *opt_priority = NULL; /* normal */ +-static const char *opt_integrity = NULL; /* none */ + static int opt_integrity_nojournal = 0; + static int opt_integrity_no_wipe = 0; + static int opt_integrity_legacy_padding = 0; +-static const char *opt_key_description = NULL; + static int opt_sector_size = 0; + static int opt_iv_large_sectors = 0; + static int opt_persistent = 0; +-static const char *opt_label = NULL; +-static const char *opt_subsystem = NULL; + static int opt_unbound = 0; + static int opt_refresh = 0; + + /* LUKS2 reencryption parameters */ +-static const char *opt_active_name = NULL; +-static const char *opt_resilience_mode = "checksum"; // TODO: default resilience +-static const char *opt_resilience_hash = "sha256"; // TODO: default checksum hash + static int opt_encrypt = 0; + static int opt_reencrypt_init_only = 0; + static int opt_reencrypt_resume_only = 0; + static int opt_decrypt = 0; + +-static const char *opt_reduce_size_str = NULL; +-static uint64_t opt_reduce_size = 0; +- +-static const char *opt_hotzone_size_str = NULL; +-static uint64_t opt_hotzone_size = 0; +- +-static const char *opt_device_size_str = NULL; +-static uint64_t opt_device_size = 0; +- + /* do not set from command line, use helpers above */ + static int64_t opt_data_shift; + +-static const char *opt_luks2_metadata_size_str = NULL; +-static uint64_t opt_luks2_metadata_size = 0; +-static const char *opt_luks2_keyslots_size_str = NULL; +-static uint64_t opt_luks2_keyslots_size = 0; +- + static const char **action_argv; + static int action_argc; + static const char *null_action_argv[] = {NULL, NULL}; +diff --git a/src/cryptsetup_reencrypt.c b/src/cryptsetup_reencrypt.c +index a536093b..5b11db1e 100644 +--- a/src/cryptsetup_reencrypt.c ++++ b/src/cryptsetup_reencrypt.c +@@ -35,10 +35,19 @@ static const char *opt_key_file = NULL; + static const char *opt_master_key_file = NULL; + static const char *opt_uuid = NULL; + static const char *opt_type = "luks"; ++static const char *opt_pbkdf = NULL; ++static const char *opt_header_device = NULL; ++ ++/* helper strings converted to uint64_t later */ ++static const char *opt_reduce_size_str = NULL; ++static const char *opt_device_size_str = NULL; ++ ++static uint64_t opt_reduce_size = 0; ++static uint64_t opt_device_size = 0; ++ + static long opt_keyfile_size = 0; + static long opt_keyfile_offset = 0; + static int opt_iteration_time = 0; +-static const char *opt_pbkdf = NULL; + static long opt_pbkdf_memory = DEFAULT_LUKS2_MEMORY_KB; + static long opt_pbkdf_parallel = DEFAULT_LUKS2_PARALLEL_THREADS; + static long opt_pbkdf_iterations = 0; +@@ -54,13 +63,6 @@ static int opt_key_size = 0; + static int opt_new = 0; + static int opt_keep_key = 0; + static int opt_decrypt = 0; +-static const char *opt_header_device = NULL; +- +-static const char *opt_reduce_size_str = NULL; +-static uint64_t opt_reduce_size = 0; +- +-static const char *opt_device_size_str = NULL; +-static uint64_t opt_device_size = 0; + + static const char **action_argv; + +diff --git a/src/integritysetup.c b/src/integritysetup.c +index 51778da9..d385af25 100644 +--- a/src/integritysetup.c ++++ b/src/integritysetup.c +@@ -27,8 +27,19 @@ + #define DEFAULT_ALG_NAME "crc32c" + #define MAX_KEY_SIZE 4096 + ++static const char *opt_data_device = NULL; ++static const char *opt_integrity = DEFAULT_ALG_NAME; ++static const char *opt_integrity_key_file = NULL; ++static const char *opt_journal_integrity = NULL; /* none */ ++static const char *opt_journal_integrity_key_file = NULL; ++static const char *opt_journal_crypt = NULL; /* none */ ++static const char *opt_journal_crypt_key_file = NULL; ++ ++/* helper strings converted to uint64_t later */ + static const char *opt_journal_size_str = NULL; ++ + static uint64_t opt_journal_size = 0; ++ + static int opt_interleave_sectors = 0; + static int opt_journal_watermark = 0; + static int opt_bitmap_sectors_per_bit = 0; +@@ -37,28 +48,14 @@ static int opt_bitmap_flush_time = 0; + static int opt_tag_size = 0; + static int opt_sector_size = 0; + static int opt_buffer_sectors = 0; +- + static int opt_no_wipe = 0; +- +-static const char *opt_data_device = NULL; +- +-static const char *opt_integrity = DEFAULT_ALG_NAME; +-static const char *opt_integrity_key_file = NULL; + static int opt_integrity_key_size = 0; +- +-static const char *opt_journal_integrity = NULL; /* none */ +-static const char *opt_journal_integrity_key_file = NULL; + static int opt_journal_integrity_key_size = 0; +- +-static const char *opt_journal_crypt = NULL; /* none */ +-static const char *opt_journal_crypt_key_file = NULL; + static int opt_journal_crypt_key_size = 0; +- + static int opt_integrity_nojournal = 0; + static int opt_integrity_recovery = 0; + static int opt_integrity_bitmap = 0; + static int opt_integrity_legacy_padding = 0; +- + static int opt_integrity_recalculate = 0; + static int opt_allow_discards = 0; + +diff --git a/src/veritysetup.c b/src/veritysetup.c +index 75387f62..7a466ee0 100644 +--- a/src/veritysetup.c ++++ b/src/veritysetup.c +@@ -23,24 +23,24 @@ + + #define PACKAGE_VERITY "veritysetup" + +-static int opt_use_superblock = 1; +- + static const char *opt_fec_device = NULL; +-static int opt_fec_roots = DEFAULT_VERITY_FEC_ROOTS; + static const char *opt_hash_algorithm = NULL; ++static const char *opt_salt = NULL; ++static const char *opt_uuid = NULL; ++static const char *opt_root_hash_signature = NULL; ++ ++static int opt_use_superblock = 1; ++static int opt_fec_roots = DEFAULT_VERITY_FEC_ROOTS; + static int opt_hash_type = 1; + static int opt_data_block_size = DEFAULT_VERITY_DATA_BLOCK; + static int opt_hash_block_size = DEFAULT_VERITY_HASH_BLOCK; + static uint64_t data_blocks = 0; +-static const char *opt_salt = NULL; + static uint64_t hash_offset = 0; + static uint64_t fec_offset = 0; +-static const char *opt_uuid = NULL; + static int opt_restart_on_corruption = 0; + static int opt_ignore_corruption = 0; + static int opt_ignore_zero_blocks = 0; + static int opt_check_at_most_once = 0; +-static const char *opt_root_hash_signature = NULL; + + static const char **action_argv; + static int action_argc; +-- +2.21.1 (Apple Git-122.3) + diff --git a/0005-Do-not-pass-constant-strings-to-option-string-variab.patch b/0005-Do-not-pass-constant-strings-to-option-string-variab.patch new file mode 100644 index 0000000000000000000000000000000000000000..895752ed90c90a0bd5850eefe67404ad719bbaaa --- /dev/null +++ b/0005-Do-not-pass-constant-strings-to-option-string-variab.patch @@ -0,0 +1,589 @@ +From ae6d6261a17036a987807a69cb649d9d12484449 Mon Sep 17 00:00:00 2001 +From: Ondrej Kozina +Date: Thu, 23 Apr 2020 11:56:28 +0200 +Subject: [PATCH 795/818] Do not pass constant strings to option string + variables. + +This is part of effort to eliminate all memory leaks related +to options parsing in popt but for that to work we must avoid +passing constant strings to free(). +--- + src/cryptsetup.c | 147 +++++++++++++++++++------------------ + src/cryptsetup_reencrypt.c | 8 +- + src/integritysetup.c | 16 ++-- + 3 files changed, 92 insertions(+), 79 deletions(-) + +diff --git a/src/cryptsetup.c b/src/cryptsetup.c +index b19722f8..eddb7f92 100644 +--- a/src/cryptsetup.c ++++ b/src/cryptsetup.c +@@ -35,7 +35,7 @@ static const char *opt_master_key_file = NULL; + static const char *opt_header_backup_file = NULL; + static const char *opt_uuid = NULL; + static const char *opt_header_device = NULL; +-static const char *opt_type = "luks"; ++static const char *opt_type = NULL; + static const char *opt_pbkdf = NULL; + static const char *opt_priority = NULL; /* normal */ + static const char *opt_integrity = NULL; /* none */ +@@ -43,8 +43,8 @@ static const char *opt_key_description = NULL; + static const char *opt_label = NULL; + static const char *opt_subsystem = NULL; + static const char *opt_active_name = NULL; +-static const char *opt_resilience_mode = "checksum"; // TODO: default resilience +-static const char *opt_resilience_hash = "sha256"; // TODO: default checksum hash ++static const char *opt_resilience_mode = NULL; /* default value "checksum" */ ++static const char *opt_resilience_hash = NULL; /* default value "sha256" */ + + /* helper strings converted to uint64_t later */ + static const char *opt_reduce_size_str = NULL; +@@ -118,6 +118,8 @@ static int opt_decrypt = 0; + + /* do not set from command line, use helpers above */ + static int64_t opt_data_shift; ++static const char *device_type = "luks"; ++static const char *set_pbkdf = NULL; + + static const char **action_argv; + static int action_argc; +@@ -947,10 +949,10 @@ static int action_benchmark(void) + int i, r; + + log_std(_("# Tests are approximate using memory only (no storage IO).\n")); +- if (opt_pbkdf || opt_hash) { +- if (!opt_pbkdf && opt_hash) +- opt_pbkdf = CRYPT_KDF_PBKDF2; +- r = action_benchmark_kdf(opt_pbkdf, opt_hash, key_size); ++ if (set_pbkdf || opt_hash) { ++ if (!set_pbkdf && opt_hash) ++ set_pbkdf = CRYPT_KDF_PBKDF2; ++ r = action_benchmark_kdf(set_pbkdf, opt_hash, key_size); + } else if (opt_cipher) { + r = crypt_parse_name_and_mode(opt_cipher, cipher, NULL, cipher_mode); + if (r < 0) { +@@ -1022,7 +1024,7 @@ static int set_pbkdf_params(struct crypt_device *cd, const char *dev_type) + if (!pbkdf_default) + return -EINVAL; + +- pbkdf.type = opt_pbkdf ?: pbkdf_default->type; ++ pbkdf.type = set_pbkdf ?: pbkdf_default->type; + pbkdf.hash = opt_hash ?: pbkdf_default->hash; + pbkdf.time_ms = (uint32_t)opt_iteration_time ?: pbkdf_default->time_ms; + if (strcmp(pbkdf.type, CRYPT_KDF_PBKDF2)) { +@@ -1053,7 +1055,7 @@ static int set_keyslot_params(struct crypt_device *cd, int keyslot) + return -EINVAL; + + /* if requested any of those just reinitialize context pbkdf */ +- if (opt_pbkdf || opt_hash || opt_pbkdf_iterations || opt_iteration_time) ++ if (set_pbkdf || opt_hash || opt_pbkdf_iterations || opt_iteration_time) + return set_pbkdf_params(cd, CRYPT_LUKS2); + + if (crypt_keyslot_get_pbkdf(cd, keyslot, &pbkdf)) +@@ -1125,7 +1127,7 @@ static int action_luksRepair(void) + goto out; + + crypt_set_log_callback(cd, quiet_log, NULL); +- r = crypt_load(cd, luksType(opt_type), NULL); ++ r = crypt_load(cd, luksType(device_type), NULL); + crypt_set_log_callback(cd, tool_log, NULL); + if (r == 0) { + log_verbose(_("No known problems detected for LUKS header.")); +@@ -1139,7 +1141,7 @@ static int action_luksRepair(void) + r = yesDialog(_("Really try to repair LUKS device header?"), + _("Operation aborted.\n")) ? 0 : -EINVAL; + if (r == 0) +- r = crypt_repair(cd, luksType(opt_type), NULL); ++ r = crypt_repair(cd, luksType(device_type), NULL); + skip_repair: + if (!r && crypt_get_type(cd) && !strcmp(crypt_get_type(cd), CRYPT_LUKS2)) + r = _do_luks2_reencrypt_recovery(cd); +@@ -1211,7 +1213,7 @@ static int _luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_ + }; + void *params; + +- type = luksType(opt_type); ++ type = luksType(device_type); + if (!type) + type = crypt_get_default_type(); + +@@ -1427,7 +1429,7 @@ static int action_open_luks(void) + if ((r = crypt_init_data_device(&cd, header_device, data_device))) + goto out; + +- if ((r = crypt_load(cd, luksType(opt_type), NULL))) { ++ if ((r = crypt_load(cd, luksType(device_type), NULL))) { + log_err(_("Device %s is not a valid LUKS device."), + header_device); + goto out; +@@ -1553,7 +1555,7 @@ static int action_luksKillSlot(void) + + crypt_set_confirm_callback(cd, yesDialog, NULL); + +- if ((r = crypt_load(cd, luksType(opt_type), NULL))) { ++ if ((r = crypt_load(cd, luksType(device_type), NULL))) { + log_err(_("Device %s is not a valid LUKS device."), + uuid_or_device_header(NULL)); + goto out; +@@ -1610,7 +1612,7 @@ static int action_luksRemoveKey(void) + + crypt_set_confirm_callback(cd, yesDialog, NULL); + +- if ((r = crypt_load(cd, luksType(opt_type), NULL))) { ++ if ((r = crypt_load(cd, luksType(device_type), NULL))) { + log_err(_("Device %s is not a valid LUKS device."), + uuid_or_device_header(NULL)); + goto out; +@@ -1733,7 +1735,7 @@ static int action_luksAddKey(void) + + crypt_set_confirm_callback(cd, yesDialog, NULL); + +- if ((r = crypt_load(cd, luksType(opt_type), NULL))) { ++ if ((r = crypt_load(cd, luksType(device_type), NULL))) { + log_err(_("Device %s is not a valid LUKS device."), + uuid_or_device_header(NULL)); + goto out; +@@ -1836,7 +1838,7 @@ static int action_luksChangeKey(void) + if ((r = crypt_init(&cd, uuid_or_device_header(NULL)))) + goto out; + +- if ((r = crypt_load(cd, luksType(opt_type), NULL))) { ++ if ((r = crypt_load(cd, luksType(device_type), NULL))) { + log_err(_("Device %s is not a valid LUKS device."), + uuid_or_device_header(NULL)); + goto out; +@@ -1954,7 +1956,7 @@ static int action_isLuks(void) + goto out; + + crypt_set_log_callback(cd, quiet_log, NULL); +- r = crypt_load(cd, luksType(opt_type), NULL); ++ r = crypt_load(cd, luksType(device_type), NULL); + out: + crypt_free(cd); + return r; +@@ -1971,7 +1973,7 @@ static int action_luksUUID(void) + + crypt_set_confirm_callback(cd, yesDialog, _("Operation aborted.\n")); + +- if ((r = crypt_load(cd, luksType(opt_type), NULL))) ++ if ((r = crypt_load(cd, luksType(device_type), NULL))) + goto out; + + if (opt_uuid) +@@ -2130,7 +2132,7 @@ static int action_luksDump(void) + if ((r = crypt_init(&cd, uuid_or_device_header(NULL)))) + goto out; + +- if ((r = crypt_load(cd, luksType(opt_type), NULL))) { ++ if ((r = crypt_load(cd, luksType(device_type), NULL))) { + log_err(_("Device %s is not a valid LUKS device."), + uuid_or_device_header(NULL)); + goto out; +@@ -2170,7 +2172,7 @@ static int action_luksResume(void) + if ((r = crypt_init_by_name_and_header(&cd, action_argv[0], uuid_or_device(opt_header_device)))) + goto out; + +- if ((r = crypt_load(cd, luksType(opt_type), NULL))) ++ if ((r = crypt_load(cd, luksType(device_type), NULL))) + goto out; + + tries = (tools_is_stdin(opt_key_file) && isatty(STDIN_FILENO)) ? opt_tries : 1; +@@ -2275,38 +2277,38 @@ static const char *_get_device_type(void) + + static int action_open(void) + { +- if (opt_refresh && !opt_type) ++ if (opt_refresh && !device_type) + /* read device type from active mapping */ +- opt_type = _get_device_type(); ++ device_type = _get_device_type(); + +- if (!opt_type) ++ if (!device_type) + return -EINVAL; + +- if (!strcmp(opt_type, "luks") || +- !strcmp(opt_type, "luks1") || +- !strcmp(opt_type, "luks2")) { ++ if (!strcmp(device_type, "luks") || ++ !strcmp(device_type, "luks1") || ++ !strcmp(device_type, "luks2")) { + if (action_argc < 2 && (!opt_test_passphrase && !opt_refresh)) + goto args; + return action_open_luks(); +- } else if (!strcmp(opt_type, "plain")) { ++ } else if (!strcmp(device_type, "plain")) { + if (action_argc < 2 && !opt_refresh) + goto args; + return action_open_plain(); +- } else if (!strcmp(opt_type, "loopaes")) { ++ } else if (!strcmp(device_type, "loopaes")) { + if (action_argc < 2 && !opt_refresh) + goto args; + return action_open_loopaes(); +- } else if (!strcmp(opt_type, "tcrypt")) { ++ } else if (!strcmp(device_type, "tcrypt")) { + if (action_argc < 2 && !opt_test_passphrase) + goto args; + return action_open_tcrypt(); +- } else if (!strcmp(opt_type, "bitlk")) { ++ } else if (!strcmp(device_type, "bitlk")) { + if (action_argc < 2 && !opt_test_passphrase) + goto args; + return action_open_bitlk(); + } + +- log_err(_("Unrecognized metadata device type %s."), opt_type); ++ log_err(_("Unrecognized metadata device type %s."), device_type); + return -EINVAL; + args: + log_err(_("Command requires device and mapped name as arguments.")); +@@ -2325,7 +2327,7 @@ static int action_luksErase(void) + + crypt_set_confirm_callback(cd, yesDialog, NULL); + +- if ((r = crypt_load(cd, luksType(opt_type), NULL))) { ++ if ((r = crypt_load(cd, luksType(device_type), NULL))) { + log_err(_("Device %s is not a valid LUKS device."), + uuid_or_device_header(NULL)); + goto out; +@@ -2370,9 +2372,9 @@ static int action_luksConvert(void) + const char *to_type, *from_type; + int r; + +- if (!strcmp(opt_type, "luks2")) { ++ if (!strcmp(device_type, "luks2")) { + to_type = CRYPT_LUKS2; +- } else if (!strcmp(opt_type, "luks1")) { ++ } else if (!strcmp(device_type, "luks1")) { + to_type = CRYPT_LUKS1; + } else { + log_err(_("Invalid LUKS type, only luks1 and luks2 are supported.")); +@@ -2691,8 +2693,8 @@ static int action_reencrypt_load(struct crypt_device *cd) + char dm_name[PATH_MAX] = {}, *password = NULL; + const char *active_name = NULL; + struct crypt_params_reencrypt params = { +- .resilience = opt_resilience_mode, +- .hash = opt_resilience_hash, ++ .resilience = opt_resilience_mode ?: "checksum", ++ .hash = opt_resilience_hash ?: "sha256", + .max_hotzone_size = opt_hotzone_size / SECTOR_SIZE, + .device_size = opt_device_size / SECTOR_SIZE, + .flags = CRYPT_REENCRYPT_RESUME_ONLY +@@ -2736,8 +2738,8 @@ static int action_encrypt_luks2(struct crypt_device **cd) + struct crypt_params_reencrypt params = { + .mode = CRYPT_REENCRYPT_ENCRYPT, + .direction = opt_data_shift < 0 ? CRYPT_REENCRYPT_BACKWARD : CRYPT_REENCRYPT_FORWARD, +- .resilience = opt_resilience_mode, +- .hash = opt_resilience_hash, ++ .resilience = opt_resilience_mode ?: "checksum", ++ .hash = opt_resilience_hash ?: "sha256", + .max_hotzone_size = opt_hotzone_size / SECTOR_SIZE, + .device_size = opt_device_size / SECTOR_SIZE, + .luks2 = &luks2_params, +@@ -2746,7 +2748,7 @@ static int action_encrypt_luks2(struct crypt_device **cd) + + _set_reencryption_flags(¶ms.flags); + +- type = luksType(opt_type); ++ type = luksType(device_type); + if (!type) + type = crypt_get_default_type(); + +@@ -2786,7 +2788,8 @@ static int action_encrypt_luks2(struct crypt_device **cd) + if (!opt_uuid) { + uuid_generate(uuid); + uuid_unparse(uuid, uuid_str); +- opt_uuid = uuid_str; ++ if (!(opt_uuid = strdup(uuid_str))) ++ return -ENOMEM; + } + + /* Check the data device is not LUKS device already */ +@@ -2825,7 +2828,10 @@ static int action_encrypt_luks2(struct crypt_device **cd) + goto err; + } + +- opt_header_device = header_file; ++ if (!(opt_header_device = strdup(header_file))) { ++ r = -ENOMEM; ++ goto err; ++ } + /* + * FIXME: just override offset here, but we should support both. + * offset and implicit offset via data shift (lvprepend?) +@@ -2911,8 +2917,8 @@ static int action_decrypt_luks2(struct crypt_device *cd) + struct crypt_params_reencrypt params = { + .mode = CRYPT_REENCRYPT_DECRYPT, + .direction = opt_data_shift > 0 ? CRYPT_REENCRYPT_FORWARD : CRYPT_REENCRYPT_BACKWARD, +- .resilience = opt_data_shift ? "datashift" : opt_resilience_mode, +- .hash = opt_resilience_hash, ++ .resilience = opt_data_shift ? "datashift" : (opt_resilience_mode ?: "checksum"), ++ .hash = opt_resilience_hash ?: "sha256", + .data_shift = imaxabs(opt_data_shift) / SECTOR_SIZE, + .device_size = opt_device_size / SECTOR_SIZE, + .max_hotzone_size = opt_hotzone_size / SECTOR_SIZE, +@@ -3124,8 +3130,8 @@ static int action_reencrypt_luks2(struct crypt_device *cd) + struct crypt_params_reencrypt params = { + .mode = CRYPT_REENCRYPT_REENCRYPT, + .direction = opt_data_shift < 0 ? CRYPT_REENCRYPT_BACKWARD : CRYPT_REENCRYPT_FORWARD, +- .resilience = opt_data_shift ? "datashift" : opt_resilience_mode, +- .hash = opt_resilience_hash, ++ .resilience = opt_data_shift ? "datashift" : (opt_resilience_mode ?: "checksum"), ++ .hash = opt_resilience_hash ?: "sha256", + .data_shift = imaxabs(opt_data_shift) / SECTOR_SIZE, + .max_hotzone_size = opt_hotzone_size / SECTOR_SIZE, + .device_size = opt_device_size / SECTOR_SIZE, +@@ -3651,26 +3657,26 @@ int main(int argc, const char **argv) + action_argv[1] = tmp; + } + aname = "open"; +- opt_type = "plain"; ++ device_type = "plain"; + } else if (!strcmp(aname, "plainOpen")) { + aname = "open"; +- opt_type = "plain"; ++ device_type = "plain"; + } else if (!strcmp(aname, "luksOpen")) { + aname = "open"; +- opt_type = "luks"; ++ device_type = "luks"; + } else if (!strcmp(aname, "loopaesOpen")) { + aname = "open"; +- opt_type = "loopaes"; ++ device_type = "loopaes"; + } else if (!strcmp(aname, "tcryptOpen")) { + aname = "open"; +- opt_type = "tcrypt"; ++ device_type = "tcrypt"; + } else if (!strcmp(aname, "bitlkOpen")) { + aname = "open"; +- opt_type = "bitlk"; ++ device_type = "bitlk"; + } else if (!strcmp(aname, "tcryptDump")) { +- opt_type = "tcrypt"; ++ device_type = "tcrypt"; + } else if (!strcmp(aname, "bitlkDump")) { +- opt_type = "bitlk"; ++ device_type = "bitlk"; + } else if (!strcmp(aname, "remove") || + !strcmp(aname, "plainClose") || + !strcmp(aname, "luksClose") || +@@ -3680,18 +3686,19 @@ int main(int argc, const char **argv) + aname = "close"; + } else if (!strcmp(aname, "luksErase")) { + aname = "erase"; +- opt_type = "luks"; ++ device_type = "luks"; + } else if (!strcmp(aname, "luksConfig")) { + aname = "config"; +- opt_type = "luks2"; ++ device_type = "luks2"; + } else if (!strcmp(aname, "refresh")) { + aname = "open"; + opt_refresh = 1; +- } ++ } else if (opt_type) ++ device_type = opt_type; + + /* ignore user supplied type and query device type instead */ + if (opt_refresh) +- opt_type = NULL; ++ device_type = NULL; + + for(action = action_types; action->type; action++) + if (strcmp(action->type, aname) == 0) +@@ -3716,7 +3723,7 @@ int main(int argc, const char **argv) + _("Option --deferred is allowed only for close command."), + poptGetInvocationName(popt_context)); + +- if (opt_shared && (strcmp(aname, "open") || strcmp_or_null(opt_type, "plain"))) ++ if (opt_shared && (strcmp(aname, "open") || strcmp_or_null(device_type, "plain"))) + usage(popt_context, EXIT_FAILURE, + _("Option --shared is allowed only for open of plain device."), + poptGetInvocationName(popt_context)); +@@ -3768,8 +3775,8 @@ int main(int argc, const char **argv) + _("Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."), + poptGetInvocationName(popt_context)); + +- if (opt_test_passphrase && (strcmp(aname, "open") || !opt_type || +- (strncmp(opt_type, "luks", 4) && strcmp(opt_type, "tcrypt") && strcmp(opt_type, "bitlk")))) ++ if (opt_test_passphrase && (strcmp(aname, "open") || !device_type || ++ (strncmp(device_type, "luks", 4) && strcmp(device_type, "tcrypt") && strcmp(device_type, "bitlk")))) + usage(popt_context, EXIT_FAILURE, + _("Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."), + poptGetInvocationName(popt_context)); +@@ -3791,7 +3798,7 @@ int main(int argc, const char **argv) + if (opt_key_file) + log_err(_("Option --key-file takes precedence over specified key file argument.")); + else +- opt_key_file = action_argv[1]; ++ opt_key_file = strdup(action_argv[1]); + } + + if (opt_keyfile_size < 0 || opt_new_keyfile_size < 0 || opt_key_size < 0) +@@ -3799,7 +3806,7 @@ int main(int argc, const char **argv) + _("Negative number for option not permitted."), + poptGetInvocationName(popt_context)); + +- if (total_keyfiles > 1 && (strcmp_or_null(opt_type, "tcrypt"))) ++ if (total_keyfiles > 1 && (strcmp_or_null(device_type, "tcrypt"))) + usage(popt_context, EXIT_FAILURE, _("Only one --key-file argument is allowed."), + poptGetInvocationName(popt_context)); + +@@ -3837,20 +3844,20 @@ int main(int argc, const char **argv) + poptGetInvocationName(popt_context)); + + if (opt_skip && (strcmp(aname, "open") || +- (strcmp_or_null(opt_type, "plain") && strcmp(opt_type, "loopaes")))) ++ (strcmp_or_null(device_type, "plain") && strcmp(device_type, "loopaes")))) + usage(popt_context, EXIT_FAILURE, + _("Option --skip is supported only for open of plain and loopaes devices."), + poptGetInvocationName(popt_context)); + + if (opt_offset && ((strcmp(aname, "reencrypt") && strcmp(aname, "open") && strcmp(aname, "luksFormat")) || +- (!strcmp(aname, "open") && strcmp_or_null(opt_type, "plain") && strcmp(opt_type, "loopaes")) || +- (!strcmp(aname, "luksFormat") && opt_type && strncmp(opt_type, "luks", 4)))) ++ (!strcmp(aname, "open") && strcmp_or_null(device_type, "plain") && strcmp(device_type, "loopaes")) || ++ (!strcmp(aname, "luksFormat") && device_type && strncmp(device_type, "luks", 4)))) + usage(popt_context, EXIT_FAILURE, + _("Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."), + poptGetInvocationName(popt_context)); + + if ((opt_tcrypt_hidden || opt_tcrypt_system || opt_tcrypt_backup) && strcmp(aname, "tcryptDump") && +- (strcmp(aname, "open") || !opt_type || strcmp(opt_type, "tcrypt"))) ++ (strcmp(aname, "open") || !device_type || strcmp(device_type, "tcrypt"))) + usage(popt_context, EXIT_FAILURE, + _("Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."), + poptGetInvocationName(popt_context)); +@@ -3860,7 +3867,7 @@ int main(int argc, const char **argv) + _("Option --tcrypt-hidden cannot be combined with --allow-discards."), + poptGetInvocationName(popt_context)); + +- if (opt_veracrypt && (!opt_type || strcmp(opt_type, "tcrypt"))) ++ if (opt_veracrypt && (!device_type || strcmp(device_type, "tcrypt"))) + usage(popt_context, EXIT_FAILURE, + _("Option --veracrypt is supported only for TCRYPT device type."), + poptGetInvocationName(popt_context)); +@@ -3899,7 +3906,7 @@ int main(int argc, const char **argv) + _("Keyslot specification is required."), + poptGetInvocationName(popt_context)); + +- if (opt_pbkdf && crypt_parse_pbkdf(opt_pbkdf, &opt_pbkdf)) ++ if (opt_pbkdf && crypt_parse_pbkdf(opt_pbkdf, &set_pbkdf)) + usage(popt_context, EXIT_FAILURE, + _("Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."), + poptGetInvocationName(popt_context)); +@@ -3910,7 +3917,7 @@ int main(int argc, const char **argv) + poptGetInvocationName(popt_context)); + + if (opt_sector_size && strcmp(aname, "reencrypt") && strcmp(aname, "luksFormat") && +- (strcmp(aname, "open") || strcmp_or_null(opt_type, "plain"))) ++ (strcmp(aname, "open") || strcmp_or_null(device_type, "plain"))) + usage(popt_context, EXIT_FAILURE, + _("Sector size option is not supported for this command."), + poptGetInvocationName(popt_context)); +diff --git a/src/cryptsetup_reencrypt.c b/src/cryptsetup_reencrypt.c +index 5b11db1e..fa1f5db3 100644 +--- a/src/cryptsetup_reencrypt.c ++++ b/src/cryptsetup_reencrypt.c +@@ -34,7 +34,7 @@ static const char *opt_hash = NULL; + static const char *opt_key_file = NULL; + static const char *opt_master_key_file = NULL; + static const char *opt_uuid = NULL; +-static const char *opt_type = "luks"; ++static const char *opt_type = NULL; + static const char *opt_pbkdf = NULL; + static const char *opt_header_device = NULL; + +@@ -66,6 +66,8 @@ static int opt_decrypt = 0; + + static const char **action_argv; + ++static const char *set_pbkdf = NULL; ++ + #define MAX_SLOT 32 + #define MAX_TOKEN 32 + struct reenc_ctx { +@@ -484,7 +486,7 @@ static int set_pbkdf_params(struct crypt_device *cd, const char *dev_type) + if (!pbkdf_default) + return -EINVAL; + +- pbkdf.type = opt_pbkdf ?: pbkdf_default->type; ++ pbkdf.type = set_pbkdf ?: pbkdf_default->type; + pbkdf.hash = opt_hash ?: pbkdf_default->hash; + pbkdf.time_ms = (uint32_t)opt_iteration_time ?: pbkdf_default->time_ms; + if (strcmp(pbkdf.type, CRYPT_KDF_PBKDF2)) { +@@ -1690,7 +1692,7 @@ int main(int argc, const char **argv) + poptGetInvocationName(popt_context)); + } + +- if (opt_pbkdf && crypt_parse_pbkdf(opt_pbkdf, &opt_pbkdf)) ++ if (opt_pbkdf && crypt_parse_pbkdf(opt_pbkdf, &set_pbkdf)) + usage(popt_context, EXIT_FAILURE, + _("Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."), + poptGetInvocationName(popt_context)); +diff --git a/src/integritysetup.c b/src/integritysetup.c +index d385af25..76a2f0ad 100644 +--- a/src/integritysetup.c ++++ b/src/integritysetup.c +@@ -28,7 +28,7 @@ + #define MAX_KEY_SIZE 4096 + + static const char *opt_data_device = NULL; +-static const char *opt_integrity = DEFAULT_ALG_NAME; ++static const char *opt_integrity = NULL; /* DEFAULT_ALG_NAME */ + static const char *opt_integrity_key_file = NULL; + static const char *opt_journal_integrity = NULL; /* none */ + static const char *opt_journal_integrity_key_file = NULL; +@@ -59,6 +59,7 @@ static int opt_integrity_legacy_padding = 0; + static int opt_integrity_recalculate = 0; + static int opt_allow_discards = 0; + ++static const char *integrity_alg = DEFAULT_ALG_NAME; + static const char **action_argv; + static int action_argc; + +@@ -186,8 +187,8 @@ static int action_format(int arg) + int r; + size_t signatures; + +- if (opt_integrity) { +- r = crypt_parse_hash_integrity_mode(opt_integrity, integrity); ++ if (integrity_alg) { ++ r = crypt_parse_hash_integrity_mode(integrity_alg, integrity); + if (r < 0) { + log_err(_("No known integrity specification pattern detected.")); + return r; +@@ -275,8 +276,8 @@ static int action_open(int arg) + char *integrity_key = NULL; + int r; + +- if (opt_integrity) { +- r = crypt_parse_hash_integrity_mode(opt_integrity, integrity); ++ if (integrity_alg) { ++ r = crypt_parse_hash_integrity_mode(integrity_alg, integrity); + if (r < 0) { + log_err(_("No known integrity specification pattern detected.")); + return r; +@@ -626,6 +627,9 @@ int main(int argc, const char **argv) + aname = "close"; + } + ++ if (opt_integrity) ++ integrity_alg = opt_integrity; ++ + for (action = action_types; action->type; action++) + if (strcmp(action->type, aname) == 0) + break; +@@ -676,7 +680,7 @@ int main(int argc, const char **argv) + (!opt_integrity_key_file && opt_integrity_key_size)) + usage(popt_context, EXIT_FAILURE, _("Both key file and key size options must be specified."), + poptGetInvocationName(popt_context)); +- if (!opt_integrity && opt_integrity_key_file) ++ if (!integrity_alg && opt_integrity_key_file) + usage(popt_context, EXIT_FAILURE, _("Integrity algorithm must be specified if integrity key is used."), + poptGetInvocationName(popt_context)); + +-- +2.21.1 (Apple Git-122.3) + diff --git a/cryptsetup.spec b/cryptsetup.spec index 6e8b572c86fdfb1aad517c9b53617a4a1d8368ee..89f45489bd93113342d10ec82833b0a1aa356529 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -1,6 +1,6 @@ Name: cryptsetup Version: 2.3.3 -Release: 1 +Release: 2 Summary: Utility used to conveniently set up disk encryption License: GPLv2+ and LGPLv2+ URL: https://gitlab.com/cryptsetup/cryptsetup @@ -8,6 +8,9 @@ Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-%{ve Patch1: 0001-cryptsetup-add-system-library-paths.patch Patch2: 0002-fix-compat-test.patch +Patch3: 0003-Properly-prefix-all-popt-variables-in-veritysetup.patch +Patch4: 0004-Group-all-string-options-variables-together.patch +Patch5: 0005-Do-not-pass-constant-strings-to-option-string-variab.patch BuildRequires: openssl-devel, popt-devel, device-mapper-devel, git BuildRequires: libuuid-devel, json-c-devel, libargon2-devel, libpwquality-devel, libblkid-devel @@ -107,6 +110,9 @@ This contains man files for the using of cryptsetup. %{_mandir}/man8/* %changelog +* Mon Jul 27 2020 Zhiqiang Liu - 2.3.3-2 +- backport upstream patches. + * Sat Jul 18 2020 Ruijun Ge - 2.3.3-1 - update to 2.3.3 version