Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2018-11-06 15:25:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "cryptsetup" Tue Nov 6 15:25:37 2018 rev:103 rq:645684 version:2.0.5 Changes: -------- --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes 2018-08-28 09:23:05.376574368 +0200 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2018-11-06 15:25:56.220471801 +0100 @@ -1,0 +2,68 @@ +Tue Oct 30 10:10:35 UTC 2018 - lnussel@suse.de + +- Suggest hmac package (boo#1090768) +- remove old upgrade hack for upgrades from 12.1 +- New version 2.0.5 + + Changes since version 2.0.4 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + * Wipe full header areas (including unused) during LUKS format. + + Since this version, the whole area up to the data offset is zeroed, + and subsequently, all keyslots areas are wiped with random data. + This ensures that no remaining old data remains in the LUKS header + areas, but it could slow down format operation on some devices. + Previously only first 4k (or 32k for LUKS2) and the used keyslot + was overwritten in the format operation. + + * Several fixes to error messages that were unintentionally replaced + in previous versions with a silent exit code. + More descriptive error messages were added, including error + messages if + - a device is unusable (not a block device, no access, etc.), + - a LUKS device is not detected, + - LUKS header load code detects unsupported version, + - a keyslot decryption fails (also happens in the cipher check), + - converting an inactive keyslot. + + * Device activation fails if data area overlaps with LUKS header. + + * Code now uses explicit_bzero to wipe memory if available + (instead of own implementation). + + * Additional VeraCrypt modes are now supported, including Camellia + and Kuznyechik symmetric ciphers (and cipher chains) and Streebog + hash function. These were introduced in a recent VeraCrypt upstream. + + Note that Kuznyechik requires out-of-tree kernel module and + Streebog hash function is available only with the gcrypt cryptographic + backend for now. + + * Fixes static build for integritysetup if the pwquality library is used. + + * Allows passphrase change for unbound keyslots. + + * Fixes removed keyslot number in verbose message for luksKillSlot, + luksRemoveKey and erase command. + + * Adds blkid scan when attempting to open a plain device and warn the user + about existing device signatures in a ciphertext device. + + * Remove LUKS header signature if luksFormat fails to add the first keyslot. + + * Remove O_SYNC from device open and use fsync() to speed up + wipe operation considerably. + + * Create --master-key-file in luksDump and fail if the file already exists. + + * Fixes a bug when LUKS2 authenticated encryption with a detached header + wiped the header device instead of dm-integrity data device area (causing + unnecessary LUKS2 header auto recovery). + +------------------------------------------------------------------- +Tue Oct 30 09:55:50 UTC 2018 - lnussel@suse.de + +- make parallell installable version for SLE12 + +------------------------------------------------------------------- Old: ---- cryptsetup-2.0.4.tar.sign cryptsetup-2.0.4.tar.xz New: ---- cryptsetup-2.0.5.tar.sign cryptsetup-2.0.5.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cryptsetup.spec ++++++ --- /var/tmp/diff_new_pack.AIHMx8/_old 2018-11-06 15:26:07.848454137 +0100 +++ /var/tmp/diff_new_pack.AIHMx8/_new 2018-11-06 15:26:07.852454131 +0100 @@ -17,8 +17,12 @@ %define so_ver 12 +%if 0%{?is_backports} +Name: cryptsetup2 +%else Name: cryptsetup -Version: 2.0.4 +%endif +Version: 2.0.5 Release: 0 Summary: Set Up dm-crypt Based Encrypted Block Devices License: SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later @@ -28,7 +32,7 @@ # GPG signature of the uncompressed tarball. Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{version}.tar.sign Source2: baselibs.conf -Source3: %{name}.keyring +Source3: cryptsetup.keyring BuildRequires: device-mapper-devel BuildRequires: fipscheck BuildRequires: fipscheck-devel @@ -44,6 +48,11 @@ BuildRequires: suse-module-tools BuildRequires: pkgconfig(blkid) BuildRequires: pkgconfig(libargon2) +%if 0%{?is_backports} +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +%endif Requires(post): coreutils Requires(postun): coreutils @@ -57,6 +66,7 @@ %package -n libcryptsetup%{so_ver} Summary: Set Up dm-crypt Based Encrypted Block Devices Group: System/Libraries +Suggests: libcryptsetup%{so_ver}-hmac %description -n libcryptsetup%{so_ver} cryptsetup is used to conveniently set up dm-crypt based device-mapper @@ -73,7 +83,7 @@ This package contains HMAC checksums for integrity checking of libcryptsetup4, used for FIPS. -%package -n libcryptsetup-devel +%package -n lib%{name}-devel Summary: Set Up dm-crypt Based Encrypted Block Devices Group: Development/Libraries/C and C++ Requires: glibc-devel @@ -81,8 +91,12 @@ # cryptsetup-devel last used 11.1 Provides: cryptsetup-devel = %{version} Obsoletes: cryptsetup-devel < %{version} +%if 0%{?is_backports} +# have to conflict with main package that is in SLE +Conflicts: cryptsetup-devel < %{version} +%endif -%description -n libcryptsetup-devel +%description -n lib%{name}-devel cryptsetup is used to conveniently set up dm-crypt based device-mapper targets. It allows to set up targets to read cryptoloop compatible volumes as well as LUKS formatted ones. The package additionally @@ -90,7 +104,11 @@ time via the config file %{_sysconfdir}/crypttab. %prep -%setup -q +%setup -n cryptsetup-%{version} -q +%if 0%{?is_backports} +sed -i -e '/AC_INIT/s/cryptsetup/cryptsetup2/' configure.ac +autoreconf -f -i +%endif %build %configure \ @@ -114,58 +132,53 @@ %{nil} %make_install +%if 0%{?is_backports} +# need to rename a files to avoid file conflict +for i in cryptsetup integritysetup veritysetup cryptsetup-reencrypt; do + mv %{buildroot}%{_sbindir}/$i %{buildroot}%{_sbindir}/${i}2 + mv %{buildroot}%{_mandir}/man8/$i.8 %{buildroot}%{_mandir}/man8/${i}2.8 +done +rm -f %{buildroot}%{_tmpfilesdir}/cryptsetup.conf +%endif install -dm 0755 %{buildroot}/sbin -ln -s ..%{_sbindir}/cryptsetup %{buildroot}/sbin +ln -s ..%{_sbindir}/cryptsetup%{?is_backports:2} %{buildroot}/sbin # don't want this file in /lib (FHS compat check), and can't move it to /usr/lib find %{buildroot} -type f -name "*.la" -delete -print # %find_lang %{name} --all-name -%post -test -n "$FIRST_ARG" || FIRST_ARG="$1" -# -# convert noauto to nofail and turn on fsck (bnc#724113) +%if !0%{?is_backports} # -marker="%{_localstatedir}/adm/crypsetup.fstab.noauto_converted" -if [ "$FIRST_ARG" -gt 1 -a ! -e "$marker" ]; then - echo "updating %{_sysconfdir}/fstab ... " - tmpfstab="%{_sysconfdir}/fstab.cryptsetup.$$" - sed -e '/^\/dev\/mapper\/cr_.*,noauto\s/{s/,noauto\(\s\)/,nofail\1/;s/ 0 0$/ 0 2/}' < %{_sysconfdir}/fstab > "$tmpfstab" - if diff -u0 %{_sysconfdir}/fstab "$tmpfstab"; then - echo "no change" - rm -f "$tmpfstab" - > "$marker" - else - cp "$tmpfstab" "$marker" - mv "$tmpfstab" %{_sysconfdir}/fstab - fi -fi - +%post %{?regenerate_initrd_post} -%tmpfiles_create %{_tmpfilesdir}/%{name}.conf +%tmpfiles_create %{_tmpfilesdir}/cryptsetup.conf %postun %{?regenerate_initrd_post} %posttrans %{?regenerate_initrd_posttrans} +# +%endif %post -n libcryptsetup%{so_ver} -p /sbin/ldconfig %postun -n libcryptsetup%{so_ver} -p /sbin/ldconfig %files -f %{name}.lang %doc AUTHORS COPYING* FAQ README TODO docs/ChangeLog.old docs/*ReleaseNotes -/sbin/cryptsetup -%{_sbindir}/cryptsetup -%{_sbindir}/veritysetup -%{_sbindir}/integritysetup -%{_sbindir}/cryptsetup-reencrypt -%{_mandir}/man8/cryptsetup.8%{ext_man} -%{_mandir}/man8/cryptsetup-reencrypt.8%{ext_man} -%{_mandir}/man8/veritysetup.8%{ext_man} -%{_mandir}/man8/integritysetup.8%{ext_man} +/sbin/cryptsetup%{?is_backports:2} +%{_sbindir}/cryptsetup%{?is_backports:2} +%{_sbindir}/veritysetup%{?is_backports:2} +%{_sbindir}/integritysetup%{?is_backports:2} +%{_sbindir}/cryptsetup-reencrypt%{?is_backports:2} +%{_mandir}/man8/cryptsetup%{?is_backports:2}.8%{ext_man} +%{_mandir}/man8/cryptsetup-reencrypt%{?is_backports:2}.8%{ext_man} +%{_mandir}/man8/veritysetup%{?is_backports:2}.8%{ext_man} +%{_mandir}/man8/integritysetup%{?is_backports:2}.8%{ext_man} +%if !0%{?is_backports} %{_tmpfilesdir}/cryptsetup.conf %ghost %dir /run/cryptsetup +%endif %files -n libcryptsetup%{so_ver} %{_libdir}/libcryptsetup.so.%{so_ver}* @@ -173,7 +186,7 @@ %files -n libcryptsetup%{so_ver}-hmac %{_libdir}/.libcryptsetup.so.%{so_ver}*hmac -%files -n libcryptsetup-devel +%files -n lib%{name}-devel %doc docs/examples/ %{_includedir}/libcryptsetup.h %{_libdir}/libcryptsetup.so ++++++ cryptsetup-2.0.4.tar.xz -> cryptsetup-2.0.5.tar.xz ++++++ /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup-2.0.4.tar.xz /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup-2.0.5.tar.xz differ: char 15, line 1