From ab2036a8a626a528e03b63f30012cea44e477af3 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 01 2022 13:05:52 +0000 Subject: import cryptsetup-2.4.3-1.el9 --- diff --git a/.cryptsetup.metadata b/.cryptsetup.metadata index 4ef48e6..893bd79 100644 --- a/.cryptsetup.metadata +++ b/.cryptsetup.metadata @@ -1 +1 @@ -8f25d5d69a4724e08e75697c82ce80a292d69b30 SOURCES/cryptsetup-2.4.1.tar.xz +1597b4642a9ef6b73ad191516f26bd2292055680 SOURCES/cryptsetup-2.4.3.tar.xz diff --git a/.gitignore b/.gitignore index 4c60d40..fe5f8f9 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/cryptsetup-2.4.1.tar.xz +SOURCES/cryptsetup-2.4.3.tar.xz diff --git a/SOURCES/cryptsetup-2.4.2-Check-if-DM-create-device-failed-in-an-early-phase.patch b/SOURCES/cryptsetup-2.4.2-Check-if-DM-create-device-failed-in-an-early-phase.patch deleted file mode 100644 index 67ae8df..0000000 --- a/SOURCES/cryptsetup-2.4.2-Check-if-DM-create-device-failed-in-an-early-phase.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 10b1d6493e3be04953ac9f65d2b2d992ab87bdde Mon Sep 17 00:00:00 2001 -From: Milan Broz -Date: Tue, 21 Sep 2021 15:54:07 +0200 -Subject: [PATCH 2/7] Check if DM create device failed in an early phase. - -This happens when concurrent creation of DM devices meets -in the very early state (no device node exists but creation fails). - -Return -ENODEV here instead of -EINVAL. - -(Should "fix" random verity concurrent test failure.) ---- - lib/libdevmapper.c | 11 ++++------- - 1 file changed, 4 insertions(+), 7 deletions(-) - -diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c -index 09fd9588..1594f877 100644 ---- a/lib/libdevmapper.c -+++ b/lib/libdevmapper.c -@@ -1346,12 +1346,6 @@ err: - return r; - } - --static bool dm_device_exists(struct crypt_device *cd, const char *name) --{ -- int r = dm_status_device(cd, name); -- return (r >= 0 || r == -EEXIST); --} -- - static int _dm_create_device(struct crypt_device *cd, const char *name, const char *type, - struct crypt_dm_active_device *dmd) - { -@@ -1402,8 +1396,11 @@ static int _dm_create_device(struct crypt_device *cd, const char *name, const ch - goto out; - - if (!dm_task_run(dmt)) { -- if (dm_device_exists(cd, name)) -+ r = dm_status_device(cd, name);; -+ if (r >= 0) - r = -EEXIST; -+ if (r != -EEXIST && r != -ENODEV) -+ r = -EINVAL; - goto out; - } - --- -2.27.0 - diff --git a/SOURCES/cryptsetup-2.4.2-Do-not-try-to-set-compiler-optimization-flag-if-wipe.patch b/SOURCES/cryptsetup-2.4.2-Do-not-try-to-set-compiler-optimization-flag-if-wipe.patch deleted file mode 100644 index 7ec2b84..0000000 --- a/SOURCES/cryptsetup-2.4.2-Do-not-try-to-set-compiler-optimization-flag-if-wipe.patch +++ /dev/null @@ -1,53 +0,0 @@ -From a76310b53fbb117e620f2c37350b68dd267f1088 Mon Sep 17 00:00:00 2001 -From: Milan Broz -Date: Mon, 20 Sep 2021 17:42:20 +0200 -Subject: [PATCH 1/7] Do not try to set compiler optimization flag if wipe is - implemented in libc. - -If zeroing memory is implemented through libc call (like memset_bzero), -compiler should never remove such call. It is not needed to set O0 -optimization flag explicitly. - -Various checkers like annocheck causes problems with these flags, -just remove it where it makes no sense. - -(Moreover, we use the same pattern without compiler magic -in crypt_backend_memzero() already.) ---- - lib/crypto_backend/argon2/core.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/lib/crypto_backend/argon2/core.c b/lib/crypto_backend/argon2/core.c -index b204ba98..db9a7741 100644 ---- a/lib/crypto_backend/argon2/core.c -+++ b/lib/crypto_backend/argon2/core.c -@@ -120,18 +120,24 @@ void free_memory(const argon2_context *context, uint8_t *memory, - } - } - --void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) { - #if defined(_MSC_VER) && VC_GE_2005(_MSC_VER) -+void secure_wipe_memory(void *v, size_t n) { - SecureZeroMemory(v, n); -+} - #elif defined memset_s -+void secure_wipe_memory(void *v, size_t n) { - memset_s(v, n, 0, n); -+} - #elif defined(HAVE_EXPLICIT_BZERO) -+void secure_wipe_memory(void *v, size_t n) { - explicit_bzero(v, n); -+} - #else -+void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) { - static void *(*const volatile memset_sec)(void *, int, size_t) = &memset; - memset_sec(v, 0, n); --#endif - } -+#endif - - /* Memory clear flag defaults to true. */ - int FLAG_clear_internal_memory = 1; --- -2.27.0 - diff --git a/SOURCES/cryptsetup-2.5.0-Fix-typo-in-repair-prompt.patch b/SOURCES/cryptsetup-2.5.0-Fix-typo-in-repair-prompt.patch new file mode 100644 index 0000000..5bf54fb --- /dev/null +++ b/SOURCES/cryptsetup-2.5.0-Fix-typo-in-repair-prompt.patch @@ -0,0 +1,12 @@ +diff -rupN cryptsetup-2.4.3.old/src/cryptsetup.c cryptsetup-2.4.3/src/cryptsetup.c +--- cryptsetup-2.4.3.old/src/cryptsetup.c 2022-01-21 13:14:56.864817351 +0100 ++++ cryptsetup-2.4.3/src/cryptsetup.c 2022-01-21 13:15:15.579947027 +0100 +@@ -1188,7 +1188,7 @@ static int reencrypt_metadata_repair(str + _("Operation aborted.\n"))) + return -EINVAL; + +- r = tools_get_key(_("Enter passphrase to protect and uppgrade reencryption metadata: "), ++ r = tools_get_key(_("Enter passphrase to protect and upgrade reencryption metadata: "), + &password, &passwordLen, ARG_UINT64(OPT_KEYFILE_OFFSET_ID), + ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID), ARG_UINT32(OPT_TIMEOUT_ID), + _verify_passphrase(0), 0, cd); diff --git a/SPECS/cryptsetup.spec b/SPECS/cryptsetup.spec index ba1d65b..faa2c44 100644 --- a/SPECS/cryptsetup.spec +++ b/SPECS/cryptsetup.spec @@ -1,6 +1,6 @@ Summary: Utility for setting up encrypted disks Name: cryptsetup -Version: 2.4.1 +Version: 2.4.3 Release: 1%{?dist} License: GPLv2+ and LGPLv2+ URL: https://gitlab.com/cryptsetup/cryptsetup @@ -14,8 +14,7 @@ Requires: libpwquality >= 1.2.0 %global upstream_version %{version} Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{upstream_version}.tar.xz # Following patch has to applied last -Patch0000: %{name}-2.4.2-Do-not-try-to-set-compiler-optimization-flag-if-wipe.patch -Patch0001: %{name}-2.4.2-Check-if-DM-create-device-failed-in-an-early-phase.patch +Patch0000: %{name}-2.5.0-Fix-typo-in-repair-prompt.patch Patch9999: %{name}-add-system-library-paths.patch %description @@ -113,6 +112,11 @@ rm -rf %{buildroot}%{_libdir}/*.la %ghost %attr(700, -, -) %dir /run/cryptsetup %changelog +* Fri Jan 21 2022 Ondrej Kozina - 2.4.3-1 +- Update to cryptsetup 2.4.3. +- patch: Fix typo in repair command prompt. + Resolves: #2022309 #2023316 #2032782 + * Wed Sep 29 2021 Ondrej Kozina - 2.4.1-1 - Update to cryptsetup 2.4.1. Resolves: #2005035 #2005877