diff --git a/SOURCES/cryptsetup-2.6.0-Code-cleanup.patch b/SOURCES/cryptsetup-2.6.0-Code-cleanup.patch new file mode 100644 index 0000000..718abef --- /dev/null +++ b/SOURCES/cryptsetup-2.6.0-Code-cleanup.patch @@ -0,0 +1,28 @@ +From 23903951505cd4ad9f3469e037278494c14a7791 Mon Sep 17 00:00:00 2001 +From: Ondrej Kozina +Date: Wed, 12 Oct 2022 12:05:00 +0200 +Subject: [PATCH 3/5] Code cleanup. + +Type cast is not needed here. +--- + lib/libdevmapper.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c +index 7fcf843f..6a239e14 100644 +--- a/lib/libdevmapper.c ++++ b/lib/libdevmapper.c +@@ -1992,9 +1992,7 @@ static int _dm_target_query_crypt(struct crypt_device *cd, uint32_t get_flags, + + /* cipher */ + if (get_flags & DM_ACTIVE_CRYPT_CIPHER) { +- r = crypt_capi_to_cipher(CONST_CAST(char**)&cipher, +- CONST_CAST(char**)&integrity, +- rcipher, rintegrity); ++ r = crypt_capi_to_cipher(&cipher, &integrity, rcipher, rintegrity); + if (r < 0) + goto err; + } +-- +2.38.1 + diff --git a/SOURCES/cryptsetup-2.6.0-Copy-also-integrity-string-in-legacy-mode.patch b/SOURCES/cryptsetup-2.6.0-Copy-also-integrity-string-in-legacy-mode.patch new file mode 100644 index 0000000..9a6bdcc --- /dev/null +++ b/SOURCES/cryptsetup-2.6.0-Copy-also-integrity-string-in-legacy-mode.patch @@ -0,0 +1,34 @@ +From 19c15a652f878458493f0ac335110e2779f3cbe3 Mon Sep 17 00:00:00 2001 +From: Ondrej Kozina +Date: Wed, 12 Oct 2022 11:59:09 +0200 +Subject: [PATCH 4/5] Copy also integrity string in legacy mode. + +So that it handles integrity string same as it does +with cipher string. +--- + lib/utils_crypt.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/lib/utils_crypt.c b/lib/utils_crypt.c +index 4f4dbba8..93f846d7 100644 +--- a/lib/utils_crypt.c ++++ b/lib/utils_crypt.c +@@ -284,7 +284,14 @@ int crypt_capi_to_cipher(char **org_c, char **org_i, const char *c_dm, const cha + if (strncmp(c_dm, "capi:", 4)) { + if (!(*org_c = strdup(c_dm))) + return -ENOMEM; +- *org_i = NULL; ++ if (i_dm) { ++ if (!(*org_i = strdup(i_dm))) { ++ free(*org_c); ++ *org_c = NULL; ++ return -ENOMEM; ++ } ++ } else ++ *org_i = NULL; + return 0; + } + +-- +2.38.1 + diff --git a/SOURCES/cryptsetup-2.6.0-Fix-cipher-convert-routines-naming-confusion.patch b/SOURCES/cryptsetup-2.6.0-Fix-cipher-convert-routines-naming-confusion.patch new file mode 100644 index 0000000..27108bc --- /dev/null +++ b/SOURCES/cryptsetup-2.6.0-Fix-cipher-convert-routines-naming-confusion.patch @@ -0,0 +1,53 @@ +From 3616da631f83a004a13a575a54df8123f0d65c29 Mon Sep 17 00:00:00 2001 +From: Ondrej Kozina +Date: Mon, 17 Oct 2022 15:18:42 +0200 +Subject: [PATCH 1/5] Fix cipher convert routines naming confusion. + +The function names were in fact swaped. +--- + lib/libdevmapper.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c +index 6c2eab78..0e45a789 100644 +--- a/lib/libdevmapper.c ++++ b/lib/libdevmapper.c +@@ -481,7 +481,7 @@ static size_t int_log10(uint64_t x) + #define CAPIL 144 /* should be enough to fit whole capi string */ + #define CAPIS "143" /* for sscanf of crypto API string + 16 + \0 */ + +-static int cipher_c2dm(const char *org_c, const char *org_i, unsigned tag_size, ++static int cipher_dm2c(const char *org_c, const char *org_i, unsigned tag_size, + char *c_dm, int c_dm_size, + char *i_dm, int i_dm_size) + { +@@ -543,7 +543,7 @@ static int cipher_c2dm(const char *org_c, const char *org_i, unsigned tag_size, + return 0; + } + +-static int cipher_dm2c(char **org_c, char **org_i, const char *c_dm, const char *i_dm) ++static int cipher_c2dm(char **org_c, char **org_i, const char *c_dm, const char *i_dm) + { + char cipher[CLEN], mode[CLEN], iv[CLEN], auth[CLEN]; + char tmp[CAPIL], dmcrypt_tmp[CAPIL*2], capi[CAPIL+1]; +@@ -629,7 +629,7 @@ static char *get_dm_crypt_params(const struct dm_target *tgt, uint32_t flags) + if (!tgt) + return NULL; + +- r = cipher_c2dm(tgt->u.crypt.cipher, tgt->u.crypt.integrity, tgt->u.crypt.tag_size, ++ r = cipher_dm2c(tgt->u.crypt.cipher, tgt->u.crypt.integrity, tgt->u.crypt.tag_size, + cipher_dm, sizeof(cipher_dm), integrity_dm, sizeof(integrity_dm)); + if (r < 0) + return NULL; +@@ -2066,7 +2066,7 @@ static int _dm_target_query_crypt(struct crypt_device *cd, uint32_t get_flags, + + /* cipher */ + if (get_flags & DM_ACTIVE_CRYPT_CIPHER) { +- r = cipher_dm2c(CONST_CAST(char**)&cipher, ++ r = cipher_c2dm(CONST_CAST(char**)&cipher, + CONST_CAST(char**)&integrity, + rcipher, rintegrity); + if (r < 0) +-- +2.38.1 + diff --git a/SOURCES/cryptsetup-2.6.0-Fix-internal-crypt-segment-compare-routine.patch b/SOURCES/cryptsetup-2.6.0-Fix-internal-crypt-segment-compare-routine.patch new file mode 100644 index 0000000..94b4bdc --- /dev/null +++ b/SOURCES/cryptsetup-2.6.0-Fix-internal-crypt-segment-compare-routine.patch @@ -0,0 +1,130 @@ +From 3e4c69a01709d35322ffa17c5360608907a207d7 Mon Sep 17 00:00:00 2001 +From: Ondrej Kozina +Date: Tue, 11 Oct 2022 11:48:13 +0200 +Subject: [PATCH 5/5] Fix internal crypt segment compare routine. + +The function is supposed to check if manipulated +active dm-crypt device matches the on-disk metadata. +Unfortunately it did not take into account differences +between normal cipher specification (aes-xts-plain64) +and capi format specification (capi:xts(aes)-plain64). +The internal query function always converted capi format +in normal format and therefor failed if capi format was +used in metadata. + +Fixes: #759. +--- + lib/setup.c | 36 ++++++++++++++++++++++++++---------- + tests/api-test-2.c | 14 ++++++++++++-- + 2 files changed, 38 insertions(+), 12 deletions(-) + +diff --git a/lib/setup.c b/lib/setup.c +index 6d7411b5..809049b9 100644 +--- a/lib/setup.c ++++ b/lib/setup.c +@@ -2458,6 +2458,9 @@ static int _compare_crypt_devices(struct crypt_device *cd, + const struct dm_target *src, + const struct dm_target *tgt) + { ++ char *src_cipher = NULL, *src_integrity = NULL; ++ int r = -EINVAL; ++ + /* for crypt devices keys are mandatory */ + if (!src->u.crypt.vk || !tgt->u.crypt.vk) + return -EINVAL; +@@ -2465,21 +2468,30 @@ static int _compare_crypt_devices(struct crypt_device *cd, + /* CIPHER checks */ + if (!src->u.crypt.cipher || !tgt->u.crypt.cipher) + return -EINVAL; +- if (strcmp(src->u.crypt.cipher, tgt->u.crypt.cipher)) { +- log_dbg(cd, "Cipher specs do not match."); ++ ++ /* ++ * dm_query_target converts capi cipher specification to dm-crypt format. ++ * We need to do same for cipher specification requested in source ++ * device. ++ */ ++ if (crypt_capi_to_cipher(&src_cipher, &src_integrity, src->u.crypt.cipher, src->u.crypt.integrity)) + return -EINVAL; ++ ++ if (strcmp(src_cipher, tgt->u.crypt.cipher)) { ++ log_dbg(cd, "Cipher specs do not match."); ++ goto out; + } + + if (tgt->u.crypt.vk->keylength == 0 && crypt_is_cipher_null(tgt->u.crypt.cipher)) + log_dbg(cd, "Existing device uses cipher null. Skipping key comparison."); + else if (_compare_volume_keys(src->u.crypt.vk, 0, tgt->u.crypt.vk, tgt->u.crypt.vk->key_description != NULL)) { + log_dbg(cd, "Keys in context and target device do not match."); +- return -EINVAL; ++ goto out; + } + +- if (crypt_strcmp(src->u.crypt.integrity, tgt->u.crypt.integrity)) { ++ if (crypt_strcmp(src_integrity, tgt->u.crypt.integrity)) { + log_dbg(cd, "Integrity parameters do not match."); +- return -EINVAL; ++ goto out; + } + + if (src->u.crypt.offset != tgt->u.crypt.offset || +@@ -2487,15 +2499,19 @@ static int _compare_crypt_devices(struct crypt_device *cd, + src->u.crypt.iv_offset != tgt->u.crypt.iv_offset || + src->u.crypt.tag_size != tgt->u.crypt.tag_size) { + log_dbg(cd, "Integer parameters do not match."); +- return -EINVAL; ++ goto out; + } + +- if (device_is_identical(src->data_device, tgt->data_device) <= 0) { ++ if (device_is_identical(src->data_device, tgt->data_device) <= 0) + log_dbg(cd, "Data devices do not match."); +- return -EINVAL; +- } ++ else ++ r = 0; + +- return 0; ++out: ++ free(src_cipher); ++ free(src_integrity); ++ ++ return r; + } + + static int _compare_integrity_devices(struct crypt_device *cd, +diff --git a/tests/api-test-2.c b/tests/api-test-2.c +index 0534677a..34002d1a 100644 +--- a/tests/api-test-2.c ++++ b/tests/api-test-2.c +@@ -1585,8 +1585,8 @@ static void ResizeDeviceLuks2(void) + + const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a"; + size_t key_size = strlen(mk_hex) / 2; +- const char *cipher = "aes"; +- const char *cipher_mode = "cbc-essiv:sha256"; ++ const char *cipher = "aes", *capi_cipher = "capi:cbc(aes)"; ++ const char *cipher_mode = "cbc-essiv:sha256", *capi_cipher_mode = "essiv:sha256"; + uint64_t r_payload_offset, r_header_size, r_size; + + /* Cannot use Argon2 in FIPS */ +@@ -1728,6 +1728,16 @@ static void ResizeDeviceLuks2(void) + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + ++ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); ++ OK_(crypt_set_pbkdf_type(cd, &pbkdf)); ++ OK_(crypt_format(cd, CRYPT_LUKS2, capi_cipher, capi_cipher_mode, NULL, key, key_size, NULL)); ++ OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); ++ OK_(crypt_resize(cd, CDEVICE_1, 8)); ++ if (!t_device_size(DMDIR CDEVICE_1, &r_size)) ++ EQ_(8, r_size >> SECTOR_SHIFT); ++ OK_(crypt_deactivate(cd, CDEVICE_1)); ++ CRYPT_FREE(cd); ++ + _cleanup_dmdevices(); + } + +-- +2.38.1 + diff --git a/SOURCES/cryptsetup-2.6.0-Move-cipher_dm2c-to-crypto-utilities.patch b/SOURCES/cryptsetup-2.6.0-Move-cipher_dm2c-to-crypto-utilities.patch new file mode 100644 index 0000000..35909ee --- /dev/null +++ b/SOURCES/cryptsetup-2.6.0-Move-cipher_dm2c-to-crypto-utilities.patch @@ -0,0 +1,250 @@ +From 9a9ddc7d22e14e14c9a6e97860cffada406adac3 Mon Sep 17 00:00:00 2001 +From: Ondrej Kozina +Date: Tue, 11 Oct 2022 10:50:17 +0200 +Subject: [PATCH 2/5] Move cipher_dm2c to crypto utilities. + +(Gets renamed to crypt_capi_to_cipher) +--- + lib/libdevmapper.c | 84 +++------------------------------------------- + lib/utils_crypt.c | 72 +++++++++++++++++++++++++++++++++++++++ + lib/utils_crypt.h | 11 ++++-- + 3 files changed, 85 insertions(+), 82 deletions(-) + +diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c +index 0e45a789..7fcf843f 100644 +--- a/lib/libdevmapper.c ++++ b/lib/libdevmapper.c +@@ -476,27 +476,22 @@ static size_t int_log10(uint64_t x) + return r; + } + +-#define CLEN 64 /* 2*MAX_CIPHER_LEN */ +-#define CLENS "63" /* for sscanf length + '\0' */ +-#define CAPIL 144 /* should be enough to fit whole capi string */ +-#define CAPIS "143" /* for sscanf of crypto API string + 16 + \0 */ +- + static int cipher_dm2c(const char *org_c, const char *org_i, unsigned tag_size, + char *c_dm, int c_dm_size, + char *i_dm, int i_dm_size) + { + int c_size = 0, i_size = 0, i; +- char cipher[CLEN], mode[CLEN], iv[CLEN+1], tmp[CLEN]; +- char capi[CAPIL]; ++ char cipher[MAX_CAPI_ONE_LEN], mode[MAX_CAPI_ONE_LEN], iv[MAX_CAPI_ONE_LEN+1], ++ tmp[MAX_CAPI_ONE_LEN], capi[MAX_CAPI_LEN]; + + if (!c_dm || !c_dm_size || !i_dm || !i_dm_size) + return -EINVAL; + +- i = sscanf(org_c, "%" CLENS "[^-]-%" CLENS "s", cipher, tmp); ++ i = sscanf(org_c, "%" MAX_CAPI_ONE_LEN_STR "[^-]-%" MAX_CAPI_ONE_LEN_STR "s", cipher, tmp); + if (i != 2) + return -EINVAL; + +- i = sscanf(tmp, "%" CLENS "[^-]-%" CLENS "s", mode, iv); ++ i = sscanf(tmp, "%" MAX_CAPI_ONE_LEN_STR "[^-]-%" MAX_CAPI_ONE_LEN_STR "s", mode, iv); + if (i == 1) { + memset(iv, 0, sizeof(iv)); + strncpy(iv, mode, sizeof(iv)-1); +@@ -543,75 +538,6 @@ static int cipher_dm2c(const char *org_c, const char *org_i, unsigned tag_size, + return 0; + } + +-static int cipher_c2dm(char **org_c, char **org_i, const char *c_dm, const char *i_dm) +-{ +- char cipher[CLEN], mode[CLEN], iv[CLEN], auth[CLEN]; +- char tmp[CAPIL], dmcrypt_tmp[CAPIL*2], capi[CAPIL+1]; +- size_t len; +- int i; +- +- if (!c_dm) +- return -EINVAL; +- +- /* legacy mode */ +- if (strncmp(c_dm, "capi:", 4)) { +- if (!(*org_c = strdup(c_dm))) +- return -ENOMEM; +- *org_i = NULL; +- return 0; +- } +- +- /* modes with capi: prefix */ +- i = sscanf(c_dm, "capi:%" CAPIS "[^-]-%" CLENS "s", tmp, iv); +- if (i != 2) +- return -EINVAL; +- +- len = strlen(tmp); +- if (len < 2) +- return -EINVAL; +- +- if (tmp[len-1] == ')') +- tmp[len-1] = '\0'; +- +- if (sscanf(tmp, "rfc4309(%" CAPIS "s", capi) == 1) { +- if (!(*org_i = strdup("aead"))) +- return -ENOMEM; +- } else if (sscanf(tmp, "rfc7539(%" CAPIS "[^,],%" CLENS "s", capi, auth) == 2) { +- if (!(*org_i = strdup(auth))) +- return -ENOMEM; +- } else if (sscanf(tmp, "authenc(%" CLENS "[^,],%" CAPIS "s", auth, capi) == 2) { +- if (!(*org_i = strdup(auth))) +- return -ENOMEM; +- } else { +- if (i_dm) { +- if (!(*org_i = strdup(i_dm))) +- return -ENOMEM; +- } else +- *org_i = NULL; +- memset(capi, 0, sizeof(capi)); +- strncpy(capi, tmp, sizeof(capi)-1); +- } +- +- i = sscanf(capi, "%" CLENS "[^(](%" CLENS "[^)])", mode, cipher); +- if (i == 2) +- i = snprintf(dmcrypt_tmp, sizeof(dmcrypt_tmp), "%s-%s-%s", cipher, mode, iv); +- else +- i = snprintf(dmcrypt_tmp, sizeof(dmcrypt_tmp), "%s-%s", capi, iv); +- if (i < 0 || (size_t)i >= sizeof(dmcrypt_tmp)) { +- free(*org_i); +- *org_i = NULL; +- return -EINVAL; +- } +- +- if (!(*org_c = strdup(dmcrypt_tmp))) { +- free(*org_i); +- *org_i = NULL; +- return -ENOMEM; +- } +- +- return 0; +-} +- + static char *_uf(char *buf, size_t buf_size, const char *s, unsigned u) + { + size_t r = snprintf(buf, buf_size, " %s:%u", s, u); +@@ -2066,7 +1992,7 @@ static int _dm_target_query_crypt(struct crypt_device *cd, uint32_t get_flags, + + /* cipher */ + if (get_flags & DM_ACTIVE_CRYPT_CIPHER) { +- r = cipher_c2dm(CONST_CAST(char**)&cipher, ++ r = crypt_capi_to_cipher(CONST_CAST(char**)&cipher, + CONST_CAST(char**)&integrity, + rcipher, rintegrity); + if (r < 0) +diff --git a/lib/utils_crypt.c b/lib/utils_crypt.c +index 83d0a2c5..4f4dbba8 100644 +--- a/lib/utils_crypt.c ++++ b/lib/utils_crypt.c +@@ -31,6 +31,8 @@ + #include "libcryptsetup.h" + #include "utils_crypt.h" + ++#define MAX_CAPI_LEN_STR "143" /* for sscanf of crypto API string + 16 + \0 */ ++ + int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums, + char *cipher_mode) + { +@@ -266,3 +268,73 @@ bool crypt_is_cipher_null(const char *cipher_spec) + return false; + return (strstr(cipher_spec, "cipher_null") || !strcmp(cipher_spec, "null")); + } ++ ++int crypt_capi_to_cipher(char **org_c, char **org_i, const char *c_dm, const char *i_dm) ++{ ++ char cipher[MAX_CAPI_ONE_LEN], mode[MAX_CAPI_ONE_LEN], iv[MAX_CAPI_ONE_LEN], ++ auth[MAX_CAPI_ONE_LEN], tmp[MAX_CAPI_LEN], dmcrypt_tmp[MAX_CAPI_LEN*2], ++ capi[MAX_CAPI_LEN+1]; ++ size_t len; ++ int i; ++ ++ if (!c_dm) ++ return -EINVAL; ++ ++ /* legacy mode */ ++ if (strncmp(c_dm, "capi:", 4)) { ++ if (!(*org_c = strdup(c_dm))) ++ return -ENOMEM; ++ *org_i = NULL; ++ return 0; ++ } ++ ++ /* modes with capi: prefix */ ++ i = sscanf(c_dm, "capi:%" MAX_CAPI_LEN_STR "[^-]-%" MAX_CAPI_ONE_LEN_STR "s", tmp, iv); ++ if (i != 2) ++ return -EINVAL; ++ ++ len = strlen(tmp); ++ if (len < 2) ++ return -EINVAL; ++ ++ if (tmp[len-1] == ')') ++ tmp[len-1] = '\0'; ++ ++ if (sscanf(tmp, "rfc4309(%" MAX_CAPI_LEN_STR "s", capi) == 1) { ++ if (!(*org_i = strdup("aead"))) ++ return -ENOMEM; ++ } else if (sscanf(tmp, "rfc7539(%" MAX_CAPI_LEN_STR "[^,],%" MAX_CAPI_ONE_LEN_STR "s", capi, auth) == 2) { ++ if (!(*org_i = strdup(auth))) ++ return -ENOMEM; ++ } else if (sscanf(tmp, "authenc(%" MAX_CAPI_ONE_LEN_STR "[^,],%" MAX_CAPI_LEN_STR "s", auth, capi) == 2) { ++ if (!(*org_i = strdup(auth))) ++ return -ENOMEM; ++ } else { ++ if (i_dm) { ++ if (!(*org_i = strdup(i_dm))) ++ return -ENOMEM; ++ } else ++ *org_i = NULL; ++ memset(capi, 0, sizeof(capi)); ++ strncpy(capi, tmp, sizeof(capi)-1); ++ } ++ ++ i = sscanf(capi, "%" MAX_CAPI_ONE_LEN_STR "[^(](%" MAX_CAPI_ONE_LEN_STR "[^)])", mode, cipher); ++ if (i == 2) ++ i = snprintf(dmcrypt_tmp, sizeof(dmcrypt_tmp), "%s-%s-%s", cipher, mode, iv); ++ else ++ i = snprintf(dmcrypt_tmp, sizeof(dmcrypt_tmp), "%s-%s", capi, iv); ++ if (i < 0 || (size_t)i >= sizeof(dmcrypt_tmp)) { ++ free(*org_i); ++ *org_i = NULL; ++ return -EINVAL; ++ } ++ ++ if (!(*org_c = strdup(dmcrypt_tmp))) { ++ free(*org_i); ++ *org_i = NULL; ++ return -ENOMEM; ++ } ++ ++ return 0; ++} +diff --git a/lib/utils_crypt.h b/lib/utils_crypt.h +index 5922350a..a4a9b6ca 100644 +--- a/lib/utils_crypt.h ++++ b/lib/utils_crypt.h +@@ -27,9 +27,12 @@ + #include + #include + +-#define MAX_CIPHER_LEN 32 +-#define MAX_CIPHER_LEN_STR "31" +-#define MAX_KEYFILES 32 ++#define MAX_CIPHER_LEN 32 ++#define MAX_CIPHER_LEN_STR "31" ++#define MAX_KEYFILES 32 ++#define MAX_CAPI_ONE_LEN 2 * MAX_CIPHER_LEN ++#define MAX_CAPI_ONE_LEN_STR "63" /* for sscanf length + '\0' */ ++#define MAX_CAPI_LEN 144 /* should be enough to fit whole capi string */ + + int crypt_parse_name_and_mode(const char *s, char *cipher, + int *key_nums, char *cipher_mode); +@@ -46,4 +49,6 @@ void crypt_log_hex(struct crypt_device *cd, + + bool crypt_is_cipher_null(const char *cipher_spec); + ++int crypt_capi_to_cipher(char **org_c, char **org_i, const char *c_dm, const char *i_dm); ++ + #endif /* _UTILS_CRYPT_H */ +-- +2.38.1 + diff --git a/SPECS/cryptsetup.spec b/SPECS/cryptsetup.spec index eb9fd98..48b5db4 100644 --- a/SPECS/cryptsetup.spec +++ b/SPECS/cryptsetup.spec @@ -5,7 +5,7 @@ Obsoletes: cryptsetup-python3 Summary: A utility for setting up encrypted disks Name: cryptsetup Version: 2.3.7 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ and LGPLv2+ Group: Applications/System URL: https://gitlab.com/cryptsetup/cryptsetup @@ -28,6 +28,11 @@ Patch3: %{name}-2.4.2-Fix-bogus-memory-allocation-if-LUKS2-header-size-is-.patc Patch4: %{name}-2.5.0-Fix-typo-in-repair-prompt.patch Patch5: %{name}-2.5.0-Fix-test-passphrase-when-device-in-reencryption.patch Patch6: %{name}-2.5.0-Add-more-tests-for-test-passphrase-parameter.patch +Patch7: %{name}-2.6.0-Fix-cipher-convert-routines-naming-confusion.patch +Patch8: %{name}-2.6.0-Move-cipher_dm2c-to-crypto-utilities.patch +Patch9: %{name}-2.6.0-Code-cleanup.patch +Patch10: %{name}-2.6.0-Copy-also-integrity-string-in-legacy-mode.patch +Patch11: %{name}-2.6.0-Fix-internal-crypt-segment-compare-routine.patch %description The cryptsetup package contains a utility for setting up @@ -89,6 +94,11 @@ can be used for offline reencryption of disk in situ. %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 %patch0 -p1 chmod -x misc/dracut_90reencrypt/* @@ -148,6 +158,10 @@ rm -rf %{buildroot}/%{_libdir}/*.la %clean %changelog +* Fri Nov 4 2022 Daniel Zatovic - 2.3.7-3 +- patch: Fix internal crypt segment compare routine +- Resolves: #2110810 + * Thu Feb 24 2022 Ondrej Kozina - 2.3.7-2 - patch: Fix cryptsetup --test-passphrase when device in reencryption