diff --git a/SOURCES/cryptsetup-1.7.6-crypt_deactivate-fail-earlier-when-holders-detected.patch b/SOURCES/cryptsetup-1.7.6-crypt_deactivate-fail-earlier-when-holders-detected.patch
new file mode 100644
index 0000000..df91689
--- /dev/null
+++ b/SOURCES/cryptsetup-1.7.6-crypt_deactivate-fail-earlier-when-holders-detected.patch
@@ -0,0 +1,150 @@
+From 2e4aaa1adad2d0838593b13efbf5efe79f58255c Mon Sep 17 00:00:00 2001
+From: Ondrej Kozina <okozina@redhat.com>
+Date: Mon, 16 Oct 2017 16:41:43 +0200
+Subject: [PATCH] crypt_deactivate: fail earlier when holders detected
+
+crypt_deactivate fails earlier without noisy dm retries
+when other device holders detected. The early detection
+works if:
+
+a) other device-mapper device has a hold reference on the
+ device
+
+- or -
+
+b) mounted fs is detected on the device
+
+diff -rupN cryptsetup-1.7.4.old/config.h.in cryptsetup-1.7.4/config.h.in
+--- cryptsetup-1.7.4.old/config.h.in 2017-03-15 10:43:26.000000000 +0100
++++ cryptsetup-1.7.4/config.h.in 2017-10-19 09:37:17.000000000 +0200
+@@ -97,6 +97,14 @@
+ */
+ #undef HAVE_DCGETTEXT
+
++/* Define to 1 if you have the declaration of `dm_device_has_holders', and to
++ 0 if you don't. */
++#undef HAVE_DECL_DM_DEVICE_HAS_HOLDERS
++
++/* Define to 1 if you have the declaration of `dm_device_has_mounted_fs', and
++ to 0 if you don't. */
++#undef HAVE_DECL_DM_DEVICE_HAS_MOUNTED_FS
++
+ /* Define to 1 if you have the declaration of `dm_task_retry_remove', and to 0
+ if you don't. */
+ #undef HAVE_DECL_DM_TASK_RETRY_REMOVE
+diff -rupN cryptsetup-1.7.4.old/configure cryptsetup-1.7.4/configure
+--- cryptsetup-1.7.4.old/configure 2017-03-15 10:43:13.000000000 +0100
++++ cryptsetup-1.7.4/configure 2017-10-19 09:37:18.590530138 +0200
+@@ -16735,6 +16735,30 @@ cat >>confdefs.h <<_ACEOF
+ #define HAVE_DECL_DM_TASK_RETRY_REMOVE $ac_have_decl
+ _ACEOF
+
++ac_fn_c_check_decl "$LINENO" "dm_device_has_mounted_fs" "ac_cv_have_decl_dm_device_has_mounted_fs" "#include <libdevmapper.h>
++"
++if test "x$ac_cv_have_decl_dm_device_has_mounted_fs" = xyes; then :
++ ac_have_decl=1
++else
++ ac_have_decl=0
++fi
++
++cat >>confdefs.h <<_ACEOF
++#define HAVE_DECL_DM_DEVICE_HAS_MOUNTED_FS $ac_have_decl
++_ACEOF
++
++ac_fn_c_check_decl "$LINENO" "dm_device_has_holders" "ac_cv_have_decl_dm_device_has_holders" "#include <libdevmapper.h>
++"
++if test "x$ac_cv_have_decl_dm_device_has_holders" = xyes; then :
++ ac_have_decl=1
++else
++ ac_have_decl=0
++fi
++
++cat >>confdefs.h <<_ACEOF
++#define HAVE_DECL_DM_DEVICE_HAS_HOLDERS $ac_have_decl
++_ACEOF
++
+ ac_fn_c_check_decl "$LINENO" "DM_UDEV_DISABLE_DISK_RULES_FLAG" "ac_cv_have_decl_DM_UDEV_DISABLE_DISK_RULES_FLAG" "#include <libdevmapper.h>
+ "
+ if test "x$ac_cv_have_decl_DM_UDEV_DISABLE_DISK_RULES_FLAG" = xyes; then :
+diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c
+index a0d6872..d6017b1 100644
+--- a/lib/libdevmapper.c
++++ b/lib/libdevmapper.c
+@@ -1181,6 +1181,13 @@ int dm_query_device(struct crypt_device *cd, const char *name,
+ dmd->uuid = strdup(tmp_uuid + DM_UUID_PREFIX_LEN);
+ }
+
++ dmd->holders = 0;
++#if (HAVE_DECL_DM_DEVICE_HAS_HOLDERS && HAVE_DECL_DM_DEVICE_HAS_MOUNTED_FS)
++ if (get_flags & DM_ACTIVE_HOLDERS)
++ dmd->holders = (dm_device_has_mounted_fs(dmi.major, dmi.minor) ||
++ dm_device_has_holders(dmi.major, dmi.minor));
++#endif
++
+ r = (dmi.open_count > 0);
+ out:
+ if (dmt)
+diff --git a/lib/setup.c b/lib/setup.c
+index b2e4396..93e8079 100644
+--- a/lib/setup.c
++++ b/lib/setup.c
+@@ -2249,6 +2249,7 @@ int crypt_activate_by_volume_key(struct crypt_device *cd,
+ int crypt_deactivate(struct crypt_device *cd, const char *name)
+ {
+ struct crypt_device *fake_cd = NULL;
++ struct crypt_dm_active_device dmd = {};
+ int r;
+
+ if (!name)
+@@ -2266,6 +2267,13 @@ int crypt_deactivate(struct crypt_device *cd, const char *name)
+ switch (crypt_status(cd, name)) {
+ case CRYPT_ACTIVE:
+ case CRYPT_BUSY:
++ r = dm_query_device(cd, name, DM_ACTIVE_HOLDERS, &dmd);
++ if (r >= 0 && dmd.holders) {
++ log_err(cd, _("Device %s is still in use.\n"), name);
++ r = -EBUSY;
++ break;
++ }
++
+ if (isTCRYPT(cd->type))
+ r = TCRYPT_deactivate(cd, name);
+ else
+diff --git a/lib/utils_dm.h b/lib/utils_dm.h
+index c87e9aa..cf22e12 100644
+--- a/lib/utils_dm.h
++++ b/lib/utils_dm.h
+@@ -48,14 +48,16 @@ uint32_t dm_flags(void);
+
+ #define DM_ACTIVE_DEVICE (1 << 0)
+ #define DM_ACTIVE_UUID (1 << 1)
++#define DM_ACTIVE_HOLDERS (1 << 2)
+
+-#define DM_ACTIVE_CRYPT_CIPHER (1 << 2)
+-#define DM_ACTIVE_CRYPT_KEYSIZE (1 << 3)
+-#define DM_ACTIVE_CRYPT_KEY (1 << 4)
++#define DM_ACTIVE_CRYPT_CIPHER (1 << 3)
++#define DM_ACTIVE_CRYPT_KEYSIZE (1 << 4)
++#define DM_ACTIVE_CRYPT_KEY (1 << 5)
++
++#define DM_ACTIVE_VERITY_ROOT_HASH (1 << 6)
++#define DM_ACTIVE_VERITY_HASH_DEVICE (1 << 7)
++#define DM_ACTIVE_VERITY_PARAMS (1 << 8)
+
+-#define DM_ACTIVE_VERITY_ROOT_HASH (1 << 5)
+-#define DM_ACTIVE_VERITY_HASH_DEVICE (1 << 6)
+-#define DM_ACTIVE_VERITY_PARAMS (1 << 7)
+
+ struct crypt_dm_active_device {
+ enum { DM_CRYPT = 0, DM_VERITY } target;
+@@ -63,6 +65,7 @@ struct crypt_dm_active_device {
+ uint32_t flags; /* activation flags */
+ const char *uuid;
+ struct device *data_device;
++ unsigned holders:1;
+ union {
+ struct {
+ const char *cipher;
+--
+1.8.3.1
+
diff --git a/SOURCES/cryptsetup-1.7.6-cryptsetup-reencrypt-progress-frequency-parameter.patch b/SOURCES/cryptsetup-1.7.6-cryptsetup-reencrypt-progress-frequency-parameter.patch
new file mode 100644
index 0000000..75ac6b3
--- /dev/null
+++ b/SOURCES/cryptsetup-1.7.6-cryptsetup-reencrypt-progress-frequency-parameter.patch
@@ -0,0 +1,78 @@
+diff -rupN cryptsetup-1.7.4.bcp/man/cryptsetup-reencrypt.8 cryptsetup-1.7.4/man/cryptsetup-reencrypt.8
+--- cryptsetup-1.7.4.bcp/man/cryptsetup-reencrypt.8 2017-10-18 11:39:01.697902733 +0200
++++ cryptsetup-1.7.4/man/cryptsetup-reencrypt.8 2017-10-18 13:31:15.944930492 +0200
+@@ -38,7 +38,7 @@ To start (or continue) re-encryption for
+ \-\-device-size, \-\-hash, \-\-iter-time, \-\-use-random | \-\-use-urandom,
+ \-\-keep-key, \-\-key-size, \-\-key-file, \-\-key-slot, \-\-keyfile-offset,
+ \-\-keyfile-size, \-\-tries, \-\-use-directio, \-\-use-fsync, \-\-verbose, \-\-write-log,
+-\-\-uuid]
++\-\-uuid, \-\-progress-frequency]
+
+ To encrypt data on (not yet encrypted) device, use \fI\-\-new\fR with combination
+ with \fI\-\-reduce-device-size\fR.
+@@ -190,6 +190,9 @@ of the interrupted decryption process.
+ .B "\-\-batch-mode, \-q"
+ Suppresses all warnings and reencryption progress output.
+ .TP
++.B "\-\-progress-frequency <seconds>"
++Print separate line every <seconds> with reencryption progress.
++.TP
+ .B "\-\-version"
+ Show the program version.
+ .SH RETURN CODES
+diff -rupN cryptsetup-1.7.4.bcp/src/cryptsetup_reencrypt.c cryptsetup-1.7.4/src/cryptsetup_reencrypt.c
+--- cryptsetup-1.7.4.bcp/src/cryptsetup_reencrypt.c 2017-10-18 11:39:01.697902733 +0200
++++ cryptsetup-1.7.4/src/cryptsetup_reencrypt.c 2017-10-18 15:10:24.219013071 +0200
+@@ -51,6 +51,7 @@ static int opt_key_size = 0;
+ static int opt_new = 0;
+ static int opt_keep_key = 0;
+ static int opt_decrypt = 0;
++static int opt_progress_frequency = 0;
+
+ static const char *opt_reduce_size_str = NULL;
+ static uint64_t opt_reduce_size = 0;
+@@ -665,10 +666,18 @@ static void print_progress(struct reenc_
+ {
+ unsigned long long mbytes, eta;
+ struct timeval now_time;
+- double tdiff, mib;
++ double tdiff, mib, frequency;
++ char *eol = "";
+
+ gettimeofday(&now_time, NULL);
+- if (!final && time_diff(rc->end_time, now_time) < 0.5)
++ if (opt_progress_frequency)
++ frequency = (double)opt_progress_frequency;
++ else
++ frequency = 0.5;
++ if (final || opt_progress_frequency)
++ eol = "\n";
++
++ if (!final && time_diff(rc->end_time, now_time) < frequency)
+ return;
+
+ rc->end_time = now_time;
+@@ -689,12 +698,12 @@ static void print_progress(struct reenc_
+ eta = (unsigned long long)(rc->device_size / 1024 / 1024 / mib - tdiff);
+
+ /* vt100 code clear line */
+- log_err("\33[2K\r");
++ if (!opt_progress_frequency)
++ log_err("\33[2K\r");
+ log_err(_("Progress: %5.1f%%, ETA %02llu:%02llu, "
+ "%4llu MiB written, speed %5.1f MiB/s%s"),
+ (double)bytes / rc->device_size * 100,
+- eta / 60, eta % 60, mbytes, mib,
+- final ? "\n" :"");
++ eta / 60, eta % 60, mbytes, mib, eol);
+ }
+
+ static ssize_t read_buf(int fd, void *buf, size_t count)
+@@ -1316,6 +1325,7 @@ int main(int argc, const char **argv)
+ { "key-file", 'd', POPT_ARG_STRING, &opt_key_file, 0, N_("Read the key from a file."), NULL },
+ { "iter-time", 'i', POPT_ARG_INT, &opt_iteration_time, 0, N_("PBKDF2 iteration time for LUKS (in ms)"), N_("msecs") },
+ { "batch-mode", 'q', POPT_ARG_NONE, &opt_batch_mode, 0, N_("Do not ask for confirmation"), NULL },
++ { "progress-frequency",'\0', POPT_ARG_INT, &opt_progress_frequency, 0, N_("Progress line update (in seconds)"), N_("secs") },
+ { "tries", 'T', POPT_ARG_INT, &opt_tries, 0, N_("How often the input of the passphrase can be retried"), NULL },
+ { "use-random", '\0', POPT_ARG_NONE, &opt_random, 0, N_("Use /dev/random for generating volume key."), NULL },
+ { "use-urandom", '\0', POPT_ARG_NONE, &opt_urandom, 0, N_("Use /dev/urandom for generating volume key."), NULL },
diff --git a/SOURCES/cryptsetup-1.7.6-dracut-reencrypt-add-progress-frequency.patch b/SOURCES/cryptsetup-1.7.6-dracut-reencrypt-add-progress-frequency.patch
new file mode 100644
index 0000000..39cf514
--- /dev/null
+++ b/SOURCES/cryptsetup-1.7.6-dracut-reencrypt-add-progress-frequency.patch
@@ -0,0 +1,25 @@
+From 4e275e6da4b61e1d5c978c9726d695476629cb94 Mon Sep 17 00:00:00 2001
+From: Ondrej Kozina <okozina@redhat.com>
+Date: Wed, 18 Oct 2017 09:57:03 +0200
+Subject: [PATCH] dracut-reencrypt: add --progress-frequency parameter
+
+---
+ misc/dracut_90reencrypt/reencrypt.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/misc/dracut_90reencrypt/reencrypt.sh b/misc/dracut_90reencrypt/reencrypt.sh
+index e6f87e0..b4960d7 100755
+--- a/misc/dracut_90reencrypt/reencrypt.sh
++++ b/misc/dracut_90reencrypt/reencrypt.sh
+@@ -18,7 +18,7 @@ else
+ device="$1"
+ fi
+
+-PARAMS="$device -T 1 --use-fsync -B 32"
++PARAMS="$device -T 1 --use-fsync --progress-frequency 5 -B 32"
+ if [ "$3" != "any" ]; then
+ PARAMS="$PARAMS -S $3"
+ fi
+--
+1.8.3.1
+
diff --git a/SPECS/cryptsetup.spec b/SPECS/cryptsetup.spec
index 6525c83..6dce8eb 100644
--- a/SPECS/cryptsetup.spec
+++ b/SPECS/cryptsetup.spec
@@ -5,7 +5,7 @@
Summary: A utility for setting up encrypted disks
Name: cryptsetup
Version: 1.7.4
-Release: 3%{?dist}.1
+Release: 4%{?dist}
License: GPLv2+ and LGPLv2+
Group: Applications/System
URL: https://gitlab.com/cryptsetup/cryptsetup
@@ -27,6 +27,9 @@ Patch0: %{name}-avoid-rh-kernel-bug.patch
Patch1: %{name}-1.7.5-fix-unaligned-access-to-hidden-truecrypt.patch
Patch2: %{name}-1.7.5-fix-luksformat-in-fips-mode.patch
Patch3: %{name}-1.7.6-fix-blockwise-access-functions-for-64k-page-size.patch
+Patch4: %{name}-1.7.6-crypt_deactivate-fail-earlier-when-holders-detected.patch
+Patch5: %{name}-1.7.6-cryptsetup-reencrypt-progress-frequency-parameter.patch
+Patch6: %{name}-1.7.6-dracut-reencrypt-add-progress-frequency.patch
%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
%define configure_cipher --enable-gcrypt-pbkdf2
@@ -116,6 +119,9 @@ for setting up disk encryption using dm-crypt kernel module.
%patch1 -p1
%patch2 -p1
%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
chmod -x python/pycryptsetup-test.py
%if %{python3_enable}
@@ -211,10 +217,14 @@ install -m755 misc/dracut_90reencrypt/reencrypt.sh %{buildroot}/%{dracutmodulesd
%clean
%changelog
-* Thu Nov 16 2017 Ondrej Kozina <okozina@redhat.com> - 1.7.4-3.el7_4.1
-- patch: fix regression in blockwise functions (archs with 64 KiB
- page_size)
-- Resolves: #1510841
+* Thu Oct 19 2017 Ondrej Kozina <okozina@redhat.com> - 1.7.4-4
+- patch: fix regression in blockwise functions
+- patch: avoid repeating error messages when device holders
+ detected.
+- patch: add option to cryptsetup-reencrypt to print progress
+ log sequentaly
+- patch: use --progress-frequency in reencryption dracut module
+- Resolves: #1480006 #1447632 #1479857
* Tue Apr 25 2017 Ondrej Kozina <okozina@redhat.com> - 1.7.4-3
- patch: fix luksFormat failure while running in FIPS mode.