Date: Monday, February 29, 2016 @ 16:17:58 Author: bpiotrowski Revision: 260400
upgpkg: cryptsetup 1.7.1-1 new upstream release Modified: cryptsetup/trunk/PKGBUILD Deleted: cryptsetup/trunk/0001-Set-skcipher-key-before-accept-call-in-kernel-crypto.patch cryptsetup/trunk/0002-Fix-kernel-crypto-backend-to-set-key-before-accept-c.patch -----------------------------------------------------------------+ 0001-Set-skcipher-key-before-accept-call-in-kernel-crypto.patch | 191 ---------- 0002-Fix-kernel-crypto-backend-to-set-key-before-accept-c.patch | 76 --- PKGBUILD | 23 - 3 files changed, 6 insertions(+), 284 deletions(-) Deleted: 0001-Set-skcipher-key-before-accept-call-in-kernel-crypto.patch =================================================================== --- 0001-Set-skcipher-key-before-accept-call-in-kernel-crypto.patch 2016-02-29 15:11:44 UTC (rev 260399) +++ 0001-Set-skcipher-key-before-accept-call-in-kernel-crypto.patch 2016-02-29 15:17:58 UTC (rev 260400) @@ -1,191 +0,0 @@ -From 93ed401b7c1d298de0a3fe38ae45d96529a8511c Mon Sep 17 00:00:00 2001 -From: Milan Broz <[email protected]> -Date: Sat, 2 Jan 2016 20:02:28 +0100 -Subject: [PATCH] Set skcipher key before accept() call in kernel crypto - backend. - -Also relax input errno checking to catch all errors. ---- - lib/crypto_backend/crypto_cipher_kernel.c | 56 ++++++++++++------------------- - lib/crypto_backend/crypto_kernel.c | 35 ++++++++++++++----- - 2 files changed, 48 insertions(+), 43 deletions(-) - -diff --git a/lib/crypto_backend/crypto_cipher_kernel.c b/lib/crypto_backend/crypto_cipher_kernel.c -index f7d2bcf..46e1f97 100644 ---- a/lib/crypto_backend/crypto_cipher_kernel.c -+++ b/lib/crypto_backend/crypto_cipher_kernel.c -@@ -2,7 +2,7 @@ - * Linux kernel userspace API crypto backend implementation (skcipher) - * - * Copyright (C) 2012, Red Hat, Inc. All rights reserved. -- * Copyright (C) 2012-2014, Milan Broz -+ * Copyright (C) 2012-2016, Milan Broz - * - * This file is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public -@@ -88,33 +88,8 @@ int crypt_cipher_blocksize(const char *name) - return ca ? ca->blocksize : -EINVAL; - } - --/* Shared with hash kernel backend */ --int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd); -- --int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd) --{ -- *tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0); -- if (*tfmfd == -1) -- return -ENOTSUP; -- -- if (bind(*tfmfd, (struct sockaddr *)sa, sizeof(*sa)) == -1) { -- close(*tfmfd); -- *tfmfd = -1; -- return -ENOENT; -- } -- -- *opfd = accept(*tfmfd, NULL, 0); -- if (*opfd == -1) { -- close(*tfmfd); -- *tfmfd = -1; -- return -EINVAL; -- } -- -- return 0; --} -- - /* -- *ciphers -+ * ciphers - * - * ENOENT - algorithm not available - * ENOTSUP - AF_ALG family not available -@@ -128,7 +103,6 @@ int crypt_cipher_init(struct crypt_cipher **ctx, const char *name, - .salg_family = AF_ALG, - .salg_type = "skcipher", - }; -- int r; - - h = malloc(sizeof(*h)); - if (!h) -@@ -137,14 +111,26 @@ int crypt_cipher_init(struct crypt_cipher **ctx, const char *name, - snprintf((char *)sa.salg_name, sizeof(sa.salg_name), - "%s(%s)", mode, name); - -- r = crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd); -- if (r < 0) { -- free(h); -- return r; -+ h->opfd = -1; -+ h->tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0); -+ if (h->tfmfd < 0) { -+ crypt_cipher_destroy(h); -+ return -ENOTSUP; -+ } -+ -+ if (bind(h->tfmfd, (struct sockaddr *)&sa, sizeof(sa)) < 0) { -+ crypt_cipher_destroy(h); -+ return -ENOENT; - } - - if (length && strcmp(name, "cipher_null") && -- setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) == -1) { -+ setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) < 0) { -+ crypt_cipher_destroy(h); -+ return -EINVAL; -+ } -+ -+ h->opfd = accept(h->tfmfd, NULL, 0); -+ if (h->opfd < 0) { - crypt_cipher_destroy(h); - return -EINVAL; - } -@@ -239,9 +225,9 @@ int crypt_cipher_decrypt(struct crypt_cipher *ctx, - - int crypt_cipher_destroy(struct crypt_cipher *ctx) - { -- if (ctx->tfmfd != -1) -+ if (ctx->tfmfd >= 0) - close(ctx->tfmfd); -- if (ctx->opfd != -1) -+ if (ctx->opfd >= 0) - close(ctx->opfd); - memset(ctx, 0, sizeof(*ctx)); - free(ctx); -diff --git a/lib/crypto_backend/crypto_kernel.c b/lib/crypto_backend/crypto_kernel.c -index 45cff31..4fbc578 100644 ---- a/lib/crypto_backend/crypto_kernel.c -+++ b/lib/crypto_backend/crypto_kernel.c -@@ -2,7 +2,7 @@ - * Linux kernel userspace API crypto backend implementation - * - * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved. -- * Copyright (C) 2010-2014, Milan Broz -+ * Copyright (C) 2010-2016, Milan Broz - * - * This file is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public -@@ -68,8 +68,27 @@ struct crypt_hmac { - int hash_len; - }; - --/* Defined in crypt_kernel_ciphers.c */ --extern int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd); -+static int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd) -+{ -+ *tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0); -+ if (*tfmfd < 0) -+ return -ENOTSUP; -+ -+ if (bind(*tfmfd, (struct sockaddr *)sa, sizeof(*sa)) < 0) { -+ close(*tfmfd); -+ *tfmfd = -1; -+ return -ENOENT; -+ } -+ -+ *opfd = accept(*tfmfd, NULL, 0); -+ if (*opfd < 0) { -+ close(*tfmfd); -+ *tfmfd = -1; -+ return -EINVAL; -+ } -+ -+ return 0; -+} - - int crypt_backend_init(struct crypt_device *ctx) - { -@@ -188,9 +207,9 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length) - - int crypt_hash_destroy(struct crypt_hash *ctx) - { -- if (ctx->tfmfd != -1) -+ if (ctx->tfmfd >= 0) - close(ctx->tfmfd); -- if (ctx->opfd != -1) -+ if (ctx->opfd >= 0) - close(ctx->opfd); - memset(ctx, 0, sizeof(*ctx)); - free(ctx); -@@ -232,7 +251,7 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name, - return -EINVAL; - } - -- if (setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) == -1) { -+ if (setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) < 0) { - crypt_hmac_destroy(h); - return -EINVAL; - } -@@ -268,9 +287,9 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length) - - int crypt_hmac_destroy(struct crypt_hmac *ctx) - { -- if (ctx->tfmfd != -1) -+ if (ctx->tfmfd >= 0) - close(ctx->tfmfd); -- if (ctx->opfd != -1) -+ if (ctx->opfd >= 0) - close(ctx->opfd); - memset(ctx, 0, sizeof(*ctx)); - free(ctx); --- -2.7.1 - Deleted: 0002-Fix-kernel-crypto-backend-to-set-key-before-accept-c.patch =================================================================== --- 0002-Fix-kernel-crypto-backend-to-set-key-before-accept-c.patch 2016-02-29 15:11:44 UTC (rev 260399) +++ 0002-Fix-kernel-crypto-backend-to-set-key-before-accept-c.patch 2016-02-29 15:17:58 UTC (rev 260400) @@ -1,76 +0,0 @@ -From 4dc88e8ffb6442ebba7ad8d14fa55691734371e0 Mon Sep 17 00:00:00 2001 -From: Milan Broz <[email protected]> -Date: Mon, 4 Jan 2016 14:19:50 +0100 -Subject: [PATCH] Fix kernel crypto backend to set key before accept call even - for HMAC. - ---- - lib/crypto_backend/crypto_kernel.c | 20 +++++++++++--------- - 1 file changed, 11 insertions(+), 9 deletions(-) - -diff --git a/lib/crypto_backend/crypto_kernel.c b/lib/crypto_backend/crypto_kernel.c -index 4fbc578..4d9d075 100644 ---- a/lib/crypto_backend/crypto_kernel.c -+++ b/lib/crypto_backend/crypto_kernel.c -@@ -68,7 +68,8 @@ struct crypt_hmac { - int hash_len; - }; - --static int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd) -+static int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd, -+ const void *key, size_t key_length) - { - *tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0); - if (*tfmfd < 0) -@@ -80,6 +81,12 @@ static int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *op - return -ENOENT; - } - -+ if (key && setsockopt(*tfmfd, SOL_ALG, ALG_SET_KEY, key, key_length) < 0) { -+ close(*tfmfd); -+ *tfmfd = -1; -+ return -EINVAL; -+ } -+ - *opfd = accept(*tfmfd, NULL, 0); - if (*opfd < 0) { - close(*tfmfd); -@@ -106,7 +113,7 @@ int crypt_backend_init(struct crypt_device *ctx) - if (uname(&uts) == -1 || strcmp(uts.sysname, "Linux")) - return -EINVAL; - -- if (crypt_kernel_socket_init(&sa, &tfmfd, &opfd) < 0) -+ if (crypt_kernel_socket_init(&sa, &tfmfd, &opfd, NULL, 0) < 0) - return -EINVAL; - - close(tfmfd); -@@ -171,7 +178,7 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name) - - strncpy((char *)sa.salg_name, ha->kernel_name, sizeof(sa.salg_name)); - -- if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) { -+ if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd, NULL, 0) < 0) { - free(h); - return -EINVAL; - } -@@ -246,16 +253,11 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name, - snprintf((char *)sa.salg_name, sizeof(sa.salg_name), - "hmac(%s)", ha->kernel_name); - -- if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) { -+ if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd, buffer, length) < 0) { - free(h); - return -EINVAL; - } - -- if (setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) < 0) { -- crypt_hmac_destroy(h); -- return -EINVAL; -- } -- - *ctx = h; - return 0; - } --- -2.7.1 - Modified: PKGBUILD =================================================================== --- PKGBUILD 2016-02-29 15:11:44 UTC (rev 260399) +++ PKGBUILD 2016-02-29 15:17:58 UTC (rev 260400) @@ -1,12 +1,12 @@ # $Id$ # Maintainer: Thomas Bächler <[email protected]> pkgname=cryptsetup -pkgver=1.7.0 -pkgrel=2 +pkgver=1.7.1 +pkgrel=1 pkgdesc="Userspace setup tool for transparent encryption of block devices using dm-crypt" arch=(i686 x86_64) license=('GPL') -url="http://code.google.com/p/cryptsetup/"; +url="https://gitlab.com/cryptsetup/cryptsetup/"; groups=('base') depends=('device-mapper' 'libgcrypt' 'popt' 'libutil-linux') makedepends=('util-linux') @@ -15,25 +15,14 @@ https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/${pkgname}-${pkgver}.tar.sign encrypt_hook encrypt_install - sd-encrypt - 0001-Set-skcipher-key-before-accept-call-in-kernel-crypto.patch - 0002-Fix-kernel-crypto-backend-to-set-key-before-accept-c.patch) + sd-encrypt) validpgpkeys=('2A2918243FDE46648D0686F9D9B0577BD93E98FC') # Milan Broz <[email protected]> -sha256sums=('075524a7cc0db36d12119fa79116750accb1c6c8825d5faa2534b74b8ce3d148' +sha256sums=('73dc8a63cc984b56aa6a3c99f355262471bcfe78b3240b8b9d0caa8002911fec' 'SKIP' '4406f8dc83f4f1b408e49d557515f721d91b358355c71fbe51f74ab27e5c84ff' 'cfe465bdad3d958bb2332a05e04f2e1e884422a5714dfd1a0a3b9b74bf7dc6ae' - 'd442304e6a78b3513ebc53be3fe2f1276a7df470c8da701b3ece971d59979bdd' - 'c4fb5946ba1b48b5a2fdafa2c32748f205d83d4cc824ebdae2d2f30abfc31b07' - 'f4074ddf3f494f7da09be6a4ab9d42d84cf2a7818a959c526849e1bb40dab54d') + 'd442304e6a78b3513ebc53be3fe2f1276a7df470c8da701b3ece971d59979bdd') -prepare() { - cd "${srcdir}"/$pkgname-${pkgver} - - patch -p1 -i "${srcdir}"/0001-Set-skcipher-key-before-accept-call-in-kernel-crypto.patch - patch -p1 -i "${srcdir}"/0002-Fix-kernel-crypto-backend-to-set-key-before-accept-c.patch -} - build() { cd "${srcdir}"/$pkgname-${pkgver} ./configure --prefix=/usr --sbindir=/usr/bin --disable-static --enable-cryptsetup-reencrypt
