Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2021-09-02 23:20:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cryptsetup" Thu Sep 2 23:20:08 2021 rev:115 rq:915495 version:2.4.0 Changes: -------- --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes 2021-07-04 22:10:05.977527583 +0200 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new.1899/cryptsetup.changes 2021-09-02 23:20:17.896552245 +0200 @@ -1,0 +2,41 @@ +Wed Aug 25 13:46:12 UTC 2021 - Ludwig Nussel <[email protected]> + +- As YaST passes necessary parameters to cryptsetup anyway, we do + not necessarily need to take grub into consideration. So back to + Argon2 to see how it goes. + +------------------------------------------------------------------- +Tue Aug 3 13:42:20 UTC 2021 - Ludwig Nussel <[email protected]> + +- need to use PBKDF2 by default for LUKS2 as grub can't decrypt when + using Argon. + +------------------------------------------------------------------- +Mon Aug 2 14:43:51 UTC 2021 - Ludwig Nussel <[email protected]> + +- crypsetup 2.4.0 (jsc#SLE-20275) + * External LUKS token plugins + * Experimental SSH token + * Default LUKS2 PBKDF is now Argon2id + * Increase minimal memory cost for Argon2 benchmark to 64MiB. + * Autodetect optimal encryption sector size on LUKS2 format. + * Use VeraCrypt option by default and add --disable-veracrypt option. + * Support --hash and --cipher to limit opening time for TCRYPT type + * Fixed default OpenSSL crypt backend support for OpenSSL3. + * integritysetup: add integrity-recalculate-reset flag. + * cryptsetup: retains keyslot number in luksChangeKey for LUKS2. + * Fix cryptsetup resize using LUKS2 tokens. + * Add close --deferred and --cancel-deferred options. + * Rewritten command-line option parsing to avoid libpopt arguments + memory leaks. + * Add --test-args option. + +------------------------------------------------------------------- +Mon Aug 2 12:39:40 UTC 2021 - Fabian Vogt <[email protected]> + +- Use LUKS2 as default format on Tumbleweed. + It provides some additional features which other tools + (e.g. systemd-cryptenroll) rely on. GRUB 2.06 supports unlocking + LUKS2 volumes meanwhile. + +------------------------------------------------------------------- Old: ---- cryptsetup-2.3.6.tar.sign cryptsetup-2.3.6.tar.xz New: ---- cryptsetup-2.4.0.tar.sign cryptsetup-2.4.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cryptsetup.spec ++++++ --- /var/tmp/diff_new_pack.Oe1qpr/_old 2021-09-02 23:20:18.488552983 +0200 +++ /var/tmp/diff_new_pack.Oe1qpr/_new 2021-09-02 23:20:18.496552993 +0200 @@ -16,21 +16,22 @@ # +%define tar_version 2.4.0 %define so_ver 12 %if 0%{?is_backports} Name: cryptsetup2 %else Name: cryptsetup %endif -Version: 2.3.6 +Version: 2.4.0 Release: 0 Summary: Setup program for dm-crypt Based Encrypted Block Devices -License: SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later +License: LGPL-2.0-or-later AND SUSE-GPL-2.0-with-openssl-exception Group: System/Base URL: https://gitlab.com/cryptsetup/cryptsetup/ -Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-%{version}.tar.xz +Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{tar_version}.tar.xz # GPG signature of the uncompressed tarball. -Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-%{version}.tar.sign +Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{tar_version}.tar.sign Source2: baselibs.conf Source3: cryptsetup.keyring Source4: %{name}-rpmlintrc @@ -48,6 +49,7 @@ BuildRequires: suse-module-tools BuildRequires: pkgconfig(blkid) BuildRequires: pkgconfig(libargon2) +BuildRequires: pkgconfig(libssh) BuildRequires: pkgconfig(openssl) Requires(post): coreutils Requires(postun): coreutils @@ -56,6 +58,10 @@ BuildRequires: automake BuildRequires: libtool %endif +%if %{?suse_version} >= 1550 +# LUKS2 used as default format, which GRUB < 2.06 can't read +Conflicts: grub2 < 2.06 +%endif %lang_package(cryptsetup) @@ -66,6 +72,15 @@ includes support for automatically setting up encrypted volumes at boot time via the config file %{_sysconfdir}/crypttab. + +%package ssh +Summary: Cryptsetup LUKS2 SSH token +Group: System/Base + +%description ssh +Experimental cryptsetup plugin for unlocking LUKS2 devices with +token connected to an SSH server. + %package -n libcryptsetup%{so_ver} Summary: Library for setting up dm-crypt Based Encrypted Block Devices Group: System/Libraries @@ -108,7 +123,7 @@ time via the config file %{_sysconfdir}/crypttab. %prep -%setup -n cryptsetup-%{version} -q +%autosetup -n cryptsetup-%{tar_version} %if 0%{?is_backports} sed -i -e '/AC_INIT/s/cryptsetup/cryptsetup2/' configure.ac autoreconf -f -i @@ -122,7 +137,9 @@ --enable-pwquality \ --enable-gcrypt-pbkdf2 \ --enable-libargon2 \ +%if %{?suse_version} < 1550 --with-default-luks-format=LUKS1 \ +%endif --with-luks2-lock-path=/run/cryptsetup \ --with-tmpfilesdir='%{_tmpfilesdir}' %make_build @@ -173,7 +190,7 @@ %files %license COPYING* -%doc AUTHORS FAQ README TODO docs/ChangeLog.old docs/*ReleaseNotes +%doc AUTHORS FAQ README.md docs/*ReleaseNotes %if !0%{?usrmerged} /sbin/cryptsetup%{?is_backports:2} %endif @@ -204,4 +221,11 @@ %{_libdir}/libcryptsetup.so %{_libdir}/pkgconfig/* +%files ssh +%license COPYING COPYING.LGPL +%dir %{_libdir}/%{name} +%{_libdir}/%{name}/libcryptsetup-token-ssh.so +%{_mandir}/man8/cryptsetup-ssh.8.gz +%{_sbindir}/cryptsetup-ssh + %changelog ++++++ cryptsetup-2.3.6.tar.xz -> cryptsetup-2.4.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup-2.3.6.tar.xz /work/SRC/openSUSE:Factory/.cryptsetup.new.1899/cryptsetup-2.4.0.tar.xz differ: char 26, line 1
