Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package cryptsetup for openSUSE:Factory
checked in at 2024-01-30 18:24:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old)
and /work/SRC/openSUSE:Factory/.cryptsetup.new.1815 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cryptsetup"
Tue Jan 30 18:24:12 2024 rev:125 rq:1142597 version:2.7.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes 2023-07-15
23:14:28.871276312 +0200
+++ /work/SRC/openSUSE:Factory/.cryptsetup.new.1815/cryptsetup.changes
2024-01-30 18:24:17.351504997 +0100
@@ -1,0 +2,66 @@
+Mon Jan 29 16:40:40 UTC 2024 - Pedro Monreal <pmonr...@suse.com>
+
+- Update to 2.7.0:
+ * Full changelog in:
+ mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes
+ * Introduce support for hardware OPAL disk encryption.
+ * plain mode: Set default cipher to aes-xts-plain64 and password hashing
+ to sha256.
+ * Allow activation (open), luksResume, and luksAddKey to use the volume
+ key stored in a keyring.
+ * Allow to store volume key to a user-specified keyring in open and
+ luksResume commands.
+ * Do not flush IO operations if resize grows the device.
+ This can help performance in specific cases where the encrypted device
+ is extended automatically while running many IO operations.
+ * Use only half of detected free memory for Argon2 PBKDF on systems
+ without swap (for LUKS2 new keyslot or format operations).
+ * Add the possibility to specify a directory for external LUKS2 token
+ handlers (plugins).
+ * Do not allow reencryption/decryption on LUKS2 devices with
+ authenticated encryption or hardware (OPAL) encryption.
+ * Do not fail LUKS format if the operation was interrupted on subsequent
+ device wipe.
+ * Fix the LUKS2 keyslot option to be used while activating the device
+ by a token.
+ * Properly report if the dm-verity device cannot be activated due to
+ the inability to verify the signed root hash (ENOKEY).
+ * Fix to check passphrase for selected keyslot only when adding
+ new keyslot.
+ * Fix to not wipe the keyslot area before in-place overwrite.
+ * bitlk: Fix segfaults when attempting to verify the volume key.
+ * Add --disable-blkid command line option to avoid blkid device check.
+ * Add support for the meson build system.
+ * Fix wipe operation that overwrites the whole device if used for LUKS2
+ header with no keyslot area.
+ * Fix luksErase to work with detached LUKS header.
+ * Disallow the use of internal kernel crypto driver names in "capi"
+ specification.
+ * Fix reencryption to fail early for unknown cipher.
+ * tcrypt: Support new Blake2 hash for VeraCrypt.
+ * tcrypt: use hash values as substring for limiting KDF check.
+ * Add Aria cipher support and block size info.
+ * Do not decrease PBKDF parameters if the user forces them.
+ * Support OpenSSL 3.2 Argon2 implementation.
+ * Add support for Argon2 from libgcrypt
+ (requires yet unreleased gcrypt 1.11).
+ * Used Argon2 PBKDF implementation is now reported in debug mode
+ in the cryptographic backend version. For native support in
+ OpenSSL 3.2 or libgcrypt 1.11, "argon2" is displayed.
+ If libargon2 is used, "cryptsetup libargon2" (for embedded
+ library) or "external libargon2" is displayed.
+ * Link only libcrypto from OpenSSL.
+ * Disable reencryption for Direct-Access (DAX) devices.
+ * Print a warning message if the device is not aligned to sector size.
+ * Fix sector size and integrity fields display for non-LUKS2 crypt
+ devices for the status command.
+ * Fix suspend for LUKS2 with authenticated encryption (also suspend
+ dm-integrity device underneath).
+ * Update keyring and locking documentation and LUKS2 specification
+ for OPAL2 support.
+ * Remove patches fixed upstream:
+ - cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
+ - cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
+ - cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
+
+-------------------------------------------------------------------
Old:
----
cryptsetup-2.6.1.tar.sign
cryptsetup-2.6.1.tar.xz
cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
New:
----
cryptsetup-2.7.0.tar.sign
cryptsetup-2.7.0.tar.xz
BETA DEBUG BEGIN:
Old: * Remove patches fixed upstream:
- cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
- cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
Old: -
cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
- cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
- cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
Old: -
cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
- cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cryptsetup.spec ++++++
--- /var/tmp/diff_new_pack.93JNxq/_old 2024-01-30 18:24:17.999528376 +0100
+++ /var/tmp/diff_new_pack.93JNxq/_new 2024-01-30 18:24:17.999528376 +0100
@@ -1,7 +1,7 @@
#
# spec file for package cryptsetup
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,21 +18,17 @@
%define so_ver 12
Name: cryptsetup
-Version: 2.6.1
+Version: 2.7.0
Release: 0
Summary: Setup program for dm-crypt Based Encrypted Block Devices
License: LGPL-2.0-or-later AND SUSE-GPL-2.0-with-openssl-exception
Group: System/Base
URL: https://gitlab.com/cryptsetup/cryptsetup/
-Source0:
https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-%{version}.tar.xz
+Source0:
https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-%{version}.tar.xz
# GPG signature of the uncompressed tarball.
-Source1:
https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-%{version}.tar.sign
+Source1:
https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-%{version}.tar.sign
Source2: baselibs.conf
Source3: cryptsetup.keyring
-#PATCH-FIX-UPSTREAM bsc#1211079 luksFormat: handle system with low memory and
no swap space
-Patch0:
cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
-Patch1:
cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
-Patch2:
cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
BuildRequires: device-mapper-devel
BuildRequires: libjson-c-devel
BuildRequires: libpwquality-devel
++++++ cryptsetup-2.6.1.tar.xz -> cryptsetup-2.7.0.tar.xz ++++++
/work/SRC/openSUSE:Factory/cryptsetup/cryptsetup-2.6.1.tar.xz
/work/SRC/openSUSE:Factory/.cryptsetup.new.1815/cryptsetup-2.7.0.tar.xz differ:
char 15, line 1
