Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Hi there, The cryptsetup package found in Buster, currently at version 2:2.1.0-2, contains regressions affecting unlocking using OpenSC (PKCS#15 compatible Smart Card): [#926573] The `decrypt_opensc` keyscript poisons standard output, causing `cryptsetup open --key-file -` to fail. (Since 2:2.0.3-7.) https://salsa.debian.org/cryptsetup-team/cryptsetup/merge_requests/8 [#928263] The initramfs hook fails to copy libpcsclite.so to the initramfs on non-usrmerge systems, causing the pcscd daemon to fail to start, hence failing unlocking at initramfs stage. (Since 2:2.0.3-2.) These regressions are RC for users relying on OpenSC integration, but the bugs have ‘Severity: important’ since src:cryptsetup is still usable to others. Debdiff between 2:2.1.0-2 and 2:2.1.0-3 attached. Thanks for considering its inclusion in Buster! Cheers, -- Guilhem.
diff -Nru cryptsetup-2.1.0/debian/changelog cryptsetup-2.1.0/debian/changelog --- cryptsetup-2.1.0/debian/changelog 2019-02-28 22:32:43.000000000 +0100 +++ cryptsetup-2.1.0/debian/changelog 2019-04-30 21:20:47.000000000 +0200 @@ -1,3 +1,12 @@ +cryptsetup (2:2.1.0-3) unstable; urgency=medium + + * d/scripts/decrypt_opensc: Fix standard output poisoning. Thanks to Nils + Mueller for the report and patch. (Closes: #926573.) + * d/initramfs/hooks/cryptopensc: Ensure that libpcsclite.so is copied to the + initramfs on non-usrmerge systems. (Closes: #928263.) + + -- Guilhem Moulin <guil...@debian.org> Tue, 30 Apr 2019 21:20:47 +0200 + cryptsetup (2:2.1.0-2) unstable; urgency=medium * debian/copyright: diff -Nru cryptsetup-2.1.0/debian/initramfs/hooks/cryptopensc cryptsetup-2.1.0/debian/initramfs/hooks/cryptopensc --- cryptsetup-2.1.0/debian/initramfs/hooks/cryptopensc 2019-02-28 22:32:43.000000000 +0100 +++ cryptsetup-2.1.0/debian/initramfs/hooks/cryptopensc 2019-04-30 21:20:47.000000000 +0200 @@ -47,7 +47,7 @@ # pcscd utilizes pthread_cancel copy_exec /usr/sbin/pcscd LIBC_DIR="$(ldd /usr/sbin/pcscd | sed -nr 's#.* => (/lib.*)/libc\.so\.[0-9.-]+ \(0x[[:xdigit:]]+\)$#\1#p')" -find -L "$LIBC_DIR" -maxdepth 1 \( -name 'libgcc_s.*' -o -name 'libusb-*.so*' -o -name 'libpcsclite.so*' \) -type f | while read so; do +find -L "$LIBC_DIR" "/usr$LIBC_DIR" -maxdepth 1 \( -name 'libgcc_s.*' -o -name 'libusb-*.so*' -o -name 'libpcsclite.so*' \) -type f | while read so; do copy_exec "$so" done diff -Nru cryptsetup-2.1.0/debian/scripts/decrypt_opensc cryptsetup-2.1.0/debian/scripts/decrypt_opensc --- cryptsetup-2.1.0/debian/scripts/decrypt_opensc 2019-02-28 22:32:43.000000000 +0100 +++ cryptsetup-2.1.0/debian/scripts/decrypt_opensc 2019-04-30 21:20:47.000000000 +0200 @@ -12,7 +12,7 @@ check_card() { cardfound=0 - if /usr/bin/opensc-tool -n 2>&1; then + if /usr/bin/opensc-tool -n >/dev/null 2>&1; then cardfound=1 fi }
signature.asc
Description: PGP signature