Control: tags -1 confirmed d-i Hi,
On Tue, Apr 30, 2019 at 10:14:22PM +0200, Guilhem Moulin wrote: > The cryptsetup package found in Buster, currently at version 2:2.1.0-2, > contains regressions affecting unlocking using OpenSC (PKCS#15 compatible > Smart Card): > > [#926573] The `decrypt_opensc` keyscript poisons standard output, > causing `cryptsetup open --key-file -` to fail. (Since 2:2.0.3-7.) > https://salsa.debian.org/cryptsetup-team/cryptsetup/merge_requests/8 > > [#928263] The initramfs hook fails to copy libpcsclite.so to the > initramfs on non-usrmerge systems, causing the pcscd daemon to fail to > start, hence failing unlocking at initramfs stage. (Since 2:2.0.3-2.) > > These regressions are RC for users relying on OpenSC integration, but > the bugs have ‘Severity: important’ since src:cryptsetup is still usable > to others. > > Debdiff between 2:2.1.0-2 and 2:2.1.0-3 attached. This looks ok, but needs a d-i ack. Cc'ed kibi. Thanks, Ivo > diff -Nru cryptsetup-2.1.0/debian/changelog cryptsetup-2.1.0/debian/changelog > --- cryptsetup-2.1.0/debian/changelog 2019-02-28 22:32:43.000000000 +0100 > +++ cryptsetup-2.1.0/debian/changelog 2019-04-30 21:20:47.000000000 +0200 > @@ -1,3 +1,12 @@ > +cryptsetup (2:2.1.0-3) unstable; urgency=medium > + > + * d/scripts/decrypt_opensc: Fix standard output poisoning. Thanks to Nils > + Mueller for the report and patch. (Closes: #926573.) > + * d/initramfs/hooks/cryptopensc: Ensure that libpcsclite.so is copied to > the > + initramfs on non-usrmerge systems. (Closes: #928263.) > + > + -- Guilhem Moulin <[email protected]> Tue, 30 Apr 2019 21:20:47 +0200 > + > cryptsetup (2:2.1.0-2) unstable; urgency=medium > > * debian/copyright: > diff -Nru cryptsetup-2.1.0/debian/initramfs/hooks/cryptopensc > cryptsetup-2.1.0/debian/initramfs/hooks/cryptopensc > --- cryptsetup-2.1.0/debian/initramfs/hooks/cryptopensc 2019-02-28 > 22:32:43.000000000 +0100 > +++ cryptsetup-2.1.0/debian/initramfs/hooks/cryptopensc 2019-04-30 > 21:20:47.000000000 +0200 > @@ -47,7 +47,7 @@ > # pcscd utilizes pthread_cancel > copy_exec /usr/sbin/pcscd > LIBC_DIR="$(ldd /usr/sbin/pcscd | sed -nr 's#.* => > (/lib.*)/libc\.so\.[0-9.-]+ \(0x[[:xdigit:]]+\)$#\1#p')" > -find -L "$LIBC_DIR" -maxdepth 1 \( -name 'libgcc_s.*' -o -name > 'libusb-*.so*' -o -name 'libpcsclite.so*' \) -type f | while read so; do > +find -L "$LIBC_DIR" "/usr$LIBC_DIR" -maxdepth 1 \( -name 'libgcc_s.*' -o > -name 'libusb-*.so*' -o -name 'libpcsclite.so*' \) -type f | while read so; do > copy_exec "$so" > done > > diff -Nru cryptsetup-2.1.0/debian/scripts/decrypt_opensc > cryptsetup-2.1.0/debian/scripts/decrypt_opensc > --- cryptsetup-2.1.0/debian/scripts/decrypt_opensc 2019-02-28 > 22:32:43.000000000 +0100 > +++ cryptsetup-2.1.0/debian/scripts/decrypt_opensc 2019-04-30 > 21:20:47.000000000 +0200 > @@ -12,7 +12,7 @@ > check_card() { > cardfound=0 > > - if /usr/bin/opensc-tool -n 2>&1; then > + if /usr/bin/opensc-tool -n >/dev/null 2>&1; then > cardfound=1 > fi > }
