commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2020-09-08 22:44:25 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new.3399 (New) Package is "cryptsetup" Tue Sep 8 22:44:25 2020 rev:110 rq:832027 version:2.3.4 Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2020-06-03 20:29:49.936682916 +0200 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new.3399/cryptsetup.changes 2020-09-08 22:44:43.123440137 +0200 @@ -1,0 +2,19 @@ +Fri Sep 4 09:49:31 CEST 2020 - Ludwig Nussel + +- Update to 2.3.4: + * Fix a possible out-of-bounds memory write while validating LUKS2 data +segments metadata (CVE-2020-14382, boo#1176128). + * Ignore reported optimal IO size if not aligned to minimal page size. + * Added support for new no_read/write_wrokqueue dm-crypt options (kernel 5.9). + * Added support panic_on_corruption option for dm-verity devices (kernel 5.9). + * Support --master-key-file option for online LUKS2 reencryption + * Always return EEXIST error code if a device already exists. + * Fix a problem in integritysetup if a hash algorithm has dash in the name. + * Fix crypto backend to properly handle ECB mode. + * TrueCrypt/VeraCrypt compatible mode now supports the activation of devices +with a larger sector. + * LUKS2: Do not create excessively large headers. + * Fix unspecified sector size for BitLocker compatible mode. + * Fix reading key data size in metadata for BitLocker compatible mode. + +--- Old: cryptsetup-2.3.3.tar.sign cryptsetup-2.3.3.tar.xz New: cryptsetup-2.3.4.tar.sign cryptsetup-2.3.4.tar.xz Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.TbNE7J/_old 2020-09-08 22:44:46.875441964 +0200 +++ /var/tmp/diff_new_pack.TbNE7J/_new 2020-09-08 22:44:46.875441964 +0200 @@ -22,7 +22,7 @@ %else Name: cryptsetup %endif -Version:2.3.3 +Version:2.3.4 Release:0 Summary:Setup program for dm-crypt Based Encrypted Block Devices License:SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later ++ cryptsetup-2.3.3.tar.xz -> cryptsetup-2.3.4.tar.xz ++ /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup-2.3.3.tar.xz /work/SRC/openSUSE:Factory/.cryptsetup.new.3399/cryptsetup-2.3.4.tar.xz differ: char 15, line 1
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2020-06-03 20:29:42 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new.3606 (New) Package is "cryptsetup" Wed Jun 3 20:29:42 2020 rev:109 rq:810247 version:2.3.3 Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2020-04-05 20:49:09.304930613 +0200 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new.3606/cryptsetup.changes 2020-06-03 20:29:49.936682916 +0200 @@ -1,0 +2,22 @@ +Thu May 28 18:43:29 UTC 2020 - Andreas Stieger + +- Update to 2.3.3: + * Fix BitLocker compatible device access that uses native 4kB +sectors + * Support large IV count (--iv-large-sectors) cryptsetup option +for plain device mapping + * Fix a memory leak in BitLocker compatible handling + * Allow EBOIV (Initialization Vector algorithm) use + * LUKS2: Require both keyslot cipher and key size option, do +not fail silently +- includes changes from 2.3.2: + * Add option to dump content of LUKS2 unbound keyslot + * Add support for discards (TRIM) for standalone dm-integrity +devices (Kernel 5.7) via --allow-discards, not for LUKS2 + * Fix cryptsetup-reencrypt to work on devices that do not allow +direct-io device access. + * Fix a crash in the BitLocker-compatible code error path + * Fix Veracrypt compatible support for longer (>64 bytes) +passphrases + +--- Old: cryptsetup-2.3.1.tar.sign cryptsetup-2.3.1.tar.xz New: cryptsetup-2.3.3.tar.sign cryptsetup-2.3.3.tar.xz Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.GOVZbt/_old 2020-06-03 20:29:51.636688084 +0200 +++ /var/tmp/diff_new_pack.GOVZbt/_new 2020-06-03 20:29:51.640688096 +0200 @@ -22,7 +22,7 @@ %else Name: cryptsetup %endif -Version:2.3.1 +Version:2.3.3 Release:0 Summary:Setup program for dm-crypt Based Encrypted Block Devices License:SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later ++ cryptsetup-2.3.1.tar.xz -> cryptsetup-2.3.3.tar.xz ++ /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup-2.3.1.tar.xz /work/SRC/openSUSE:Factory/.cryptsetup.new.3606/cryptsetup-2.3.3.tar.xz differ: char 15, line 1
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2020-04-05 20:49:04 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new.3248 (New) Package is "cryptsetup" Sun Apr 5 20:49:04 2020 rev:108 rq:790921 version:2.3.1 Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2020-02-09 21:02:38.523361197 +0100 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new.3248/cryptsetup.changes 2020-04-05 20:49:09.304930613 +0200 @@ -1,0 +2,33 @@ +Thu Apr 2 14:27:18 UTC 2020 - Ludwig Nussel + +- Split translations to -lang package +- New version to 2.3.1 + * Support VeraCrypt 128 bytes passwords. +VeraCrypt now allows passwords of maximal length 128 bytes +(compared to legacy TrueCrypt where it was limited by 64 bytes). + * Strip extra newline from BitLocker recovery keys +There might be a trailing newline added by the text editor when +the recovery passphrase was passed using the --key-file option. + * Detect separate libiconv library. +It should fix compilation issues on distributions with iconv +implemented in a separate library. + * Various fixes and workarounds to build on old Linux distributions. + * Split lines with hexadecimal digest printing for large key-sizes. + * Do not wipe the device with no integrity profile. +With --integrity none we performed useless full device wipe. + * Workaround for dm-integrity kernel table bug. +Some kernels show an invalid dm-integrity mapping table +if superblock contains the "recalculate" bit. This causes +integritysetup to not recognize the dm-integrity device. +Integritysetup now specifies kernel options such a way that +even on unpatched kernels mapping table is correct. + * Print error message if LUKS1 keyslot cannot be processed. +If the crypto backend is missing support for hash algorithms +used in PBKDF2, the error message was not visible. + * Properly align LUKS2 keyslots area on conversion. +If the LUKS1 payload offset (data offset) is not aligned +to 4 KiB boundary, new LUKS2 keyslots area in now aligned properly. + * Validate LUKS2 earlier on conversion to not corrupt the device +if binary keyslots areas metadata are not correct. + +--- Old: cryptsetup-2.3.0.tar.sign cryptsetup-2.3.0.tar.xz New: cryptsetup-2.3.1.tar.sign cryptsetup-2.3.1.tar.xz Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.6ukHiO/_old 2020-04-05 20:49:10.160931432 +0200 +++ /var/tmp/diff_new_pack.6ukHiO/_new 2020-04-05 20:49:10.164931436 +0200 @@ -22,7 +22,7 @@ %else Name: cryptsetup %endif -Version:2.3.0 +Version:2.3.1 Release:0 Summary:Setup program for dm-crypt Based Encrypted Block Devices License:SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later @@ -56,6 +56,8 @@ Requires(post): coreutils Requires(postun): coreutils +%lang_package(cryptsetup) + %description cryptsetup is used to conveniently set up dm-crypt based device-mapper targets. It allows to set up targets to read cryptoloop compatible @@ -166,7 +168,7 @@ %post -n libcryptsetup%{so_ver} -p /sbin/ldconfig %postun -n libcryptsetup%{so_ver} -p /sbin/ldconfig -%files -f %{name}.lang +%files %doc AUTHORS COPYING* FAQ README TODO docs/ChangeLog.old docs/*ReleaseNotes /sbin/cryptsetup%{?is_backports:2} %{_sbindir}/cryptsetup%{?is_backports:2} @@ -182,6 +184,8 @@ %ghost %dir /run/cryptsetup %endif +%files lang -f %{name}.lang + %files -n libcryptsetup%{so_ver} %{_libdir}/libcryptsetup.so.%{so_ver}* ++ cryptsetup-2.3.0.tar.xz -> cryptsetup-2.3.1.tar.xz ++ /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup-2.3.0.tar.xz /work/SRC/openSUSE:Factory/.cryptsetup.new.3248/cryptsetup-2.3.1.tar.xz differ: char 15, line 1
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2020-02-09 21:02:18 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new.26092 (New) Package is "cryptsetup" Sun Feb 9 21:02:18 2020 rev:107 rq:770054 version:2.3.0 Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2019-12-17 13:29:39.899419748 +0100 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new.26092/cryptsetup.changes 2020-02-09 21:02:38.523361197 +0100 @@ -0,0 +1,57 @@ +--- +Tue Feb 4 07:59:24 UTC 2020 - Paolo Stivanin + +- Update to 2.3.0 (include release notes for 2.2.0) + * BITLK (Windows BitLocker compatible) device access + * Veritysetup now supports activation with additional PKCS7 signature +of root hash through --root-hash-signature option. + * Integritysetup now calculates hash integrity size according to algorithm +instead of requiring an explicit tag size. + * Integritysetup now supports fixed padding for dm-integrity devices. + * A lot of fixes to online LUKS2 reecryption. + * Add crypt_resume_by_volume_key() function to libcryptsetup. +If a user has a volume key available, the LUKS device can be resumed +directly using the provided volume key. +No keyslot derivation is needed, only the key digest is checked. + * Implement active device suspend info. +Add CRYPT_ACTIVATE_SUSPENDED bit to crypt_get_active_device() flags +that informs the caller that device is suspended (luksSuspend). + * Allow --test-passphrase for a detached header. +Before this fix, we required a data device specified on the command +line even though it was not necessary for the passphrase check. + * Allow --key-file option in legacy offline encryption. +The option was ignored for LUKS1 encryption initialization. + * Export memory safe functions. +To make developing of some extensions simpler, we now export +functions to handle memory with proper wipe on deallocation. + * Fail crypt_keyslot_get_pbkdf for inactive LUKS1 keyslot. + * Add optional global serialization lock for memory hard PBKDF. + * Abort conversion to LUKS1 with incompatible sector size that is +not supported in LUKS1. + * Report error (-ENOENT) if no LUKS keyslots are available. User can now +distinguish between a wrong passphrase and no keyslot available. + * Fix a possible segfault in detached header handling (double free). + * Add integritysetup support for bitmap mode introduced in Linux kernel 5.2. + * The libcryptsetup now keeps all file descriptors to underlying device +open during the whole lifetime of crypt device context to avoid excessive +scanning in udev (udev run scan on every descriptor close). + * The luksDump command now prints more info for reencryption keyslot +(when a device is in-reencryption). + * New --device-size parameter is supported for LUKS2 reencryption. + * New --resume-only parameter is supported for LUKS2 reencryption. + * The repair command now tries LUKS2 reencryption recovery if needed. + * If reencryption device is a file image, an interactive dialog now +asks if reencryption should be run safely in offline mode +(if autodetection of active devices failed). + * Fix activation through a token where dm-crypt volume key was not +set through keyring (but using old device-mapper table parameter mode). + * Online reencryption can now retain all keyslots (if all passphrases +are provided). Note that keyslot numbers will change in this case. + * Allow volume key file to be used if no LUKS2 keyslots are present. + * Print a warning if online reencrypt is called over LUKS1 (not supported). + * Fix TCRYPT KDF failure in FIPS mode. + * Remove FIPS mode restriction for crypt_volume_key_get. + * Reduce keyslots area size in luksFormat when the header device is too small. + * Make resize action accept --device-size parameter (supports units suffix). + +--- Old: cryptsetup-2.1.0.tar.sign cryptsetup-2.1.0.tar.xz New: cryptsetup-2.3.0.tar.sign cryptsetup-2.3.0.tar.xz Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.ZLbVCj/_old 2020-02-09 21:02:40.859362523 +0100 +++ /var/tmp/diff_new_pack.ZLbVCj/_new 2020-02-09 21:02:40.879362534 +0100 @@ -1,7 +1,7 @@ # # spec file for package cryptsetup # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2019-12-17 13:29:09 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new.4691 (New) Package is "cryptsetup" Tue Dec 17 13:29:09 2019 rev:106 rq:755886 version:2.1.0 Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2019-05-14 13:29:50.959261460 +0200 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new.4691/cryptsetup.changes 2019-12-17 13:29:39.899419748 +0100 @@ -0,0 +1,6 @@ +Thu Oct 17 11:55:51 UTC 2019 - Vítězslav Čížek + +- Create a weak dependency cycle between libcryptsetup and + libcryptsetup-hmac to make sure they are installed together + (bsc#1090768) + Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.zHLCCk/_old 2019-12-17 13:29:41.279419263 +0100 +++ /var/tmp/diff_new_pack.zHLCCk/_new 2019-12-17 13:29:41.287419260 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -66,7 +66,7 @@ %package -n libcryptsetup%{so_ver} Summary:Library for setting up dm-crypt Based Encrypted Block Devices Group: System/Libraries -Suggests: libcryptsetup%{so_ver}-hmac +Suggests: libcryptsetup%{so_ver}-hmac = %{version}-%{release} %description -n libcryptsetup%{so_ver} cryptsetup is used to conveniently set up dm-crypt based device-mapper @@ -78,6 +78,7 @@ %package -n libcryptsetup%{so_ver}-hmac Summary:Checksums for libcryptsetup%{so_ver} Group: System/Base +Requires: libcryptsetup%{so_ver} = %{version}-%{release} %description -n libcryptsetup%{so_ver}-hmac This package contains HMAC checksums for integrity checking of libcryptsetup4,
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2019-05-14 13:29:48 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new.5148 (New) Package is "cryptsetup" Tue May 14 13:29:48 2019 rev:105 rq:701789 version:2.1.0 Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2019-02-20 14:08:42.886991632 +0100 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new.5148/cryptsetup.changes 2019-05-14 13:29:50.959261460 +0200 @@ -274 +274 @@ -in FIPS mode. +in FIPS mode (bsc#1031998). Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.SIYk7R/_old 2019-05-14 13:29:52.471265516 +0200 +++ /var/tmp/diff_new_pack.SIYk7R/_new 2019-05-14 13:29:52.475265527 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ #
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2019-02-20 14:08:36 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new.28833 (New) Package is "cryptsetup" Wed Feb 20 14:08:36 2019 rev:104 rq:677121 version:2.1.0 Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2018-11-06 15:25:56.220471801 +0100 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new.28833/cryptsetup.changes 2019-02-20 14:08:42.886991632 +0100 @@ -1,0 +2,33 @@ +Fri Feb 15 15:01:18 UTC 2019 - Jan Engelhardt + +- Use noun phrase in summary. + +--- +Fri Feb 15 09:41:52 UTC 2019 - lnus...@suse.de + +- New version 2.1.0 + * The default size of the LUKS2 header is increased to 16 MB. +It includes metadata and the area used for binary keyslots; +it means that LUKS header backup is now 16MB in size. + * Cryptsetup now doubles LUKS default key size if XTS mode is used +(XTS mode uses two internal keys). This does not apply if key size +is explicitly specified on the command line and it does not apply +for the plain mode. +This fixes a confusion with AES and 256bit key in XTS mode where +code used AES128 and not AES256 as often expected. + * Default cryptographic backend used for LUKS header processing is now +OpenSSL. For years, OpenSSL provided better performance for PBKDF. + + * The Python bindings are no longer supported and the code was removed +from cryptsetup distribution. Please use the libblockdev project +that already covers most of the libcryptsetup functionality +including LUKS2. + * Cryptsetup now allows using --offset option also for luksFormat. + * Cryptsetup now supports new refresh action (that is the alias for +"open --refresh"). + * Integritysetup now supports mode with detached data device through +new --data-device option. +- 2.1.0 would use LUKS2 as default, we stay with LUKS1 for now until + someone has time to evaluate the fallout from switching to LUKS2. + +--- Old: cryptsetup-2.0.5.tar.sign cryptsetup-2.0.5.tar.xz New: cryptsetup-2.1.0.tar.sign cryptsetup-2.1.0.tar.xz Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.z0wfhH/_old 2019-02-20 14:08:44.154991212 +0100 +++ /var/tmp/diff_new_pack.z0wfhH/_new 2019-02-20 14:08:44.154991212 +0100 @@ -1,7 +1,7 @@ # # spec file for package cryptsetup # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -22,25 +22,25 @@ %else Name: cryptsetup %endif -Version:2.0.5 +Version:2.1.0 Release:0 -Summary:Set Up dm-crypt Based Encrypted Block Devices +Summary:Setup program for dm-crypt Based Encrypted Block Devices License:SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later Group: System/Base Url:https://gitlab.com/cryptsetup/cryptsetup/ -Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{version}.tar.xz +Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.1/cryptsetup-%{version}.tar.xz # GPG signature of the uncompressed tarball. -Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{version}.tar.sign +Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.1/cryptsetup-%{version}.tar.sign Source2:baselibs.conf Source3:cryptsetup.keyring BuildRequires: device-mapper-devel BuildRequires: fipscheck BuildRequires: fipscheck-devel -BuildRequires: libgcrypt-devel BuildRequires: libjson-c-devel BuildRequires: libpwquality-devel BuildRequires: libselinux-devel BuildRequires: libuuid-devel +BuildRequires: pkgconfig(openssl) # 2.6.38 has the required if_alg.h BuildRequires: linux-glibc-devel >= 2.6.38 BuildRequires: pkgconfig @@ -64,7 +64,7 @@ time via the config file %{_sysconfdir}/crypttab. %package -n libcryptsetup%{so_ver} -Summary:Set Up dm-crypt Based Encrypted Block Devices +Summary:Library for setting up dm-crypt Based Encrypted Block Devices
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2018-11-06 15:25:37 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is "cryptsetup" Tue Nov 6 15:25:37 2018 rev:103 rq:645684 version:2.0.5 Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2018-08-28 09:23:05.376574368 +0200 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2018-11-06 15:25:56.220471801 +0100 @@ -1,0 +2,68 @@ +Tue Oct 30 10:10:35 UTC 2018 - lnus...@suse.de + +- Suggest hmac package (boo#1090768) +- remove old upgrade hack for upgrades from 12.1 +- New version 2.0.5 + + Changes since version 2.0.4 + ~~~ + + * Wipe full header areas (including unused) during LUKS format. + +Since this version, the whole area up to the data offset is zeroed, +and subsequently, all keyslots areas are wiped with random data. +This ensures that no remaining old data remains in the LUKS header +areas, but it could slow down format operation on some devices. +Previously only first 4k (or 32k for LUKS2) and the used keyslot +was overwritten in the format operation. + + * Several fixes to error messages that were unintentionally replaced +in previous versions with a silent exit code. +More descriptive error messages were added, including error +messages if + - a device is unusable (not a block device, no access, etc.), + - a LUKS device is not detected, + - LUKS header load code detects unsupported version, + - a keyslot decryption fails (also happens in the cipher check), + - converting an inactive keyslot. + + * Device activation fails if data area overlaps with LUKS header. + + * Code now uses explicit_bzero to wipe memory if available +(instead of own implementation). + + * Additional VeraCrypt modes are now supported, including Camellia +and Kuznyechik symmetric ciphers (and cipher chains) and Streebog +hash function. These were introduced in a recent VeraCrypt upstream. + +Note that Kuznyechik requires out-of-tree kernel module and +Streebog hash function is available only with the gcrypt cryptographic +backend for now. + + * Fixes static build for integritysetup if the pwquality library is used. + + * Allows passphrase change for unbound keyslots. + + * Fixes removed keyslot number in verbose message for luksKillSlot, +luksRemoveKey and erase command. + + * Adds blkid scan when attempting to open a plain device and warn the user +about existing device signatures in a ciphertext device. + + * Remove LUKS header signature if luksFormat fails to add the first keyslot. + + * Remove O_SYNC from device open and use fsync() to speed up +wipe operation considerably. + + * Create --master-key-file in luksDump and fail if the file already exists. + + * Fixes a bug when LUKS2 authenticated encryption with a detached header +wiped the header device instead of dm-integrity data device area (causing +unnecessary LUKS2 header auto recovery). + +--- +Tue Oct 30 09:55:50 UTC 2018 - lnus...@suse.de + +- make parallell installable version for SLE12 + +--- Old: cryptsetup-2.0.4.tar.sign cryptsetup-2.0.4.tar.xz New: cryptsetup-2.0.5.tar.sign cryptsetup-2.0.5.tar.xz Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.AIHMx8/_old 2018-11-06 15:26:07.848454137 +0100 +++ /var/tmp/diff_new_pack.AIHMx8/_new 2018-11-06 15:26:07.852454131 +0100 @@ -17,8 +17,12 @@ %define so_ver 12 +%if 0%{?is_backports} +Name: cryptsetup2 +%else Name: cryptsetup -Version:2.0.4 +%endif +Version:2.0.5 Release:0 Summary:Set Up dm-crypt Based Encrypted Block Devices License:SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later @@ -28,7 +32,7 @@ # GPG signature of the uncompressed tarball. Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{version}.tar.sign Source2:baselibs.conf -Source3:%{name}.keyring +Source3:cryptsetup.keyring BuildRequires: device-mapper-devel BuildRequires: fipscheck BuildRequires: fipscheck-devel @@ -44,6 +48,11 @@ BuildRequires: suse-module-tools BuildRequires: pkgconfig(blkid) BuildRequires: pkgconfig(libargon2) +%if 0%{?is_backports} +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +%endif Requires(post): coreutils Requires(postun): coreutils @@ -57,6 +66,7 @@ %package -n
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2018-08-28 09:22:31 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is "cryptsetup" Tue Aug 28 09:22:31 2018 rev:102 rq:630730 version:2.0.4 Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2018-02-13 10:25:33.509405741 +0100 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2018-08-28 09:23:05.376574368 +0200 @@ -1,0 +2,134 @@ +Tue Aug 21 07:40:54 UTC 2018 - lnus...@suse.de + +- New version 2.0.4 + + Changes since version 2.0.3 + ~~~ + + * Use the libblkid (blockid) library to detect foreign signatures +on a device before LUKS format and LUKS2 auto-recovery. +This change fixes an unexpected recovery using the secondary +LUKS2 header after a device was already overwritten with +another format (filesystem or LVM physical volume). +LUKS2 will not recreate a primary header if it detects a valid +foreign signature. In this situation, a user must always +use cryptsetup repair command for the recovery. +Note that libcryptsetup and utilities are now linked to libblkid +as a new dependence. +To compile code without blockid support (strongly discouraged), +use --disable-blkid configure switch. + * Add prompt for format and repair actions in cryptsetup and +integritysetup if foreign signatures are detected on the device +through the blockid library. +After the confirmation, all known signatures are then wiped as +part of the format or repair procedure. + * Print consistent verbose message about keyslot and token numbers. +For keyslot actions: Key slot unlocked/created/removed. +For token actions: Token created/removed. + * Print error, if a non-existent token is tried to be removed. + * Add support for LUKS2 token definition export and import. +The token command now can export/import customized token JSON file +directly from command line. See the man page for more details. + * Add support for new dm-integrity superblock version 2. + * Add an error message when nothing was read from a key file. + * Update cryptsetup man pages, including --type option usage. + * Add a snapshot of LUKS2 format specification to documentation +and accordingly fix supported secondary header offsets. + * Add bundled optimized Argon2 SSE (X86_64 platform) code. +If the bundled Argon2 code is used and the new configure switch +--enable-internal-sse-argon2 option is present, and compiler flags +support required optimization, the code will try to use optimized +and faster variant. +Always use the shared library (--enable-libargon2) if possible. +This option was added because an enterprise distribution +rejected to support the shared Argon2 library and native support +in generic cryptographic libraries is not ready yet. + * Fix compilation with crypto backend for LibreSSL >= 2.7.0. +LibreSSL introduced OpenSSL 1.1.x API functions, so compatibility +wrapper must be commented out. + * Fix on-disk header size calculation for LUKS2 format if a specific +data alignment is requested. Until now, the code used default size +that could be wrong for converted devices. + + Changes since version 2.0.2 + ~~~ + + * Expose interface to unbound LUKS2 keyslots. +Unbound LUKS2 keyslot allows storing a key material that is independent +of master volume key (it is not bound to encrypted data segment). + * New API extensions for unbound keyslots (LUKS2 only) +crypt_keyslot_get_key_size() and crypt_volume_key_get() +These functions allow to get key and key size for unbound keyslots. + * New enum value CRYPT_SLOT_UNBOUND for keyslot status (LUKS2 only). + * Add --unbound keyslot option to the cryptsetup luksAddKey command. + * Add crypt_get_active_integrity_failures() call to get integrity +failure count for dm-integrity devices. + * Add crypt_get_pbkdf_default() function to get per-type PBKDF default +setting. + * Add new flag to crypt_keyslot_add_by_key() to force update device +volume key. This call is mainly intended for a wrapped key change. + * Allow volume key store in a file with cryptsetup. +The --dump-master-key together with --master-key-file allows cryptsetup +to store the binary volume key to a file instead of standard output. + * Add support detached header for cryptsetup-reencrypt command. + * Fix VeraCrypt PIM handling - use proper iterations count formula +for PBKDF2-SHA512 and PBKDF2-Whirlpool used in system volumes. + * Fix cryptsetup tcryptDump for VeraCrypt PIM (support --veracrypt-pim). + * Add --with-default-luks-format
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2018-02-13 10:25:18 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is "cryptsetup" Tue Feb 13 10:25:18 2018 rev:101 rq:574742 version:2.0.1 Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2018-01-31 19:48:18.447476929 +0100 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2018-02-13 10:25:33.509405741 +0100 @@ -1,0 +2,22 @@ +Tue Jan 30 12:26:48 UTC 2018 - astie...@suse.com + +- update to 2.0.1: + * To store volume key into kernel keyring, kernel 4.15 with +dm-crypt 1.18.1 is required + * Increase maximum allowed PBKDF memory-cost limit to 4 GiB + * Use /run/cryptsetup as default for cryptsetup locking dir + * Introduce new 64-bit byte-offset *keyfile_device_offset functions. + * New set of fucntions that allows 64-bit offsets even on 32bit systems +are now availeble: + - crypt_resume_by_keyfile_device_offset + - crypt_keyslot_add_by_keyfile_device_offset + - crypt_activate_by_keyfile_device_offset + - crypt_keyfile_device_read +The new functions have added the _device_ in name. +Old functions are just internal wrappers around these. + * Also cryptsetup --keyfile-offset and --new-keyfile-offset now +allows 64-bit offsets as parameters. + * Add error hint for wrongly formatted cipher strings in LUKS1 and +properly fail in luksFormat if cipher format is missing required IV. + +--- Old: cryptsetup-2.0.0.tar.sign cryptsetup-2.0.0.tar.xz New: cryptsetup-2.0.1.tar.sign cryptsetup-2.0.1.tar.xz Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.NkEn75/_old 2018-02-13 10:25:34.473371010 +0100 +++ /var/tmp/diff_new_pack.NkEn75/_new 2018-02-13 10:25:34.473371010 +0100 @@ -18,10 +18,10 @@ %define so_ver 12 Name: cryptsetup -Version:2.0.0 +Version:2.0.1 Release:0 Summary:Set Up dm-crypt Based Encrypted Block Devices -License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+ +License:SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0+ Group: System/Base Url:https://gitlab.com/cryptsetup/cryptsetup/ Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{version}.tar.xz @@ -37,12 +37,12 @@ BuildRequires: libpwquality-devel BuildRequires: libselinux-devel BuildRequires: libuuid-devel -BuildRequires: pkgconfig(libargon2) # 2.6.38 has the required if_alg.h BuildRequires: linux-glibc-devel >= 2.6.38 BuildRequires: pkgconfig BuildRequires: popt-devel BuildRequires: suse-module-tools +BuildRequires: pkgconfig(libargon2) Requires(post): coreutils Requires(postun): coreutils @@ -108,7 +108,7 @@ %define __spec_install_post \ %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ - %{__os_install_post} \ + %__os_install_post \ fipshmac %{buildroot}/%{_libdir}/libcryptsetup.so.* \ %{nil} @@ -141,6 +141,7 @@ fi %{?regenerate_initrd_post} +%tmpfiles_create %{_tmpfilesdir}/%{name}.conf %postun %{?regenerate_initrd_post} @@ -152,10 +153,7 @@ %postun -n libcryptsetup%{so_ver} -p /sbin/ldconfig %files -f %{name}.lang -%defattr(-,root,root) %doc AUTHORS COPYING* FAQ README TODO docs/ChangeLog.old docs/*ReleaseNotes -#ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/crypttab -#ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/cryptotab /sbin/cryptsetup %{_sbindir}/cryptsetup %{_sbindir}/veritysetup @@ -166,17 +164,15 @@ %{_mandir}/man8/veritysetup.8%{ext_man} %{_mandir}/man8/integritysetup.8%{ext_man} %{_tmpfilesdir}/cryptsetup.conf +%ghost %dir /run/cryptsetup %files -n libcryptsetup%{so_ver} -%defattr(-,root,root) %{_libdir}/libcryptsetup.so.%{so_ver}* %files -n libcryptsetup%{so_ver}-hmac -%defattr(-,root,root) %{_libdir}/.libcryptsetup.so.%{so_ver}*hmac %files -n libcryptsetup-devel -%defattr(-,root,root) %doc docs/examples/ %{_includedir}/libcryptsetup.h %{_libdir}/libcryptsetup.so ++ cryptsetup-2.0.0.tar.xz -> cryptsetup-2.0.1.tar.xz ++ /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup-2.0.0.tar.xz /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup-2.0.1.tar.xz differ: char 15, line 1
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2018-01-31 19:48:16 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is "cryptsetup" Wed Jan 31 19:48:16 2018 rev:100 rq:562805 version:2.0.0 Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2017-05-10 20:34:05.989837738 +0200 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2018-01-31 19:48:18.447476929 +0100 @@ -1,0 +2,11 @@ +Fri Dec 22 16:16:10 UTC 2017 - archie.co...@gmail.com + +- Update to version 2.0.0: + * Add support for new on-disk LUKS2 format + * Enable to use system libargon2 instead of bundled version + * Install tmpfiles.d configuration for LUKS2 locking directory + * New command integritysetup: support for the new dm-integrity kernel target + * Support for larger sector sizes for crypt devices + * Miscellaneous fixes and improvements + +--- Old: cryptsetup-1.7.5.tar.sign cryptsetup-1.7.5.tar.xz New: cryptsetup-2.0.0.tar.sign cryptsetup-2.0.0.tar.xz Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.VYSc4g/_old 2018-01-31 19:48:19.619422439 +0100 +++ /var/tmp/diff_new_pack.VYSc4g/_new 2018-01-31 19:48:19.623422253 +0100 @@ -1,7 +1,7 @@ # # spec file for package cryptsetup # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,26 +16,28 @@ # -%define so_ver 4 +%define so_ver 12 Name: cryptsetup -Version:1.7.5 +Version:2.0.0 Release:0 Summary:Set Up dm-crypt Based Encrypted Block Devices License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+ Group: System/Base Url:https://gitlab.com/cryptsetup/cryptsetup/ -Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-%{version}.tar.xz +Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{version}.tar.xz # GPG signature of the uncompressed tarball. -Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-%{version}.tar.sign +Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{version}.tar.sign Source2:baselibs.conf Source3:%{name}.keyring BuildRequires: device-mapper-devel BuildRequires: fipscheck BuildRequires: fipscheck-devel BuildRequires: libgcrypt-devel +BuildRequires: libjson-c-devel BuildRequires: libpwquality-devel BuildRequires: libselinux-devel BuildRequires: libuuid-devel +BuildRequires: pkgconfig(libargon2) # 2.6.38 has the required if_alg.h BuildRequires: linux-glibc-devel >= 2.6.38 BuildRequires: pkgconfig @@ -95,7 +97,10 @@ --enable-selinux \ --enable-fips \ --enable-pwquality \ - --enable-gcrypt-pbkdf2 + --enable-gcrypt-pbkdf2 \ + --enable-libargon2 \ + --with-luks2-lock-path=/run/cryptsetup \ + --with-tmpfilesdir='%{_tmpfilesdir}' make %{?_smp_mflags} V=1 %install @@ -154,10 +159,13 @@ /sbin/cryptsetup %{_sbindir}/cryptsetup %{_sbindir}/veritysetup +%{_sbindir}/integritysetup %{_sbindir}/cryptsetup-reencrypt %{_mandir}/man8/cryptsetup.8%{ext_man} %{_mandir}/man8/cryptsetup-reencrypt.8%{ext_man} %{_mandir}/man8/veritysetup.8%{ext_man} +%{_mandir}/man8/integritysetup.8%{ext_man} +%{_tmpfilesdir}/cryptsetup.conf %files -n libcryptsetup%{so_ver} %defattr(-,root,root) ++ baselibs.conf ++ --- /var/tmp/diff_new_pack.VYSc4g/_old 2018-01-31 19:48:19.671420021 +0100 +++ /var/tmp/diff_new_pack.VYSc4g/_new 2018-01-31 19:48:19.671420021 +0100 @@ -1,2 +1,2 @@ -libcryptsetup4 -libcryptsetup4-hmac +libcryptsetup12 +libcryptsetup12-hmac ++ cryptsetup-1.7.5.tar.xz -> cryptsetup-2.0.0.tar.xz ++ /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup-1.7.5.tar.xz /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup-2.0.0.tar.xz differ: char 8, line 1
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2017-05-10 20:34:03 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is "cryptsetup" Wed May 10 20:34:03 2017 rev:99 rq:492821 version:1.7.5 Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2017-04-07 14:17:31.214280446 +0200 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2017-05-10 20:34:05.989837738 +0200 @@ -1,0 +2,10 @@ +Sat Apr 29 11:52:58 UTC 2017 - mplus...@suse.com + +- Update to version 1.7.5: + * Fixes to luksFormat to properly support recent kernel running +in FIPS mode. + * Fixes accesses to unaligned hidden legacy TrueCrypt header. + * Fixes to optional dracut ramdisk scripts for offline +re-encryption on initial boot. + +--- Old: cryptsetup-1.7.4.tar.sign cryptsetup-1.7.4.tar.xz New: cryptsetup-1.7.5.tar.sign cryptsetup-1.7.5.tar.xz Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.xS3EpU/_old 2017-05-10 20:34:07.253659430 +0200 +++ /var/tmp/diff_new_pack.xS3EpU/_new 2017-05-10 20:34:07.261658301 +0200 @@ -18,7 +18,7 @@ %define so_ver 4 Name: cryptsetup -Version:1.7.4 +Version:1.7.5 Release:0 Summary:Set Up dm-crypt Based Encrypted Block Devices License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+ ++ cryptsetup-1.7.4.tar.xz -> cryptsetup-1.7.5.tar.xz ++ 3964 lines of diff (skipped)
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2017-04-07 14:17:28 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is "cryptsetup" Fri Apr 7 14:17:28 2017 rev:98 rq:481749 version:1.7.4 Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2016-08-28 12:17:21.0 +0200 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2017-04-07 14:17:31.214280446 +0200 @@ -1,0 +2,33 @@ +Fri Mar 17 19:24:14 UTC 2017 - mplus...@suse.com + +- Update to version 1.7.4: + * Allow to specify LUKS1 hash algorithm in Python luksFormat +wrapper. + * Use LUKS1 compiled-in defaults also in Python wrapper. + * OpenSSL backend: Fix OpenSSL 1.1.0 support without backward +compatible API. + * OpenSSL backend: Fix LibreSSL compatibility. + * Check for data device and hash device area overlap in +veritysetup. + * Fix a possible race while allocating a free loop device. + * Fix possible file descriptor leaks if libcryptsetup is run from +a forked process. + * Fix missing same_cpu_crypt flag in status command. + * Various updates to FAQ and man pages. +- Changes for version 1.7.3: + * Fix device access to hash offsets located beyond the 2GB device +boundary in veritysetup. + * Set configured (compile-time) default iteration time for +devices created directly through libcryptsetup + * Fix PBKDF2 benchmark to not double iteration count for specific +corner case. + * Verify passphrase in cryptsetup-reencrypt when encrypting a new +drive. + * OpenSSL backend: fix memory leak if hash context was repeatedly +reused. + * OpenSSL backend: add support for OpenSSL 1.1.0. + * Fix several minor spelling errors. + * Properly check maximal buffer size when parsing UUID from +/dev/disk/. + +--- Old: cryptsetup-1.7.2.tar.sign cryptsetup-1.7.2.tar.xz New: cryptsetup-1.7.4.tar.sign cryptsetup-1.7.4.tar.xz Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.NIv9Gn/_old 2017-04-07 14:17:32.078158453 +0200 +++ /var/tmp/diff_new_pack.NIv9Gn/_new 2017-04-07 14:17:32.078158453 +0200 @@ -1,7 +1,7 @@ # # spec file for package cryptsetup # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %define so_ver 4 Name: cryptsetup -Version:1.7.2 +Version:1.7.4 Release:0 Summary:Set Up dm-crypt Based Encrypted Block Devices License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+ @@ -43,7 +43,6 @@ BuildRequires: suse-module-tools Requires(post): coreutils Requires(postun): coreutils -BuildRoot: %{_tmppath}/%{name}-%{version}-build %description cryptsetup is used to conveniently set up dm-crypt based device-mapper @@ -91,7 +90,8 @@ %setup -q %build -%configure --enable-cryptsetup-reencrypt \ +%configure \ + --enable-cryptsetup-reencrypt \ --enable-selinux \ --enable-fips \ --enable-pwquality \ @@ -107,7 +107,7 @@ fipshmac %{buildroot}/%{_libdir}/libcryptsetup.so.* \ %{nil} -make DESTDIR=%{buildroot} install %{?_smp_mflags} +%make_install install -dm 0755 %{buildroot}/sbin ln -s ..%{_sbindir}/cryptsetup %{buildroot}/sbin # don't want this file in /lib (FHS compat check), and can't move it to /usr/lib @@ -144,7 +144,6 @@ %{?regenerate_initrd_posttrans} %post -n libcryptsetup%{so_ver} -p /sbin/ldconfig - %postun -n libcryptsetup%{so_ver} -p /sbin/ldconfig %files -f %{name}.lang @@ -156,9 +155,9 @@ %{_sbindir}/cryptsetup %{_sbindir}/veritysetup %{_sbindir}/cryptsetup-reencrypt -%{_mandir}/man8/cryptsetup.8.gz -%{_mandir}/man8/cryptsetup-reencrypt.8.gz -%{_mandir}/man8/veritysetup.8.gz +%{_mandir}/man8/cryptsetup.8%{ext_man} +%{_mandir}/man8/cryptsetup-reencrypt.8%{ext_man} +%{_mandir}/man8/veritysetup.8%{ext_man} %files -n libcryptsetup%{so_ver} %defattr(-,root,root) ++ cryptsetup-1.7.2.tar.xz -> cryptsetup-1.7.4.tar.xz ++ 16626 lines of diff (skipped)
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2016-08-28 12:17:20 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is "cryptsetup" Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2016-02-12 11:21:01.0 +0100 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2016-08-28 12:17:21.0 +0200 @@ -1,0 +2,73 @@ +Thu Aug 25 15:15:15 UTC 2016 - alexander_nau...@opensuse.org + +- Update to version 1.7.2: + + * Update LUKS documentation format. +Clarify fixed sector size and keyslots alignment. + + * Support activation options for error handling modes in +Linux kernel dm-verity module: + --ignore-corruption - dm-verity just logs detected corruption + + --restart-on-corruption - dm-verity restarts the kernel if +corruption is detected + If the options above are not specified, default behavior for + dm-verity remains. Default is that I/O operation fails with + I/O error if corrupted block is detected. + + --ignore-zero-blocks - Instructs dm-verity to not verify + blocks that are expected to contain zeroes and always + return zeroes directly instead. + NOTE that these options could have security or functional + impacts, do not use them without assessing the risks! + + * Fix help text for cipher benchmark specification +(mention --cipher option). + + * Fix off-by-one error in maximum keyfile size. +Allow keyfiles up to compiled-in default and not that value +minus one. + + * Support resume of interrupted decryption in cryptsetup-reencrypt +utility. To resume decryption, LUKS device UUID (--uuid option) +option must be used. + + * Do not use direct-io for LUKS header with unaligned keyslots. +Such headers were used only by the first cryptsetup-luks-1.0.0 +release (2005). + * Fix device block size detection to properly work on particular + +file-based containers over underlying devices with 4k sectors. + +- Update to version 1.7.1: + + * Code now uses kernel crypto API backend according to new +changes introduced in mainline kernel +While mainline kernel should contain backward compatible +changes, some stable series kernels do not contain fully +backported compatibility patches. +Without these patches most of cryptsetup operations +(like unlocking device) fail. +This change in cryptsetup ensures that all operations using +kernel crypto API works even on these kernels. + + * The cryptsetup-reencrypt utility now properly detects removal +of underlying link to block device and does not remove +ongoing re-encryption log. +This allows proper recovery (resume) of reencrypt operation later. +NOTE: Never use /dev/disk/by-uuid/ path for reencryption utility, +this link disappears once the device metadata is temporarily +removed from device. + + * Cryptsetup now allows special "-" (standard input) keyfile handling +even for TCRYPT (TrueCrypt and VeraCrypt compatible) devices. + + * Cryptsetup now fails if there are more keyfiles specified +for non-TCRYPT device. + + * The luksKillSlot command now does not suppress provided password +in batch mode (if password is wrong slot is not destroyed). +Note that not providing password in batch mode means that keyslot +is destroyed unconditionally. + +--- Old: cryptsetup-1.7.0.tar.sign cryptsetup-1.7.0.tar.xz New: cryptsetup-1.7.2.tar.sign cryptsetup-1.7.2.tar.xz Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.BXFQq6/_old 2016-08-28 12:17:22.0 +0200 +++ /var/tmp/diff_new_pack.BXFQq6/_new 2016-08-28 12:17:22.0 +0200 @@ -18,7 +18,7 @@ %define so_ver 4 Name: cryptsetup -Version:1.7.0 +Version:1.7.2 Release:0 Summary:Set Up dm-crypt Based Encrypted Block Devices License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+ ++ cryptsetup-1.7.0.tar.xz -> cryptsetup-1.7.2.tar.xz ++ 52250 lines of diff (skipped)
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2016-02-12 11:20:59 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is "cryptsetup" Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2015-12-23 09:56:20.0 +0100 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2016-02-12 11:21:01.0 +0100 @@ -1,0 +2,14 @@ +Sat Jan 9 12:12:06 UTC 2016 - benoit.mo...@gmx.fr + +- update to 1.7.0: + * The cryptsetup 1.7 release changes defaults for LUKS, +there are no API changes. + * Default hash function is now SHA256 (used in key derivation +function and anti-forensic splitter). + * Default iteration time for PBKDF2 is now 2 seconds. + * Fix PBKDF2 iteration benchmark for longer key sizes. + * Remove experimental warning for reencrypt tool. + * Add optional libpasswdqc support for new LUKS passwords. + * Update FAQ document. + +--- Old: cryptsetup-1.6.8.tar.sign cryptsetup-1.6.8.tar.xz New: cryptsetup-1.7.0.tar.sign cryptsetup-1.7.0.tar.xz Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.UocdKr/_old 2016-02-12 11:21:02.0 +0100 +++ /var/tmp/diff_new_pack.UocdKr/_new 2016-02-12 11:21:02.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package cryptsetup # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,15 +18,15 @@ %define so_ver 4 Name: cryptsetup -Version:1.6.8 +Version:1.7.0 Release:0 Summary:Set Up dm-crypt Based Encrypted Block Devices License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+ Group: System/Base Url:https://gitlab.com/cryptsetup/cryptsetup/ -Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-%{version}.tar.xz +Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-%{version}.tar.xz # GPG signature of the uncompressed tarball. -Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-%{version}.tar.sign +Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-%{version}.tar.sign Source2:baselibs.conf Source3:%{name}.keyring BuildRequires: device-mapper-devel ++ cryptsetup-1.6.8.tar.xz -> cryptsetup-1.7.0.tar.xz ++ 7555 lines of diff (skipped)
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2015-12-23 09:56:19 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is "cryptsetup" Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2015-10-20 16:21:30.0 +0200 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2015-12-23 09:56:20.0 +0100 @@ -1,0 +2,6 @@ +Thu Dec 10 16:05:57 CET 2015 - ti...@suse.de + +- Fix missing dependency on coreutils for initrd macros (boo#958562) +- Call missing initrd macro at postun (boo#958562) + +--- Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.S0LEkI/_old 2015-12-23 09:56:21.0 +0100 +++ /var/tmp/diff_new_pack.S0LEkI/_new 2015-12-23 09:56:21.0 +0100 @@ -41,6 +41,8 @@ BuildRequires: pkgconfig BuildRequires: popt-devel BuildRequires: suse-module-tools +Requires(post): coreutils +Requires(postun): coreutils BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -135,6 +137,9 @@ %{?regenerate_initrd_post} +%postun +%{?regenerate_initrd_post} + %posttrans %{?regenerate_initrd_posttrans}
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2015-04-21 12:02:13 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is cryptsetup Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2015-04-10 09:44:58.0 +0200 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2015-04-21 12:02:13.0 +0200 @@ -1,0 +2,11 @@ +Sun Apr 12 18:45:26 UTC 2015 - crrodrig...@opensuse.org + +- Enable verbose build log. + +--- +Sun Apr 12 18:41:39 UTC 2015 - crrodrig...@opensuse.org + +- regenerate the initrd if cryptsetup tool changes + (wanted by 90crypt dracut module) + +--- Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.glhp2g/_old 2015-04-21 12:02:14.0 +0200 +++ /var/tmp/diff_new_pack.glhp2g/_new 2015-04-21 12:02:14.0 +0200 @@ -40,6 +40,7 @@ BuildRequires: linux-glibc-devel = 2.6.38 BuildRequires: pkgconfig BuildRequires: popt-devel +BuildRequires: suse-module-tools BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -93,7 +94,7 @@ --enable-fips \ --enable-pwquality \ --enable-gcrypt-pbkdf2 -make %{?_smp_mflags} +make %{?_smp_mflags} V=1 %install # Generate HMAC checksums (FIPS) @@ -132,6 +133,11 @@ fi fi +%{?regenerate_initrd_post} + +%posttrans +%{?regenerate_initrd_posttrans} + %post -n libcryptsetup%{so_ver} -p /sbin/ldconfig %postun -n libcryptsetup%{so_ver} -p /sbin/ldconfig
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2014-09-17 21:24:38 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is cryptsetup Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2014-08-27 22:18:09.0 +0200 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2014-09-17 21:24:54.0 +0200 @@ -1,0 +2,17 @@ +Sun Sep 14 21:50:33 UTC 2014 - asterios.dra...@gmail.com + +- version 1.6.6 + * LUKS: Fix keyslot device access for devices which +do not support direct IO operations. (Regression in 1.6.5.) + * LUKS: Fallback to old temporary keyslot device mapping method +if hash (for ESSIV) is not supported by userspace crypto +library. (Regression in 1.6.5.) + * Properly activate device with discard (TRIM for SSDs) +if requested even if dm_crypt module is not yet loaded. +Only if discard is not supported by the old kernel then +the discard option is ignored. + * Fix some static analysis build warnings (scan-build). + * Report crypto lib version only once (and always add kernel +version) in debug output. + +--- Old: cryptsetup-1.6.5.tar.sign cryptsetup-1.6.5.tar.xz New: cryptsetup-1.6.6.tar.sign cryptsetup-1.6.6.tar.xz Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.1rB7hC/_old 2014-09-17 21:24:56.0 +0200 +++ /var/tmp/diff_new_pack.1rB7hC/_new 2014-09-17 21:24:56.0 +0200 @@ -19,7 +19,7 @@ %define so_ver 4 Name: cryptsetup -Version:1.6.5 +Version:1.6.6 Release:0 Summary:Set Up dm-crypt Based Encrypted Block Devices License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+ @@ -154,7 +154,7 @@ %defattr(-,root,root) %{_libdir}/libcryptsetup.so.%{so_ver}* -%files -n libcryptsetup4-hmac +%files -n libcryptsetup%{so_ver}-hmac %defattr(-,root,root) %{_libdir}/.libcryptsetup.so.%{so_ver}*hmac ++ cryptsetup-1.6.5.tar.xz - cryptsetup-1.6.6.tar.xz ++ 7557 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2014-08-27 22:18:06 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is cryptsetup Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2014-08-15 09:55:26.0 +0200 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2014-08-27 22:18:09.0 +0200 @@ -1,0 +2,5 @@ +Fri Aug 22 12:02:56 UTC 2014 - meiss...@suse.com + +- Use --enable-gcrypt-pbkdf2 to use the PBKDFv2 method from libgcrypt. + +--- Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.qkgyV9/_old 2014-08-27 22:18:10.0 +0200 +++ /var/tmp/diff_new_pack.qkgyV9/_new 2014-08-27 22:18:10.0 +0200 @@ -92,7 +92,8 @@ %configure --enable-cryptsetup-reencrypt \ --enable-selinux \ --enable-fips \ - --enable-pwquality + --enable-pwquality \ + --enable-gcrypt-pbkdf2 make %{?_smp_mflags} %install -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2014-08-15 09:55:25 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is cryptsetup Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2014-07-13 17:15:28.0 +0200 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2014-08-15 09:55:26.0 +0200 @@ -0,0 +1,32 @@ +--- +Tue Aug 12 16:34:04 UTC 2014 - asterios.dra...@gmail.com + +- version 1.6.5 + * Allow LUKS header operation handling without requiring root privilege. +It means that you can manipulate with keyslots as a regular user, only +write access to device (or image) is required. + * Fix internal PBKDF2 key derivation function implementation for alternative +crypto backends (kernel, NSS) which do not support PBKDF2 directly and have +issues with longer HMAC keys. + * Support for Python3 for simple Python binding. +Python = 2.6 is now required. You can set Python compiled version by setting +--with-python_version configure option (together with --enable-python). + * Use internal PBKDF2 in Nettle library for Nettle crypto backend. +Cryptsetup compilation requires Nettle = 2.6 (if using Nettle crypto backend). + * Allow simple status of crypt device without providing metadata header. +The command cryptsetup status will print basic info, even if you +do not provide detached header argument. + * Allow to specify ECB mode in cryptsetup benchmark. + * Add some LUKS images for regression testing. +Note that if image with Whirlpool fails, the most probable cause is that +you have old gcrypt library with flawed whirlpool hash. +Read FAQ section 8.3 for more info. +- Removed e2fsprogs-devel and libtool build requirements (not needed). +- Added libpwquality-devel and libuuid-devel build requirements. + +--- +Mon Aug 11 15:21:03 UTC 2014 - meiss...@suse.com + +- libcryptsetup4-hmac split off contain the hmac for FIPS certification + +--- Old: cryptsetup-1.6.4.tar.sign cryptsetup-1.6.4.tar.xz New: cryptsetup-1.6.5.tar.sign cryptsetup-1.6.5.tar.xz Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.ojQ3Ne/_old 2014-08-15 09:55:27.0 +0200 +++ /var/tmp/diff_new_pack.ojQ3Ne/_new 2014-08-15 09:55:27.0 +0200 @@ -16,31 +16,32 @@ # +%define so_ver 4 + Name: cryptsetup -Url:http://code.google.com/p/cryptsetup/ -Version:1.6.4 +Version:1.6.5 Release:0 Summary:Set Up dm-crypt Based Encrypted Block Devices License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+ Group: System/Base - -Source: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-%{version}.tar.xz -# this is the signature of the uncompressed tarball +Url:http://code.google.com/p/cryptsetup/ +Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-%{version}.tar.xz +# GPG signature of the uncompressed tarball. Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-%{version}.tar.sign Source2:baselibs.conf Source3:%{name}.keyring -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: device-mapper-devel -BuildRequires: e2fsprogs-devel BuildRequires: fipscheck BuildRequires: fipscheck-devel BuildRequires: libgcrypt-devel +BuildRequires: libpwquality-devel BuildRequires: libselinux-devel -BuildRequires: libtool +BuildRequires: libuuid-devel # 2.6.38 has the required if_alg.h BuildRequires: linux-glibc-devel = 2.6.38 BuildRequires: pkgconfig BuildRequires: popt-devel +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description cryptsetup is used to conveniently set up dm-crypt based device-mapper @@ -49,25 +50,33 @@ includes support for automatically setting up encrypted volumes at boot time via the config file /etc/crypttab. -%package -n libcryptsetup4 +%package -n libcryptsetup%{so_ver} Summary:Set Up dm-crypt Based Encrypted Block Devices -Group: System/Base +Group: System/Libraries -%description -n libcryptsetup4 +%description -n libcryptsetup%{so_ver} cryptsetup is used to conveniently set up dm-crypt based device-mapper targets. It allows to set up targets to read cryptoloop compatible volumes as well as LUKS formatted ones. The package additionally includes
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2014-07-13 17:15:27 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is cryptsetup Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2014-04-26 17:01:56.0 +0200 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2014-07-13 17:15:28.0 +0200 @@ -0,0 +1,25 @@ +Tue May 27 14:38:57 UTC 2014 - meiss...@suse.com + +- version 1.6.4 + - new tarball / signature location + * Implement new erase (with alias luksErase) command. + * Add internal whirlpool_gcryptbug hash for accessing flawed +Whirlpool hash in gcrypt (requires gcrypt 1.6.1 or above). + * Allow to use --disable-gcrypt-pbkdf2 during configuration +to force use internal PBKDF2 code. + * Require gcrypt 1.6.1 for imported implementation of PBKDF2 +(PBKDF2 in gcrypt 1.6.0 is too slow). + * Add --keep-key to cryptsetup-reencrypt. + * By default verify new passphrase in luksChangeKey and luksAddKey +commands (if input is from terminal). + * Fix memory leak in Nettle crypto backend. + * Support --tries option even for TCRYPT devices in cryptsetup. + * Support --allow-discards option even for TCRYPT devices. +(Note that this could destroy hidden volume and it is not suggested +by original TrueCrypt security model.) + * Link against -lrt for clock_gettime to fix undefined reference +to clock_gettime error (introduced in 1.6.2). + * Fix misleading error message when some algorithms are not available. + * Count system time in PBKDF2 benchmark if kernel returns no self +usage info. + Old: cryptsetup-1.6.3.tar.bz2 cryptsetup-1.6.3.tar.bz2.asc New: cryptsetup-1.6.4.tar.sign cryptsetup-1.6.4.tar.xz Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.ALFTz5/_old 2014-07-13 17:15:29.0 +0200 +++ /var/tmp/diff_new_pack.ALFTz5/_new 2014-07-13 17:15:29.0 +0200 @@ -18,19 +18,22 @@ Name: cryptsetup Url:http://code.google.com/p/cryptsetup/ -Version:1.6.3 +Version:1.6.4 Release:0 Summary:Set Up dm-crypt Based Encrypted Block Devices License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+ Group: System/Base -Source: http://cryptsetup.googlecode.com/files/cryptsetup-%version.tar.bz2 -Source1: http://cryptsetup.googlecode.com/files/cryptsetup-%version.tar.bz2.asc +Source: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-%{version}.tar.xz +# this is the signature of the uncompressed tarball +Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-%{version}.tar.sign Source2:baselibs.conf Source3:%{name}.keyring BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: device-mapper-devel BuildRequires: e2fsprogs-devel +BuildRequires: fipscheck +BuildRequires: fipscheck-devel BuildRequires: libgcrypt-devel BuildRequires: libselinux-devel BuildRequires: libtool @@ -84,10 +87,18 @@ %configure \ --disable-static --enable-shared \ --enable-cryptsetup-reencrypt \ - --enable-selinux + --enable-selinux --enable-fips make %{?_smp_mflags} %install +# Generate HMAC checksums (FIPS) +%define __spec_install_post \ + %{?__debug_package:%{__debug_install_post}} \ + %{__arch_install_post} \ + %{__os_install_post} \ + fipshmac %{buildroot}/%{_libdir}/libcryptsetup.so.* \ +%{nil} + make install DESTDIR=$RPM_BUILD_ROOT install -d -m 755 $RPM_BUILD_ROOT/sbin ln -s ..%{_sbindir}/cryptsetup $RPM_BUILD_ROOT/sbin @@ -96,8 +107,6 @@ # %find_lang %name --all-name -%pre - %post test -n $FIRST_ARG || FIRST_ARG=$1 # @@ -137,6 +146,7 @@ %files -n libcryptsetup4 %defattr(-,root,root) /%{_libdir}/libcryptsetup.so.4* +/%{_libdir}/.libcryptsetup.so.4*hmac %files -n libcryptsetup-devel %defattr(-,root,root) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2014-04-26 17:01:54 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is cryptsetup Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2013-12-19 12:39:35.0 +0100 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2014-04-26 17:01:56.0 +0200 @@ -1,0 +2,6 @@ +Wed Apr 23 16:08:09 UTC 2014 - dmuel...@suse.com + +- remove dependency on gpg-offline (source_validator already + checks for gpg integrity) + +--- Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.mwUEt6/_old 2014-04-26 17:01:57.0 +0200 +++ /var/tmp/diff_new_pack.mwUEt6/_new 2014-04-26 17:01:57.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package cryptsetup # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -31,9 +31,6 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: device-mapper-devel BuildRequires: e2fsprogs-devel -%if 0%{?suse_version} 1220 -BuildRequires: gpg-offline -%endif BuildRequires: libgcrypt-devel BuildRequires: libselinux-devel BuildRequires: libtool @@ -77,9 +74,6 @@ time via the config file /etc/crypttab. %prep -%if 0%{?gpg_verify:1} -%gpg_verify %{S:1} -%endif %setup -q %build -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2013-12-19 12:39:34 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is cryptsetup Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2013-08-30 11:33:19.0 +0200 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2013-12-19 12:39:35.0 +0100 @@ -1,0 +2,10 @@ +Sun Dec 15 20:04:00 UTC 2013 - crrodrig...@opensuse.org + +- version 1.6.3 +* Fix cryptsetup reencryption tool to work properly + with devices using 4kB sectors. +* Rewrite cipher benchmark loop which was unreliable on very fast machines. +* Support activation of old TrueCrypt containers (requires kernel 3.13) +* Other bugfixes. + +--- Old: cryptsetup-1.6.2.tar.bz2 cryptsetup-1.6.2.tar.bz2.asc New: cryptsetup-1.6.3.tar.bz2 cryptsetup-1.6.3.tar.bz2.asc Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.dUTbvg/_old 2013-12-19 12:39:36.0 +0100 +++ /var/tmp/diff_new_pack.dUTbvg/_new 2013-12-19 12:39:36.0 +0100 @@ -18,7 +18,7 @@ Name: cryptsetup Url:http://code.google.com/p/cryptsetup/ -Version:1.6.2 +Version:1.6.3 Release:0 Summary:Set Up dm-crypt Based Encrypted Block Devices License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+ ++ cryptsetup-1.6.2.tar.bz2 - cryptsetup-1.6.3.tar.bz2 ++ 29746 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2013-08-30 11:33:17 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is cryptsetup Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2013-07-03 16:29:39.0 +0200 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2013-08-30 11:33:19.0 +0200 @@ -1,0 +2,11 @@ +Sun Aug 4 20:54:31 UTC 2013 - crrodrig...@opensuse.org + +- cryptsetup 1.6.2 +* Print error and fail if more device arguments + are present for isLuks command. +* Fix cipher specification string parsing +(found by gcc -fsanitize=address option). +* Try to map TCRYPT system encryption through partitions +* Workaround for some recent changes in automake + +--- Old: cryptsetup-1.6.1.tar.bz2 cryptsetup-1.6.1.tar.bz2.asc New: cryptsetup-1.6.2.tar.bz2 cryptsetup-1.6.2.tar.bz2.asc Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.qgL5Fn/_old 2013-08-30 11:33:20.0 +0200 +++ /var/tmp/diff_new_pack.qgL5Fn/_new 2013-08-30 11:33:20.0 +0200 @@ -18,7 +18,7 @@ Name: cryptsetup Url:http://code.google.com/p/cryptsetup/ -Version:1.6.1 +Version:1.6.2 Release:0 Summary:Set Up dm-crypt Based Encrypted Block Devices License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+ @@ -87,9 +87,6 @@ %{?suse_update_config:%{suse_update_config}} autoreconf -f -i test -e po/Makevars || cp po/Makevars.template po/Makevars -# remove for version 1.6.1 ## -export CFLAGS=%optflags -DHAVE_ENDIAN_H -DHAVE_BYTESWAP_H - %configure \ --disable-static --enable-shared \ --enable-cryptsetup-reencrypt \ ++ cryptsetup-1.6.1.tar.bz2 - cryptsetup-1.6.2.tar.bz2 ++ 21017 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2013-07-03 16:29:37 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is cryptsetup Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2013-03-26 14:05:45.0 +0100 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2013-07-03 16:29:39.0 +0200 @@ -1,0 +2,14 @@ +Tue Jul 2 18:53:21 UTC 2013 - crrodrig...@opensuse.org + +- cryptsetup 1.6.1 + * Fix loop-AES keyfile parsing. + * Fix passphrase pool overflow for too long TCRYPT passphrase. + * Fix deactivation of device when failed underlying node disappeared. + +- There is a bug in the released tarball, due to HAVE_BYTESWAP_H + and HAVE_ENDIAN_H not properly handled by the buildsystem. A + patch with permanent solution was sent and accepted upstream + and will appear in the next release, for now an spec file workaround + is in place, remove in the next update. + +--- Old: cryptsetup-1.6.0.tar.bz2 cryptsetup-1.6.0.tar.bz2.asc New: cryptsetup-1.6.1.tar.bz2 cryptsetup-1.6.1.tar.bz2.asc Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.w2NN6U/_old 2013-07-03 16:29:40.0 +0200 +++ /var/tmp/diff_new_pack.w2NN6U/_new 2013-07-03 16:29:40.0 +0200 @@ -18,7 +18,7 @@ Name: cryptsetup Url:http://code.google.com/p/cryptsetup/ -Version:1.6.0 +Version:1.6.1 Release:0 Summary:Set Up dm-crypt Based Encrypted Block Devices License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+ @@ -87,6 +87,9 @@ %{?suse_update_config:%{suse_update_config}} autoreconf -f -i test -e po/Makevars || cp po/Makevars.template po/Makevars +# remove for version 1.6.1 ## +export CFLAGS=%optflags -DHAVE_ENDIAN_H -DHAVE_BYTESWAP_H + %configure \ --disable-static --enable-shared \ --enable-cryptsetup-reencrypt \ ++ cryptsetup-1.6.0.tar.bz2 - cryptsetup-1.6.1.tar.bz2 ++ 8075 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2013-03-14 10:55:57 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is cryptsetup, Maintainer is lnus...@suse.com Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2012-12-21 14:32:59.0 +0100 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2013-03-14 10:55:58.0 +0100 @@ -1,0 +2,11 @@ +Tue Jan 15 13:17:57 UTC 2013 - lnus...@suse.de + +- version 1.6.0 + * Change LUKS default cipher to to use XTS encryption mode, + aes-xts-plain64 (i.e. using AES128-XTS). + * license change to GPL-2.0+ from GPL-1.0 + * new unified command open and close. + * direct support for TCRYPT (TrueCrypt and compatible tc-play) on-disk format + * new benchmark command + +--- Old: cryptsetup-1.5.1.tar.bz2 cryptsetup-1.5.1.tar.bz2.asc New: cryptsetup-1.6.0.tar.bz2 cryptsetup-1.6.0.tar.bz2.asc Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.05cHPs/_old 2013-03-14 10:56:00.0 +0100 +++ /var/tmp/diff_new_pack.05cHPs/_new 2013-03-14 10:56:00.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package cryptsetup # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,13 +23,15 @@ Url:http://code.google.com/p/cryptsetup/ BuildRequires: device-mapper-devel BuildRequires: e2fsprogs-devel +%if 0%{?suse_version} 1220 BuildRequires: gpg-offline +%endif BuildRequires: libgcrypt-devel BuildRequires: libselinux-devel BuildRequires: libtool BuildRequires: pkgconfig BuildRequires: popt-devel -Version:1.5.1 +Version:1.6.0 Release:0 #Release:%{?beta:0.}CI_CNT.B_CNT%{?beta:.}%{?beta} Summary:Set Up dm-crypt Based Encrypted Block Devices @@ -80,7 +82,9 @@ time via the config file /etc/crypttab. %prep +%if 0%{?gpg_verify:1} %gpg_verify %{S:1} +%endif %setup -n %name-%ver -q %build ++ cryptsetup-1.5.1.tar.bz2 - cryptsetup-1.6.0.tar.bz2 ++ 43604 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2012-12-21 14:32:57 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is cryptsetup, Maintainer is lnus...@suse.com Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2012-11-03 08:18:18.0 +0100 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2012-12-21 14:32:59.0 +0100 @@ -1,0 +2,24 @@ +Thu Dec 13 10:46:43 UTC 2012 - lnus...@suse.de + +- version 1.5.1: + * Added keyslot checker + * Add crypt_keyslot_area() API call. + * Optimize seek to keyfile-offset (Issue #135, thx to dreisner). + * Fix luksHeaderBackup for very old v1.0 unaligned LUKS headers. + * Allocate loop device late (only when real block device needed). + * Rework underlying device/file access functions. + * Create hash image if doesn't exist in veritysetup format. + * Provide better error message if running as non-root user (device-mapper, loop). + +--- +Wed Dec 12 16:00:29 UTC 2012 - lnus...@suse.de + +- split off hashalot and boot.crypto +- move to /usr + +--- +Tue Nov 20 18:41:11 CET 2012 - sbra...@suse.cz + +- Verify GPG signature. + +--- Old: boot.crypto-0_201206151440.tar.bz2 bug-476290_hashalot-hashlen.diff cryptsetup-1.5.0.tar.bz2 cryptsetup-1.5.0.tar.bz2.asc cryptsetup-mktar hashalot-0.3.tar.bz2 hashalot-ctrl-d.diff hashalot-fixes.diff hashalot-glibc210.diff hashalot-libgcrypt.diff hashalot-manpage.diff hashalot-timeout.diff New: cryptsetup-1.5.1.tar.bz2 cryptsetup-1.5.1.tar.bz2.asc cryptsetup.keyring Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.ty6ACN/_old 2012-12-21 14:33:01.0 +0100 +++ /var/tmp/diff_new_pack.ty6ACN/_new 2012-12-21 14:33:01.0 +0100 @@ -23,16 +23,13 @@ Url:http://code.google.com/p/cryptsetup/ BuildRequires: device-mapper-devel BuildRequires: e2fsprogs-devel +BuildRequires: gpg-offline BuildRequires: libgcrypt-devel BuildRequires: libselinux-devel BuildRequires: libtool BuildRequires: pkgconfig BuildRequires: popt-devel -# hashalot version -%define haver 0.3 -# boot.crypto version -%define bcver 0_201206151440 -Version:1.5.0 +Version:1.5.1 Release:0 #Release:%{?beta:0.}CI_CNT.B_CNT%{?beta:.}%{?beta} Summary:Set Up dm-crypt Based Encrypted Block Devices @@ -41,26 +38,8 @@ Source: http://cryptsetup.googlecode.com/files/cryptsetup-%{ver}.tar.bz2 Source1: http://cryptsetup.googlecode.com/files/cryptsetup-%{ver}.tar.bz2.asc Source2:baselibs.conf -Source10: hashalot-%haver.tar.bz2 -# git://gitorious.org/opensuse/boot_crypto.git -Source20: boot.crypto-%{bcver}.tar.bz2 -# use this to create the tarball from svn -Source99: cryptsetup-mktar -#Patch0: cryptsetup-svn131-noascii.diff -Patch10:hashalot-fixes.diff -Patch11:hashalot-libgcrypt.diff -Patch12:hashalot-ctrl-d.diff -Patch13:hashalot-timeout.diff -Patch14:hashalot-manpage.diff -Patch15:bug-476290_hashalot-hashlen.diff -Patch16:hashalot-glibc210.diff +Source3:%{name}.keyring BuildRoot: %{_tmppath}/%{name}-%{version}-build -Provides: aaa_base:/etc/init.d/boot.crypto -Obsoletes: util-linux-crypto = 2.12r -# we need losetup -Requires: util-linux -PreReq: %fillup_prereq %insserv_prereq -PreReq: coreutils diffutils %description cryptsetup is used to conveniently set up dm-crypt based device-mapper @@ -101,20 +80,8 @@ time via the config file /etc/crypttab. %prep -%setup -n %name-%ver -q -b 10 -b 20 -#patch0 -p1 -pushd ../hashalot-%haver -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 -popd -pushd ../boot.crypto-%bcver -#patch20 -p1 -popd +%gpg_verify %{S:1} +%setup -n %name-%ver -q %build # cryptsetup build @@ -122,61 +89,24 @@ autoreconf -f -i test -e po/Makevars || cp po/Makevars.template po/Makevars %configure \ - --libdir=/%_lib \ - --bindir=/sbin --sbindir=/sbin \ --disable-static --enable-shared \ --enable-cryptsetup-reencrypt \ --enable-selinux make %{?_smp_mflags} -# -# hashalot build -pushd ../hashalot-%haver -autoreconf -f -i
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2012-11-03 08:18:17 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is cryptsetup, Maintainer is lnus...@suse.com Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2012-09-17 13:49:58.0 +0200 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2012-11-03 08:18:18.0 +0100 @@ -1,0 +2,5 @@ +Tue Sep 25 11:40:07 UTC 2012 - fcro...@suse.com + +- Remove crypttab manpage, it is now provided by systemd. + +--- Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.UA2FFi/_old 2012-11-03 08:18:20.0 +0100 +++ /var/tmp/diff_new_pack.UA2FFi/_new 2012-11-03 08:18:20.0 +0100 @@ -160,6 +160,9 @@ # %find_lang %name --all-name +# systemd is now providing cryptsetup manpage +rm -f $RPM_BUILD_ROOT%_mandir/man5/crypttab.5* + %pre # hack to catch update case from aaa_base/util-linux-crypto if [ -f /etc/init.d/boot.d/S??boot.crypto ]; then @@ -222,7 +225,6 @@ %_mandir/man8/cryptsetup.8.gz %_mandir/man8/cryptsetup-reencrypt.8.gz %_mandir/man8/veritysetup.8.gz -%_mandir/man5/crypttab.5.gz %_mandir/man5/cryptotab.5.gz /lib/cryptsetup -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2012-09-17 13:48:24 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is cryptsetup, Maintainer is lnus...@suse.com Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2012-07-10 13:39:52.0 +0200 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2012-09-17 13:49:58.0 +0200 @@ -1,0 +2,24 @@ +Wed Aug 1 13:37:04 UTC 2012 - lnus...@suse.de + +- version 1.5.0: + * Add --device-size option for reencryption tool. + * Switch to use unit suffix for --reduce-device-size option. + * Remove open device debugging feature (no longer needed). + * Introduce cryptsetup-reencrypt - experimental offline LUKS reencryption tool. + * Fix luks-header-from-active script (do not use LUKS header on-disk, add UUID). + * Add --test-passphrase option for luksOpen (check passphrase only). + * Introduce veritysetup for dm-verity target management. + * Both data and header device can now be a file. + * Loop is automatically allocated in crypt_set_data_device(). + * Require only up to last keyslot area for header device (ignore data offset). + * Fix header backup and restore to work on files with large data offset. + * Fix readonly activation if underlying device is readonly (1.4.0). + * Fix keyslot removal (wipe keyslot) for device with 4k hw block (1.4.0). + * Allow empty cipher (cipher_null) for testing. + * Fix loop mapping on readonly file. + * Relax --shared test, allow mapping even for overlapping segments. + * Support shared flag for LUKS devices (dangerous). + * Switch on retry on device remove for libdevmapper. + * Allow private activation (skip some udev global rules) flag. + +--- Old: cryptsetup-1.4.2.tar.bz2 cryptsetup-1.4.2.tar.bz2.asc New: cryptsetup-1.5.0.tar.bz2 cryptsetup-1.5.0.tar.bz2.asc Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.hSccNv/_old 2012-09-17 13:49:59.0 +0200 +++ /var/tmp/diff_new_pack.hSccNv/_new 2012-09-17 13:49:59.0 +0200 @@ -32,7 +32,7 @@ %define haver 0.3 # boot.crypto version %define bcver 0_201206151440 -Version:1.4.2 +Version:1.5.0 Release:0 #Release:%{?beta:0.}CI_CNT.B_CNT%{?beta:.}%{?beta} Summary:Set Up dm-crypt Based Encrypted Block Devices @@ -125,6 +125,7 @@ --libdir=/%_lib \ --bindir=/sbin --sbindir=/sbin \ --disable-static --enable-shared \ + --enable-cryptsetup-reencrypt \ --enable-selinux make %{?_smp_mflags} # @@ -213,10 +214,14 @@ /lib/mkinitrd/scripts/setup-luks_final.sh /usr/sbin/convert_cryptotab /sbin/cryptsetup +/sbin/veritysetup /sbin/hashalot /sbin/rccrypto +/sbin/cryptsetup-reencrypt %_mandir/man1/hashalot.1.gz %_mandir/man8/cryptsetup.8.gz +%_mandir/man8/cryptsetup-reencrypt.8.gz +%_mandir/man8/veritysetup.8.gz %_mandir/man5/crypttab.5.gz %_mandir/man5/cryptotab.5.gz /lib/cryptsetup ++ cryptsetup-1.4.2.tar.bz2 - cryptsetup-1.5.0.tar.bz2 ++ 33868 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2012-06-15 19:39:02 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is cryptsetup, Maintainer is lnus...@suse.com Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2012-04-17 21:58:11.0 +0200 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2012-06-15 19:39:04.0 +0200 @@ -1,0 +2,7 @@ +Fri Jun 15 12:41:00 UTC 2012 - lnus...@suse.de + +- boot.crypto: + * update man page to mention systemd and wiki article + * sanitize dm target names (bnc#716240) + +--- Old: boot.crypto-0_201204171450.tar.bz2 New: boot.crypto-0_201206151440.tar.bz2 Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.B6nRl7/_old 2012-06-15 19:39:06.0 +0200 +++ /var/tmp/diff_new_pack.B6nRl7/_new 2012-06-15 19:39:06.0 +0200 @@ -27,7 +27,7 @@ # hashalot version %define haver 0.3 # boot.crypto version -%define bcver 0_201204171450 +%define bcver 0_201206151440 License:GPL-2.0+ Group: System/Base Version:1.4.2 ++ boot.crypto-0_201204171450.tar.bz2 - boot.crypto-0_201206151440.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/boot.crypto-0_201204171450/crypttab.5 new/boot.crypto-0_201206151440/crypttab.5 --- old/boot.crypto-0_201204171450/crypttab.5 2012-04-17 14:50:27.0 +0200 +++ new/boot.crypto-0_201206151440/crypttab.5 2012-06-15 14:40:42.0 +0200 @@ -1,22 +1,13 @@ '\ t .\ Title: crypttab .\Author: [see the AUTHOR section] -.\ Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\ Date: 11/24/2011 +.\ Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/ +.\ Date: 06/15/2012 .\Manual: Cryptsetup Manual .\Source: cryptsetup .\ Language: English .\ -.TH CRYPTTAB 5 11/24/2011 cryptsetup Cryptsetup Manual -.\ - -.\ * Define some portability stuff -.\ - -.\ ~ -.\ http://bugs.debian.org/507673 -.\ http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\ ~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' +.TH CRYPTTAB 5 06/15/2012 cryptsetup Cryptsetup Manual .\ - .\ * set default formatting .\ - @@ -127,6 +118,8 @@ \...] .RE .SH OPTIONS +.sp +Note: the options listed here refer to boot\.crypto as used by sysvinit\. Systemd has a separate implementation that does not support all options\. .PP \fBcipher\fR=cipher .RS 4 @@ -345,7 +338,7 @@ .RE .SH SEE ALSO .sp -cryptsetup(8), /etc/crypttab, fstab(8) +cryptsetup(8), /etc/crypttab, fstab(8), http://en\.opensuse\.org/Encrypted_Filesystems .SH AUTHOR .sp Manual page converted to asciidoc by Michael Gebetsroither michael\.geb@gmx\.at\. Originally written by Bastian Kleineidam calvin@debian\.org for the Debian distribution of cryptsetup\. Improved by Jonas Meurer jonas@freesources\.org\. Modified for SUSE Linux by Ludwig Nussel ludwig\.nussel@suse\.de\. Parts of this manual were taken and adapted from the fstab(5) manual page\. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/boot.crypto-0_201204171450/crypttab.5.txt new/boot.crypto-0_201206151440/crypttab.5.txt --- old/boot.crypto-0_201204171450/crypttab.5.txt 2012-04-17 14:50:27.0 +0200 +++ new/boot.crypto-0_201206151440/crypttab.5.txt 2012-06-15 14:40:42.0 +0200 @@ -60,6 +60,10 @@ OPTIONS --- +Note: the options listed here refer to boot.crypto as used by +sysvinit. Systemd has a separate implementation that does not +support all options. + *cipher*=cipher:: Encryption algorithm. See *cryptsetup -c*. Ignored for LUKS volumes. @@ -219,7 +223,7 @@ SEE ALSO -cryptsetup(8), /etc/crypttab, fstab(8) +cryptsetup(8), /etc/crypttab, fstab(8), http://en.opensuse.org/Encrypted_Filesystems AUTHOR diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/boot.crypto-0_201204171450/mkinitrd/boot-luks.sh new/boot.crypto-0_201206151440/mkinitrd/boot-luks.sh --- old/boot.crypto-0_201204171450/mkinitrd/boot-luks.sh2012-04-17
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2012-04-17 21:57:44 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is cryptsetup, Maintainer is lnus...@suse.com Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2011-12-27 18:34:52.0 +0100 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2012-04-17 21:58:11.0 +0200 @@ -1,0 +2,31 @@ +Tue Apr 17 13:03:28 UTC 2012 - lnus...@suse.de + +- boot.crypto: + * prefer physdev from crypttab + * fix non-plymouth use + +--- +Mon Apr 16 12:08:30 UTC 2012 - lnus...@suse.de + +- new version 1.4.2 + * Fix header check to support old (cryptsetup 1.0.0) header alignment. (1.4.0) + * Add --keyfile-offset and --new-keyfile-offset parameters to API and CLI. + * Add repair command and crypt_repair() for known LUKS metadata problems repair. + * Allow to specify --align-payload only for luksFormat. + * Unify password verification option. + * Support password verification with quiet flag if possible. (1.2.0) + * Fix retry if entered passphrases (with verify option) do not match. + * Support UUID=LUKS_UUID format for device specification. + * Add --master-key-file option to luksOpen (open using volume key). + * Fix use of empty keyfile. + * Fix error message for luksClose and detached LUKS header. + * Allow --header for status command to get full info with detached header. + +--- +Mon Apr 16 09:56:40 UTC 2012 - lnus...@suse.de + +- boot.crypto: + * avoid warning about module 'kernel' (bnc#741468) + * incorporate plymouth support + +--- Old: boot.crypto-0_201110101134.tar.bz2 cryptsetup-1.4.1.tar.bz2 cryptsetup-1.4.1.tar.bz2.asc New: boot.crypto-0_201204171450.tar.bz2 cryptsetup-1.4.2.tar.bz2 cryptsetup-1.4.2.tar.bz2.asc Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.aXO1Xc/_old 2012-04-17 21:58:12.0 +0200 +++ /var/tmp/diff_new_pack.aXO1Xc/_new 2012-04-17 21:58:12.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package cryptsetup # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,18 +20,18 @@ %define ver %version%{?beta:-%beta} Name: cryptsetup -URL:http://code.google.com/p/cryptsetup/ +Url:http://code.google.com/p/cryptsetup/ BuildRequires: device-mapper-devel e2fsprogs-devel libgcrypt-devel popt-devel BuildRequires: libselinux-devel pkgconfig BuildRequires: libtool # hashalot version %define haver 0.3 # boot.crypto version -%define bcver 0_201110101134 +%define bcver 0_201204171450 License:GPL-2.0+ Group: System/Base -Version:1.4.1 -Release:2 +Version:1.4.2 +Release:1 #Release:%{?beta:0.}CI_CNT.B_CNT%{?beta:.}%{?beta} Summary:Set Up dm-crypt Based Encrypted Block Devices Source: http://cryptsetup.googlecode.com/files/cryptsetup-%{ver}.tar.bz2 ++ boot.crypto-0_201110101134.tar.bz2 - boot.crypto-0_201204171450.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/boot.crypto-0_201110101134/crypttab.5 new/boot.crypto-0_201204171450/crypttab.5 --- old/boot.crypto-0_201110101134/crypttab.5 2011-10-10 11:34:41.0 +0200 +++ new/boot.crypto-0_201204171450/crypttab.5 2012-04-17 14:50:27.0 +0200 @@ -1,13 +1,22 @@ '\ t .\ Title: crypttab .\Author: [see the AUTHOR section] -.\ Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/ -.\ Date: 02/02/2010 +.\ Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ +.\ Date: 11/24/2011 .\Manual: Cryptsetup Manual .\Source: cryptsetup .\ Language: English .\ -.TH CRYPTTAB 5 02/02/2010 cryptsetup Cryptsetup Manual +.TH CRYPTTAB 5 11/24/2011 cryptsetup Cryptsetup Manual +.\ - +.\ * Define some portability stuff +.\ - +.\ ~ +.\ http://bugs.debian.org/507673 +.\ http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2011-12-27 18:34:50 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is cryptsetup, Maintainer is lnus...@suse.com Changes: --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes2011-10-27 19:34:44.0 +0200 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes 2011-12-27 18:34:52.0 +0100 @@ -1,0 +2,11 @@ +Fri Dec 16 13:06:18 UTC 2011 - jeng...@medozas.de + +- Update to new upstream release 1.4.1 +* support for trim/discard +* The on-disk LUKS header can now be detached (e.g. placed on + separate device or in file) +* Support key-slot option for luksOpen (use only explicit keyslot) +* API: Removal of deprecated API from libcryptsetup (all functions + using struct crypt_options) + +--- Old: cryptsetup-1.3.1.tar.bz2 cryptsetup-1.3.1.tar.bz2.asc New: cryptsetup-1.4.1.tar.bz2 cryptsetup-1.4.1.tar.bz2.asc Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.9WGM80/_old 2011-12-27 18:34:54.0 +0100 +++ /var/tmp/diff_new_pack.9WGM80/_new 2011-12-27 18:34:54.0 +0100 @@ -20,7 +20,7 @@ %define ver %version%{?beta:-%beta} Name: cryptsetup -Url:http://code.google.com/p/cryptsetup/ +URL:http://code.google.com/p/cryptsetup/ BuildRequires: device-mapper-devel e2fsprogs-devel libgcrypt-devel popt-devel BuildRequires: libselinux-devel pkgconfig BuildRequires: libtool @@ -30,7 +30,7 @@ %define bcver 0_201110101134 License:GPL-2.0+ Group: System/Base -Version:1.3.1 +Version:1.4.1 Release:2 #Release:%{?beta:0.}CI_CNT.B_CNT%{?beta:.}%{?beta} Summary:Set Up dm-crypt Based Encrypted Block Devices @@ -65,12 +65,12 @@ includes support for automatically setting up encrypted volumes at boot time via the config file /etc/crypttab. -%package -n libcryptsetup1 +%package -n libcryptsetup4 License:GPL-2.0+ Summary:Set Up dm-crypt Based Encrypted Block Devices Group: System/Base -%description -n libcryptsetup1 +%description -n libcryptsetup4 cryptsetup is used to conveniently set up dm-crypt based device-mapper targets. It allows to set up targets to read cryptoloop compatible volumes as well as LUKS formatted ones. The package additionally @@ -84,7 +84,7 @@ # cryptsetup-devel last used 11.1 Provides: cryptsetup-devel = %{version} Obsoletes: cryptsetup-devel %{version} -Requires: libcryptsetup1 = %{version} +Requires: libcryptsetup4 = %{version} Requires: device-mapper-devel libgcrypt-devel libgpg-error-devel e2fsprogs-devel glibc-devel %description -n libcryptsetup-devel @@ -135,7 +135,7 @@ # move devel stuff to %%{libdir} rm -f $RPM_BUILD_ROOT/%{_lib}/libcryptsetup.so mkdir -p $RPM_BUILD_ROOT%{_libdir} -ln -s /%{_lib}/libcryptsetup.so.1 $RPM_BUILD_ROOT%{_libdir}/libcryptsetup.so +ln -s /%{_lib}/libcryptsetup.so.4 $RPM_BUILD_ROOT%{_libdir}/libcryptsetup.so mv $RPM_BUILD_ROOT/%_lib/pkgconfig $RPM_BUILD_ROOT/%_libdir # don't want this file in /lib (FHS compat check), and can't move it to /usr/lib rm -f $RPM_BUILD_ROOT/%_lib/*.la @@ -189,9 +189,9 @@ [ -x /sbin/mkinitrd_setup ] mkinitrd_setup %{insserv_cleanup} -%post -n libcryptsetup1 -p /sbin/ldconfig +%post -n libcryptsetup4 -p /sbin/ldconfig -%postun -n libcryptsetup1 -p /sbin/ldconfig +%postun -n libcryptsetup4 -p /sbin/ldconfig %files -f %name.lang %defattr(-,root,root) @@ -215,9 +215,9 @@ %_mandir/man5/cryptotab.5.gz /lib/cryptsetup -%files -n libcryptsetup1 +%files -n libcryptsetup4 %defattr(-,root,root) -/%_lib/libcryptsetup.so.1* +/%_lib/libcryptsetup.so.4* %files -n libcryptsetup-devel %defattr(-,root,root) ++ baselibs.conf ++ --- /var/tmp/diff_new_pack.9WGM80/_old 2011-12-27 18:34:54.0 +0100 +++ /var/tmp/diff_new_pack.9WGM80/_new 2011-12-27 18:34:54.0 +0100 @@ -1 +1 @@ -libcryptsetup1 +libcryptsetup4 ++ cryptsetup-1.3.1.tar.bz2 - cryptsetup-1.4.1.tar.bz2 ++ 29936 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2011-12-06 18:04:45 Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new (New) Package is cryptsetup, Maintainer is lnus...@suse.com Changes: Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.EFZfND/_old 2011-12-06 18:07:37.0 +0100 +++ /var/tmp/diff_new_pack.EFZfND/_new 2011-12-06 18:07:37.0 +0100 @@ -28,7 +28,7 @@ %define haver 0.3 # boot.crypto version %define bcver 0_201110101134 -License:GPLv2+ +License:GPL-2.0+ Group: System/Base Version:1.3.1 Release:2 @@ -66,7 +66,7 @@ time via the config file /etc/crypttab. %package -n libcryptsetup1 -License:GPLv2+ +License:GPL-2.0+ Summary:Set Up dm-crypt Based Encrypted Block Devices Group: System/Base @@ -78,7 +78,7 @@ time via the config file /etc/crypttab. %package -n libcryptsetup-devel -License:GPLv2+ +License:GPL-2.0+ Summary:Set Up dm-crypt Based Encrypted Block Devices Group: Development/Libraries/C and C++ # cryptsetup-devel last used 11.1 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at Mon Oct 3 09:15:17 CEST 2011. --- openSUSE:Factory/cryptsetup/cryptsetup.changes 2011-09-26 10:30:05.0 +0200 +++ cryptsetup/cryptsetup.changes 2011-09-30 22:11:10.0 +0200 @@ -1,0 +2,5 @@ +Fri Sep 30 20:07:51 UTC 2011 - co...@suse.com + +- add libtool as buildrequire to make the spec file more reliable + +--- calling whatdependson for head-i586 Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.qK1xjN/_old 2011-10-03 09:15:12.0 +0200 +++ /var/tmp/diff_new_pack.qK1xjN/_new 2011-10-03 09:15:12.0 +0200 @@ -23,6 +23,7 @@ Url:http://code.google.com/p/cryptsetup/ BuildRequires: device-mapper-devel e2fsprogs-devel libgcrypt-devel popt-devel BuildRequires: libselinux-devel pkgconfig +BuildRequires: libtool # hashalot version %define haver 0.3 # boot.crypto version continue with q... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at Mon May 30 09:29:46 CEST 2011. --- cryptsetup/cryptsetup.changes 2011-05-25 08:42:47.0 +0200 +++ /mounts/work_src_done/STABLE/cryptsetup/cryptsetup.changes 2011-05-27 15:21:11.0 +0200 @@ -1,0 +2,6 @@ +Fri May 27 13:20:27 UTC 2011 - lnus...@suse.de + +- boot.crypto: + * don't hard require boot.device-mapper in boot.crypto + +--- calling whatdependson for head-i586 Old: boot.crypto-0_201102170853.tar.bz2 New: boot.crypto-0_201105271519.tar.bz2 Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.WjyUIO/_old 2011-05-30 09:28:48.0 +0200 +++ /var/tmp/diff_new_pack.WjyUIO/_new 2011-05-30 09:28:48.0 +0200 @@ -27,12 +27,12 @@ # hashalot version %define haver 0.3 # boot.crypto version -%define bcver 0_201102170853 +%define bcver 0_201105271519 License:GPLv2+ Group: System/Base AutoReqProv:on Version:1.3.1 -Release:1 +Release:2 #Release:%{?beta:0.}CI_CNT.B_CNT%{?beta:.}%{?beta} Summary:Set Up dm-crypt Based Encrypted Block Devices Source: http://cryptsetup.googlecode.com/files/cryptsetup-%{ver}.tar.bz2 ++ boot.crypto-0_201102170853.tar.bz2 - boot.crypto-0_201105271519.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/boot.crypto-0_201102170853/boot.crypto new/boot.crypto-0_201105271519/boot.crypto --- old/boot.crypto-0_201102170853/boot.crypto 2011-02-17 08:53:08.0 +0100 +++ new/boot.crypto-0_201105271519/boot.crypto 2011-05-27 15:19:38.0 +0200 @@ -24,9 +24,9 @@ # ### BEGIN INIT INFO # Provides: boot.crypto -# Required-Start:boot.localfs boot.device-mapper +# Required-Start:boot.localfs # Should-Start: boot.crypto-early -# Required-Stop: boot.localfs boot.device-mapper +# Required-Stop: boot.localfs # Should-Stop: $null # Default-Start: B # Default-Stop: $null diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/boot.crypto-0_201102170853/boot.crypto-early new/boot.crypto-0_201105271519/boot.crypto-early --- old/boot.crypto-0_201102170853/boot.crypto-early2011-02-17 08:53:08.0 +0100 +++ new/boot.crypto-0_201105271519/boot.crypto-early2011-05-27 15:19:38.0 +0200 @@ -24,10 +24,10 @@ # ### BEGIN INIT INFO # Provides: boot.crypto-early -# Required-Start:boot.device-mapper +# Required-Start:boot.udev # X-Start-Before:boot.lvm boot.md boot.localfs # Should-Start: $null -# Required-Stop: boot.device-mapper +# Required-Stop: $null # Should-Stop: $null # Default-Start: B # Default-Stop: $null Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cryptsetup for openSUSE:Factory
Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at Thu May 26 10:29:59 CEST 2011. --- cryptsetup/cryptsetup.changes 2011-04-11 16:07:17.0 +0200 +++ /mounts/work_src_done/STABLE/cryptsetup/cryptsetup.changes 2011-05-25 08:42:47.0 +0200 @@ -1,0 +2,9 @@ +Wed May 25 06:42:03 UTC 2011 - lnus...@suse.de + +- new version 1.3.1: + * Fix keyfile=- processing in create command (regression in 1.3.0). + * Simplify device path status check (use /sys and do not scan /dev). + * Do not ignore device size argument for create command (regression in 1.2.0). + * Fix error paths in blockwise code and lseek_write call. + +--- calling whatdependson for head-i586 Old: cryptsetup-1.3.0.tar.bz2 cryptsetup-1.3.0.tar.bz2.asc New: cryptsetup-1.3.1.tar.bz2 cryptsetup-1.3.1.tar.bz2.asc Other differences: -- ++ cryptsetup.spec ++ --- /var/tmp/diff_new_pack.gOSoGU/_old 2011-05-26 10:25:14.0 +0200 +++ /var/tmp/diff_new_pack.gOSoGU/_new 2011-05-26 10:25:14.0 +0200 @@ -31,7 +31,7 @@ License:GPLv2+ Group: System/Base AutoReqProv:on -Version:1.3.0 +Version:1.3.1 Release:1 #Release:%{?beta:0.}CI_CNT.B_CNT%{?beta:.}%{?beta} Summary:Set Up dm-crypt Based Encrypted Block Devices ++ cryptsetup-1.3.0.tar.bz2 - cryptsetup-1.3.1.tar.bz2 ++ 28955 lines of diff (skipped) Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org