From: Karol Lewandowski Date: Thu, 16 Feb 2023 15:20:54 +0000 (+0100) Subject: Merge branch 'upstream' into tizen X-Git-Tag: accepted/tizen/7.0/unified/20230223.015628^2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=0b3fd9f5cb35951953ebcff15cc0af7c50858ca9;hp=-c;p=platform%2Fupstream%2Fcryptsetup.git Merge branch 'upstream' into tizen This commit upgrades cryptsetup to v2.3.7, which fixes CVE-2021-4122. Change-Id: I6713b388b25475e6f796368eca7ceadd600acccb --- 0b3fd9f5cb35951953ebcff15cc0af7c50858ca9 diff --combined configure.ac index c5d7c6c,e88be7a..8f74740 --- a/configure.ac +++ b/configure.ac @@@ -1,5 -1,5 +1,5 @@@ AC_PREREQ([2.67]) - AC_INIT([cryptsetup],[2.3.3]) + AC_INIT([cryptsetup],[2.3.7]) dnl library version from ..[-] LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-) @@@ -57,7 -57,6 +57,6 @@@ dnl =================================== AC_C_RESTRICT AC_HEADER_DIRENT - AC_HEADER_STDC AC_CHECK_HEADERS(fcntl.h malloc.h inttypes.h sys/ioctl.h sys/mman.h \ sys/sysmacros.h sys/statvfs.h ctype.h unistd.h locale.h byteswap.h endian.h stdint.h) AC_CHECK_DECLS([O_CLOEXEC],,[AC_DEFINE([O_CLOEXEC],[0], [Defined to 0 if not provided])], @@@ -146,6 -145,14 +145,14 @@@ AC_DEFUN([NO_FIPS], fi ]) + dnl LUKS2 online reencryption + AC_ARG_ENABLE([luks2-reencryption], + AS_HELP_STRING([--disable-luks2-reencryption], [disable LUKS2 online reencryption extension]), + [], [enable_luks2_reencryption=yes]) + if test "x$enable_luks2_reencryption" = "xyes"; then + AC_DEFINE(USE_LUKS2_REENCRYPTION, 1, [Use LUKS2 online reencryption extension]) + fi + dnl ========================================================================== dnl pwquality library (cryptsetup CLI only) AC_ARG_ENABLE([pwquality], @@@ -176,7 -183,15 +183,15 @@@ AC_DEFINE_UNQUOTED([PASSWDQC_CONFIG_FIL if test "x$enable_passwdqc" = "xyes"; then AC_DEFINE(ENABLE_PASSWDQC, 1, [Enable password quality checking using passwdqc library]) - PASSWDQC_LIBS="-lpasswdqc" + saved_LIBS="$LIBS" + AC_SEARCH_LIBS([passwdqc_check], [passwdqc]) + case "$ac_cv_search_passwdqc_check" in + no) AC_MSG_ERROR([failed to find passwdqc_check]) ;; + -l*) PASSWDQC_LIBS="$ac_cv_search_passwdqc_check" ;; + *) PASSWDQC_LIBS= ;; + esac + AC_CHECK_FUNCS([passwdqc_params_free]) + LIBS="$saved_LIBS" fi if test "x$enable_pwquality$enable_passwdqc" = "xyesyes"; then @@@ -236,7 -251,7 +251,7 @@@ AC_DEFUN([CONFIGURE_GCRYPT], ]) AC_DEFUN([CONFIGURE_OPENSSL], [ - PKG_CHECK_MODULES([OPENSSL], [openssl >= 0.9.8],, + PKG_CHECK_MODULES([OPENSSL], [openssl1.1 >= 0.9.8],, AC_MSG_ERROR([You need openssl library.])) CRYPTO_CFLAGS=$OPENSSL_CFLAGS CRYPTO_LIBS=$OPENSSL_LIBS @@@ -596,7 -611,8 +611,8 @@@ CS_STR_WITH([loopaes-cipher], [cipher f CS_NUM_WITH([loopaes-keybits],[key length in bits for loop-AES mode], [256]) CS_NUM_WITH([keyfile-size-maxkb],[maximum keyfile size (in KiB)], [8192]) - CS_NUM_WITH([passphrase-size-max],[maximum keyfile size (in characters)], [512]) + CS_NUM_WITH([integrity-keyfile-size-maxkb],[maximum integritysetup keyfile size (in KiB)], [4]) + CS_NUM_WITH([passphrase-size-max],[maximum passphrase size (in characters)], [512]) CS_STR_WITH([verity-hash], [hash function for verity mode], [sha256]) CS_NUM_WITH([verity-data-block], [data block size for verity mode], [4096]) diff --combined lib/utils_loop.c index 681c123,9e68072..b5394de --- a/lib/utils_loop.c +++ b/lib/utils_loop.c @@@ -1,8 -1,8 +1,8 @@@ /* * loopback block device utilities * - * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2020 Milan Broz + * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2021 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@@ -33,9 -33,6 +33,9 @@@ # include /* for major, minor */ #endif #include +#ifdef HAVE_SYS_SYSMACROS_H +#include /* for major, minor */ +#endif #include "utils_loop.h" @@@ -237,8 -234,9 +237,9 @@@ static char *_sysfs_backing_file(const if (stat(loop, &st) || !S_ISBLK(st.st_mode)) return NULL; - snprintf(buf, sizeof(buf), "/sys/dev/block/%d:%d/loop/backing_file", - major(st.st_rdev), minor(st.st_rdev)); + if (snprintf(buf, sizeof(buf), "/sys/dev/block/%d:%d/loop/backing_file", + major(st.st_rdev), minor(st.st_rdev)) < 0) + return NULL; fd = open(buf, O_RDONLY); if (fd < 0) diff --combined packaging/cryptsetup.spec index 3662a88,0000000..0ebeaea mode 100644,000000..100644 --- a/packaging/cryptsetup.spec +++ b/packaging/cryptsetup.spec @@@ -1,122 -1,0 +1,122 @@@ +Name: cryptsetup +Summary: The cryptsetup - Version: 2.3.3 ++Version: 2.3.7 +Release: 1 +License: GPL-2.0+ +Group: Base/Device Management +URL: http://code.google.com/p/cryptsetup/ +Source0: %{name}-%{version}.tar.xz +Source1: cryptsetup.manifest + +BuildRequires: linux-kernel-headers +BuildRequires: device-mapper-devel +BuildRequires: libgpg-error-devel +BuildRequires: libgcrypt-devel +BuildRequires: libuuid-devel +BuildRequires: util-linux +BuildRequires: popt-devel +BuildRequires: automake +BuildRequires: gettext +BuildRequires: pkgconfig(json-c) +BuildRequires: pkgconfig(libssl1.1) +BuildRequires: pkgconfig(blkid) + +Requires: libgpg-error +Requires: device-mapper +Requires: libgcrypt + +%description +setup cryptographic volumes for dm-crypt (including LUKS extension) + +%package devel +Summary: The cryptsetup development package +Group: Development/Libraries +License: GPL-2.0+ +Requires: %{name} = %{version}-%{release} + +%description devel +cryptsetup development package + +%package locale +License: GPL-2.0+ +Summary: The cryptsetup locale package +Group: Base/Device Management +Requires: %{name} = %{version}-%{release} + +%description locale +locale package for cryptsetup + +%package doc +License: GPL-2.0+ +Summary: The cryptsetup doc package +Group: Base/Device Management +Requires: %{name} = %{version}-%{release} + +%description doc +doc package for cryptsetup + +%prep +%setup -q +cp %{SOURCE1} ./%{name}.manifest + +%build +cp %{SOURCE1} . + +chmod +x ./autogen.sh +./autogen.sh --prefix=%{_prefix} -localedir=%{_datarootdir}/locale -libdir=%{_libdir} \ + --disable-cryptsetup-reencrypt --disable-integritysetup + +make %{?jobs:-j%jobs} + +%install +rm -rf %{buildroot} +%make_install + +%clean + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%files +%manifest %{name}.manifest +%license COPYING.GPL-2.0+ +%{_libdir}/libcryptsetup.so.* +%{_prefix}/lib/tmpfiles.d/cryptsetup.conf +%{_sbindir}/cryptsetup +%{_sbindir}/veritysetup + +%files devel +%manifest %{name}.manifest +%license COPYING.GPL-2.0+ +%{_includedir}/libcryptsetup.h +%{_libdir}/libcryptsetup.so +%{_libdir}/pkgconfig/libcryptsetup.pc + +%files locale +%manifest %{name}.manifest +%license COPYING.GPL-2.0+ +%{_datarootdir}/locale/cs/LC_MESSAGES/cryptsetup.mo +%{_datarootdir}/locale/da/LC_MESSAGES/cryptsetup.mo +%{_datarootdir}/locale/de/LC_MESSAGES/cryptsetup.mo +%{_datarootdir}/locale/es/LC_MESSAGES/cryptsetup.mo +%{_datarootdir}/locale/fi/LC_MESSAGES/cryptsetup.mo +%{_datarootdir}/locale/fr/LC_MESSAGES/cryptsetup.mo +%{_datarootdir}/locale/id/LC_MESSAGES/cryptsetup.mo +%{_datarootdir}/locale/it/LC_MESSAGES/cryptsetup.mo +%{_datarootdir}/locale/ja/LC_MESSAGES/cryptsetup.mo +%{_datarootdir}/locale/nl/LC_MESSAGES/cryptsetup.mo +%{_datarootdir}/locale/pl/LC_MESSAGES/cryptsetup.mo +%{_datarootdir}/locale/pt_BR/LC_MESSAGES/cryptsetup.mo +%{_datarootdir}/locale/ru/LC_MESSAGES/cryptsetup.mo +%{_datarootdir}/locale/sr/LC_MESSAGES/cryptsetup.mo +%{_datarootdir}/locale/sv/LC_MESSAGES/cryptsetup.mo +%{_datarootdir}/locale/uk/LC_MESSAGES/cryptsetup.mo +%{_datarootdir}/locale/vi/LC_MESSAGES/cryptsetup.mo +%{_datarootdir}/locale/zh_CN/LC_MESSAGES/cryptsetup.mo + +%files doc +%manifest %{name}.manifest +%license COPYING.GPL-2.0+ +%{_mandir}/man8/cryptsetup.8.gz +%{_mandir}/man8/veritysetup.8.gz