Unsung Lee [Sat, 25 Nov 2023 12:14:47 +0000 (21:14 +0900)]
Makefile: Add security compiling option (RELRO, SC, and FORTIFY)
Add security compiling option in Makefile.am to support
RELRO, SC, and FORTIFY.
Change-Id: I5d6c052b897cc392d4c2a1f62a5ac60952c2927e
Signed-off-by: Unsung Lee <unsung.lee@samsung.com>
Karol Lewandowski [Wed, 23 Aug 2023 21:26:49 +0000 (23:26 +0200)]
packaging: Ensure LTO is disabled
Cryptsetup fails to link when LTO is enabled. Disable it, even
if project config would enable it globally.
Change-Id: I51b564fc921e3f7b09cd85ff3bb48a851f70bfe3
Stanislaw Wadas [Thu, 20 Jul 2023 10:03:57 +0000 (12:03 +0200)]
packaging: Adjust to new upstream version v2.6.1
- switch to openssl3 dependency in configure.ac
- adjust .spec after autogen.sh changes
- remove man pages due to lack of asciidoctor
Change-Id: I13d73aed86680c4ce2f4c8f02ed44b1794d5b813
Signed-off-by: Stanislaw Wadas <s.wadas@samsung.com>
Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>
Stanislaw Wadas [Thu, 20 Jul 2023 10:02:56 +0000 (12:02 +0200)]
Merge branch 'upstream' into tizen
This commit upgrades cryptsetup to v2.6.1, which uses openssl v3
Change-Id: I3d78b2485ebf215ff90bb4b8bfb5e512a3513c5f
Signed-off-by: Stanislaw Wadas <s.wadas@samsung.com>
Stanislaw Wadas [Thu, 20 Jul 2023 09:29:09 +0000 (11:29 +0200)]
Imported Upstream version 2.6.1
wchang kim [Thu, 29 Jun 2023 09:14:48 +0000 (18:14 +0900)]
Fixed the build error for riscv64 arch using gcc 13
Change-Id: Ia358276995c88d56b05019bc5575e4adfb6b1150
Karol Lewandowski [Fri, 17 Feb 2023 13:59:54 +0000 (13:59 +0000)]
Merge "Merge branch 'upstream' into tizen" into tizen
Karol Lewandowski [Thu, 16 Feb 2023 15:20:54 +0000 (16:20 +0100)]
Merge branch 'upstream' into tizen
This commit upgrades cryptsetup to v2.3.7, which fixes CVE-2021-4122.
Change-Id: I6713b388b25475e6f796368eca7ceadd600acccb
Karol Lewandowski [Thu, 16 Feb 2023 15:19:43 +0000 (16:19 +0100)]
Imported Upstream version 2.3.7
Karol Lewandowski [Wed, 9 Mar 2022 16:04:36 +0000 (17:04 +0100)]
packaging: Add LGPL-2.1+ license to packages
According to guildelines the License: field should contain all
licenses that were used to build given package.
Change-Id: Idc03ac568f0b621bbd6bda1552d5ef728a8e3a5a
INSUN PYO [Fri, 5 Mar 2021 02:40:06 +0000 (11:40 +0900)]
spec: exclude /sbin/cryptsetup-reencrypt and /sbin/integritysetup
These files did not exist in the previous version.
Change-Id: Ib62dfec08bb567f66cb7d3320865f65911758c1f
INSUN PYO [Wed, 24 Feb 2021 07:19:38 +0000 (16:19 +0900)]
Enable ASLR feature
Change-Id: I9f31588cf537449a815334b55ecb487ea875f035
Karol Lewandowski [Fri, 24 Jul 2020 13:15:14 +0000 (15:15 +0200)]
packaging: Update rpm license to match source code
Change-Id: I9b5dca5a99ba9ba18f0da3e7a31c2f8b3cd08015
Karol Lewandowski [Fri, 24 Jul 2020 13:11:02 +0000 (15:11 +0200)]
packaging: Update to new upstream version
Change-Id: I9061a8eb38967423a32d276b852a66a5d9342ec3
Karol Lewandowski [Fri, 24 Jul 2020 12:47:02 +0000 (14:47 +0200)]
Merge branch 'upstream' into tizen
Change-Id: I93d730a6b0596450d95f8f32c947ed20573d3d0a
Karol Lewandowski [Fri, 24 Jul 2020 11:21:08 +0000 (13:21 +0200)]
Imported Upstream version 2.3.3
Change-Id: I3af4bf459d2b73bed419873693a905a2606332b9
INSUN PYO [Thu, 16 Jul 2020 06:23:07 +0000 (15:23 +0900)]
spec: fix manifest path
Change-Id: Iea0890e8d20a8c80051cb64bfcef64994491e05a
Yunmi Ha [Thu, 25 Jun 2020 06:16:24 +0000 (15:16 +0900)]
Fix license to GPL-2.0+, LGPL-2.1+
Change-Id: Ie7507b397a31d9da2a2913ab9025a29b647085d3
Signed-off-by: Yunmi Ha <yunmi.ha@samsung.com>
Yunmi Ha [Mon, 30 Dec 2019 07:56:47 +0000 (16:56 +0900)]
Include 'sys/sysmacros.h' for GCC-9
- Include 'sys/sysmacros.h' if present.
(Needed for major/minor definitions.)
- cherry picked from commit
1d15da1bfc2b3acf1278ff087ddc303d945dd023
Change-Id: Ia7ba6e242870dc25dcea27d234147a6c3f1731bf
Signed-off-by: Yunmi Ha <yunmi.ha@samsung.com>
Hyotaek Shim [Fri, 17 Nov 2017 05:52:37 +0000 (14:52 +0900)]
Add dependency to the device-mapper package and License fix
Change-Id: Iaa014c33594f250ac28b8969c6fbcb782e4e3367
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Yunmi Ha [Wed, 16 Aug 2017 08:33:16 +0000 (17:33 +0900)]
Enable ASLR feature
Change-Id: I0b1ae9a80d2c30fedd8ef1dc9b97dea2ed6f048f
Signed-off-by: Yunmi Ha <yunmi.ha@samsung.com>
Krzysztof Jackiewicz [Tue, 25 Jul 2017 07:00:53 +0000 (09:00 +0200)]
Use proper path prefix macros in spec
- Replace hardcoded library path prefix with %{_libdir} macro which may be
different depending on architecture. Wrong prefix caused compilation errors
in dependent packages on 64bit architecture.
- Replace other prefixes with available rpm macros
Change-Id: I55bde064bfa3b85797e591d082a5bfefd7c1998e
Yunmi Ha [Tue, 28 Mar 2017 04:04:57 +0000 (13:04 +0900)]
Install license file to /usr/share/licenses
Need to install license file per each rpm package.
Change-Id: I0c72296fc2dd33a96797d17a5fa5b8486dfdbede
Signed-off-by: Yunmi Ha <yunmi.ha@samsung.com>
silas jeon [Wed, 21 Sep 2016 12:35:42 +0000 (21:35 +0900)]
license:changed from LGPL 2.1 to LGPL 2.1+
Change-Id: I9290e540187fbb2726a8ecf0c0fe3686d41af884
silas jeon [Mon, 25 Jul 2016 02:01:37 +0000 (11:01 +0900)]
Update license version in specfile.
from GPL-2.0 to GPL2.0+
According to 1.6.0 Release note
Change-Id: I90d4c7a338bd4fa2f9a7ac042430e60c17a10595
Signed-off-by: silas jeon <silasjeon@samsung.com>
Kichan Kwon [Wed, 11 May 2016 03:00:07 +0000 (12:00 +0900)]
Merge branch 'upstream' into tizen
Change-Id: I96df0e91f76fd714f6ec007c707ae7360142c93f
Signed-off-by: Kichan Kwon <k_c.kwon@samsung.com>
Kichan Kwon [Wed, 11 May 2016 02:52:46 +0000 (11:52 +0900)]
Imported Upstream version 1.6.7
Change-Id: I7f33776c1d534cf59a8f28b972698ad95240ce5e
Signed-off-by: Kichan Kwon <k_c.kwon@samsung.com>
Kwon [Tue, 10 May 2016 12:13:56 +0000 (05:13 -0700)]
Revert "Imported upstream version 1.6.7"
This reverts commit
a3777a6b2cde2c7133141474dd4c428220a3e9cc.
Change-Id: I5c3c27a5a5677c20afb1a8e69c6ac99785cb37d1
Kichan Kwon [Tue, 10 May 2016 06:48:59 +0000 (15:48 +0900)]
Imported upstream version 1.6.7
Change-Id: Ibccd9c20d2f467bdafb3eadb136dac955efd8e45
Signed-off-by: Kichan Kwon <k_c.kwon@samsung.com>
Jacek Pielaszkiewicz [Fri, 11 Oct 2013 11:08:55 +0000 (13:08 +0200)]
Initial packaging directory.
Change-Id: I8b9ff3fc9406350756c4eb4c4df7e1aafffc965a
Signed-off-by: Jacek Pielaszkiewicz <j.pielaszkie@samsung.com>
Milan Broz [Mon, 12 Aug 2013 06:15:29 +0000 (08:15 +0200)]
Update nl.po.
Milan Broz [Thu, 8 Aug 2013 16:57:45 +0000 (18:57 +0200)]
Fix static compilation with OpenSSL.
Resolves issue#172, see
https://bugs.gentoo.org/show_bug.cgi?id=472692
Milan Broz [Sun, 4 Aug 2013 18:42:32 +0000 (20:42 +0200)]
Update pl.po.
Milan Broz [Sun, 4 Aug 2013 17:45:37 +0000 (19:45 +0200)]
Devel version switch.
Milan Broz [Sun, 4 Aug 2013 16:36:09 +0000 (18:36 +0200)]
Version 1.6.2.
wagner [Fri, 2 Aug 2013 21:53:22 +0000 (23:53 +0200)]
sync with wiki version
Milan Broz [Wed, 31 Jul 2013 19:20:14 +0000 (21:20 +0200)]
Update fr.po.
Milan Broz [Tue, 30 Jul 2013 05:45:12 +0000 (07:45 +0200)]
Update po files.
Milan Broz [Sat, 27 Jul 2013 20:59:40 +0000 (22:59 +0200)]
Add 1.6.2 release notes.
Remove some TCRYPT comments from man page (FAQ is better for this).
Milan Broz [Sat, 27 Jul 2013 10:33:22 +0000 (12:33 +0200)]
Fails if more device arguments are present for isLuks.
Fixes
http://code.google.com/p/cryptsetup/issues/detail?id=165
Milan Broz [Tue, 23 Jul 2013 20:07:13 +0000 (22:07 +0200)]
Fix sscanf cipher string and avoid warning wih -fsanitize=address.
Code need to count terminating zero.
Milan Broz [Sun, 14 Jul 2013 09:49:28 +0000 (11:49 +0200)]
Update de.po.
wagner [Wed, 3 Jul 2013 23:03:07 +0000 (01:03 +0200)]
fixed all items in issue 164
Escaped dashes in options, e.g. \-\-iter-time => \-\-iter\-time
to prevent word-breaks at inner dashes.
wagner [Tue, 2 Jul 2013 01:23:49 +0000 (03:23 +0200)]
Expanded more on protection of hidden TrueCrypt volumes and
its problems.
wagner [Tue, 2 Jul 2013 01:00:02 +0000 (03:00 +0200)]
Added comment that a hidden volume is unprotected against changes
in its outer volume and hence the outer volume should not be mounted.
Milan Broz [Sun, 30 Jun 2013 08:46:21 +0000 (10:46 +0200)]
Map TCRYPT system encryption through partition.
Kernel doesn't allow mapping through whle device if some
other partition an the device is used.
So first try to find partition device which match
system encryption (== TCRYPT partition system encryption)
and use that.
Milan Broz [Sun, 30 Jun 2013 07:04:00 +0000 (09:04 +0200)]
Simplify sysfs helpers.
Milan Broz [Sat, 29 Jun 2013 11:06:04 +0000 (13:06 +0200)]
Use internally common uint64 parsing for sysfs values.
Milan Broz [Sat, 29 Jun 2013 09:28:33 +0000 (11:28 +0200)]
Add kernel version to DM debug output.
Milan Broz [Fri, 28 Jun 2013 18:39:54 +0000 (20:39 +0200)]
Fix default modes in man page.
Mikulas Patocka [Fri, 28 Jun 2013 14:56:31 +0000 (10:56 -0400)]
dm-verity: Fix a boundary condition that caused failure for certain device sizes
On Fri, 28 Jun 2013, Mikulas Patocka wrote:
Fix a boundary condition that caused failure for certain device sizes
The problem is reported at
http://code.google.com/p/cryptsetup/issues/detail?id=160
This is the userspace fix.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com
Cristian Rodríguez [Sat, 22 Jun 2013 02:38:46 +0000 (22:38 -0400)]
Fix buildsytem to always include config.h.
- config.h must always be the first file to be included
- Use AM_CFLAGS and AM_LDFLAGS consistently and properly.
(Modified to disable build without largefile support etc
by Milan Broz <gmazyland@gmail.com>)
Milan Broz [Sun, 23 Jun 2013 14:16:43 +0000 (16:16 +0200)]
Force use serial-tests.
Unfortunately, automake did not provided compatible way,
so if anyone need to use old automake, one line change
in is needed.
Milan Broz [Sun, 23 Jun 2013 13:37:27 +0000 (15:37 +0200)]
Copy file in automake, never make symlinks.
Milan Broz [Sun, 23 Jun 2013 13:26:45 +0000 (15:26 +0200)]
Print a warning if system encryption is used and device is a partition.
System encryption hav metadata in space located ouside of
partition itself.
Ideally the check should be automatic but for virtualized systems
(where a partition could be "whole device" for another sustem this
can be dangerous.
Milan Broz [Sun, 23 Jun 2013 13:24:01 +0000 (15:24 +0200)]
Fix mapping of TCRYPT system encryption for more partitions.
If TCRYPT system encryption uses only partition (not the whole device)
some other partitions could be in use and we have to use
more relaxed check to allow device activation.
Cristian Rodríguez [Mon, 3 Jun 2013 19:27:27 +0000 (15:27 -0400)]
build: test byteswap.h and endian.h for bitops.h
Otherwise the fallback code will be used.
Milan Broz [Sat, 11 May 2013 08:59:02 +0000 (10:59 +0200)]
Disallow explicit small payload offset for detached header.
LUKS detached header has some limitations, one of them
is that you cannot run some explicit check for data offsets
without providing also data device.
Because luksDump and all key handle commands takes only
metadata device (LUKS heaer device), it not easy to properly
support data payload offset validation.
So if detached header is present for luksFormat, code now
allows data payload 0 (IOW whole data device is used)
and explicit offset larger than header+keyslots
(the same as the header is on data device - so some space is wasted).
N.B. with detached header the option --align-payload is used
directly without any round up caculations.
Fixes Issue#155.
wagner [Wed, 24 Apr 2013 22:08:42 +0000 (00:08 +0200)]
sync with Wiki
Milan Broz [Sun, 7 Apr 2013 07:33:23 +0000 (09:33 +0200)]
Update nl.po.
wagner [Fri, 5 Apr 2013 09:24:44 +0000 (11:24 +0200)]
sync with wiki version
Milan Broz [Sun, 31 Mar 2013 09:59:54 +0000 (11:59 +0200)]
Set devel version.
Milan Broz [Sun, 31 Mar 2013 09:24:26 +0000 (11:24 +0200)]
Fix gcc signed/unsigned warning for key length.
And always use unsigned int declaration.
Milan Broz [Tue, 26 Mar 2013 20:19:03 +0000 (21:19 +0100)]
Update vi.po.
Milan Broz [Sun, 24 Mar 2013 22:36:26 +0000 (23:36 +0100)]
Update po files.
Milan Broz [Sun, 24 Mar 2013 09:01:34 +0000 (10:01 +0100)]
Add 1.6.1 release notes.
Milan Broz [Sun, 24 Mar 2013 08:05:33 +0000 (09:05 +0100)]
Update copyright year on changed files.
Milan Broz [Sat, 23 Mar 2013 17:06:27 +0000 (18:06 +0100)]
Fix loop-AES keyfile parsing.
Loop-AES keyfile should be text keyfile,
properly check that keys are terminated and of the same length.
Fixes issue#153.
wagner [Sat, 23 Mar 2013 15:00:58 +0000 (16:00 +0100)]
Fixed the buit instruction
Improved example
Milan Broz [Sun, 17 Mar 2013 19:54:04 +0000 (20:54 +0100)]
Fix deactivation of device when failed underlying node disappeared
If underlying device disappears (failed drive, removed flash drive etc)
cryptsetup cannot report LUKS parameters (header no longer available).
Fix return code of init_by name in this situation (crypt
context is NULL).
Report visible error if deactivation fails and device is still busy.
Fixes issue#149.
Milan Broz [Sun, 17 Mar 2013 18:20:42 +0000 (19:20 +0100)]
Deactivate whole device TCRYPT tree if context is NULL
API (unfortunately) supports NULL argument for crypt_deactivate,
with new chained TCRYPT devices it must deactivate all
chained devices as well.
Fixes issue#147.
Milan Broz [Sun, 17 Mar 2013 16:34:41 +0000 (17:34 +0100)]
Update nl.po.
Milan Broz [Sun, 10 Mar 2013 15:09:00 +0000 (16:09 +0100)]
Update de.po.
Milan Broz [Fri, 15 Feb 2013 08:52:22 +0000 (09:52 +0100)]
Return EPERM instead EINVAL for too long TCRYPT passphrase.
Milan Broz [Thu, 14 Feb 2013 13:37:50 +0000 (14:37 +0100)]
Fix passphrase pool overflow for TCRYPT device id passphrase > pool size.
TCRYPT format limits passphrase length to max. 64 characters so simply error in this case.
Milan Broz [Mon, 11 Feb 2013 13:53:49 +0000 (14:53 +0100)]
Make passphrase prompts more consistent.
Also see http://code.google.com/p/cryptsetup/issues/detail?id=145
John Spencer [Fri, 1 Feb 2013 07:36:36 +0000 (08:36 +0100)]
Fix missing headers
2 header inclusions were missing, one for PATH_MAX (limits.h) and one
for FD_ZERO, FD_SET, ... (sys/select.h)
on glibc, those headers are erroneusly (namespace pollution) pulled in
through other headers, so the author didnt notice.
Signed-Off-By: John Spencer <maillist-cryptsetup@barfooze.de>
wagner [Fri, 1 Feb 2013 04:35:36 +0000 (05:35 +0100)]
sync with wiki
Milan Broz [Tue, 22 Jan 2013 15:20:09 +0000 (16:20 +0100)]
Do not support user uuid for plain & loopaes devices.
This function was not documented.
So now crypt_get_uuid() returns only on-disk UUID.
Milan Broz [Wed, 16 Jan 2013 14:28:12 +0000 (15:28 +0100)]
Properly cleanup on interrupt in api-test.
Milan Broz [Tue, 15 Jan 2013 13:53:19 +0000 (14:53 +0100)]
Support test run in kernel FIPS mode.
Milan Broz [Mon, 14 Jan 2013 11:49:04 +0000 (12:49 +0100)]
Set devel version.
Milan Broz [Sun, 13 Jan 2013 23:22:50 +0000 (00:22 +0100)]
Fix doxygen doc for libcryptsetup.h.
Milan Broz [Sun, 13 Jan 2013 22:53:35 +0000 (23:53 +0100)]
Fix tcrypt test header.
Milan Broz [Sun, 13 Jan 2013 19:45:55 +0000 (20:45 +0100)]
Use tabs in script.
Milan Broz [Sun, 13 Jan 2013 18:29:12 +0000 (19:29 +0100)]
Update po files.
Milan Broz [Sun, 13 Jan 2013 18:28:36 +0000 (19:28 +0100)]
Update bitops.h (stolen from util-linux:).
Milan Broz [Fri, 11 Jan 2013 12:03:05 +0000 (13:03 +0100)]
Update po files.
Milan Broz [Thu, 10 Jan 2013 16:26:19 +0000 (17:26 +0100)]
Fix some extended compile warning.
Milan Broz [Thu, 10 Jan 2013 15:48:47 +0000 (16:48 +0100)]
Do not include pbkdf2 prototype in header if code is not compiled in.
Milan Broz [Thu, 10 Jan 2013 14:37:26 +0000 (15:37 +0100)]
Fix null blocks in kernel backend.
Milan Broz [Thu, 10 Jan 2013 14:34:11 +0000 (15:34 +0100)]
Fix tests to work with pwquality compiled in.
Milan Broz [Wed, 9 Jan 2013 17:46:38 +0000 (18:46 +0100)]
Allow to overwrite gcrypt PBKDF2 use for configure.
Milan Broz [Wed, 9 Jan 2013 12:09:41 +0000 (13:09 +0100)]
Prepare 1.6.0 release.
Milan Broz [Tue, 8 Jan 2013 17:36:52 +0000 (18:36 +0100)]
Skip test for kernel wihtout autoclear flag.
Milan Broz [Tue, 8 Jan 2013 16:41:06 +0000 (17:41 +0100)]
Workaround api-test compilation on some very old systems.
Milan Broz [Tue, 8 Jan 2013 13:45:39 +0000 (14:45 +0100)]
Properly specify cipher in tests.
Milan Broz [Tue, 8 Jan 2013 13:19:31 +0000 (14:19 +0100)]
Fix displaying of error messages for mising kernel features.
Milan Broz [Tue, 8 Jan 2013 11:21:30 +0000 (12:21 +0100)]
Change LUKS default cipher to aes-xts-plain64 (AES128-XTS).
Milan Broz [Sat, 5 Jan 2013 11:51:58 +0000 (12:51 +0100)]
Update po files.
projects / platform / upstream / cryptsetup.git / log