This commit upgrades cryptsetup to v2.3.7, which fixes CVE-2021-4122.
Change-Id: I6713b388b25475e6f796368eca7ceadd600acccb
AC_PREREQ([2.67])
- AC_INIT([cryptsetup],[2.3.3])
+ AC_INIT([cryptsetup],[2.3.7])
dnl library version from <major>.<minor>.<release>[-<suffix>]
LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)
AC_C_RESTRICT
AC_HEADER_DIRENT
- AC_HEADER_STDC
AC_CHECK_HEADERS(fcntl.h malloc.h inttypes.h sys/ioctl.h sys/mman.h \
sys/sysmacros.h sys/statvfs.h ctype.h unistd.h locale.h byteswap.h endian.h stdint.h)
AC_CHECK_DECLS([O_CLOEXEC],,[AC_DEFINE([O_CLOEXEC],[0], [Defined to 0 if not provided])],
fi
])
+ dnl LUKS2 online reencryption
+ AC_ARG_ENABLE([luks2-reencryption],
+ AS_HELP_STRING([--disable-luks2-reencryption], [disable LUKS2 online reencryption extension]),
+ [], [enable_luks2_reencryption=yes])
+ if test "x$enable_luks2_reencryption" = "xyes"; then
+ AC_DEFINE(USE_LUKS2_REENCRYPTION, 1, [Use LUKS2 online reencryption extension])
+ fi
+
dnl ==========================================================================
dnl pwquality library (cryptsetup CLI only)
AC_ARG_ENABLE([pwquality],
if test "x$enable_passwdqc" = "xyes"; then
AC_DEFINE(ENABLE_PASSWDQC, 1, [Enable password quality checking using passwdqc library])
- PASSWDQC_LIBS="-lpasswdqc"
+ saved_LIBS="$LIBS"
+ AC_SEARCH_LIBS([passwdqc_check], [passwdqc])
+ case "$ac_cv_search_passwdqc_check" in
+ no) AC_MSG_ERROR([failed to find passwdqc_check]) ;;
+ -l*) PASSWDQC_LIBS="$ac_cv_search_passwdqc_check" ;;
+ *) PASSWDQC_LIBS= ;;
+ esac
+ AC_CHECK_FUNCS([passwdqc_params_free])
+ LIBS="$saved_LIBS"
fi
if test "x$enable_pwquality$enable_passwdqc" = "xyesyes"; then
])
AC_DEFUN([CONFIGURE_OPENSSL], [
- PKG_CHECK_MODULES([OPENSSL], [openssl >= 0.9.8],,
+ PKG_CHECK_MODULES([OPENSSL], [openssl1.1 >= 0.9.8],,
AC_MSG_ERROR([You need openssl library.]))
CRYPTO_CFLAGS=$OPENSSL_CFLAGS
CRYPTO_LIBS=$OPENSSL_LIBS
CS_NUM_WITH([loopaes-keybits],[key length in bits for loop-AES mode], [256])
CS_NUM_WITH([keyfile-size-maxkb],[maximum keyfile size (in KiB)], [8192])
- CS_NUM_WITH([passphrase-size-max],[maximum keyfile size (in characters)], [512])
+ CS_NUM_WITH([integrity-keyfile-size-maxkb],[maximum integritysetup keyfile size (in KiB)], [4])
+ CS_NUM_WITH([passphrase-size-max],[maximum passphrase size (in characters)], [512])
CS_STR_WITH([verity-hash], [hash function for verity mode], [sha256])
CS_NUM_WITH([verity-data-block], [data block size for verity mode], [4096])
/*
* loopback block device utilities
*
- * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2020 Milan Broz
+ * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2021 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
# include <sys/sysmacros.h> /* for major, minor */
#endif
#include <linux/loop.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h> /* for major, minor */
+#endif
#include "utils_loop.h"
if (stat(loop, &st) || !S_ISBLK(st.st_mode))
return NULL;
- snprintf(buf, sizeof(buf), "/sys/dev/block/%d:%d/loop/backing_file",
- major(st.st_rdev), minor(st.st_rdev));
+ if (snprintf(buf, sizeof(buf), "/sys/dev/block/%d:%d/loop/backing_file",
+ major(st.st_rdev), minor(st.st_rdev)) < 0)
+ return NULL;
fd = open(buf, O_RDONLY);
if (fd < 0)
--- /dev/null
- Version: 2.3.3
+Name: cryptsetup
+Summary: The cryptsetup
++Version: 2.3.7
+Release: 1
+License: GPL-2.0+
+Group: Base/Device Management
+URL: http://code.google.com/p/cryptsetup/
+Source0: %{name}-%{version}.tar.xz
+Source1: cryptsetup.manifest
+
+BuildRequires: linux-kernel-headers
+BuildRequires: device-mapper-devel
+BuildRequires: libgpg-error-devel
+BuildRequires: libgcrypt-devel
+BuildRequires: libuuid-devel
+BuildRequires: util-linux
+BuildRequires: popt-devel
+BuildRequires: automake
+BuildRequires: gettext
+BuildRequires: pkgconfig(json-c)
+BuildRequires: pkgconfig(libssl1.1)
+BuildRequires: pkgconfig(blkid)
+
+Requires: libgpg-error
+Requires: device-mapper
+Requires: libgcrypt
+
+%description
+setup cryptographic volumes for dm-crypt (including LUKS extension)
+
+%package devel
+Summary: The cryptsetup development package
+Group: Development/Libraries
+License: GPL-2.0+
+Requires: %{name} = %{version}-%{release}
+
+%description devel
+cryptsetup development package
+
+%package locale
+License: GPL-2.0+
+Summary: The cryptsetup locale package
+Group: Base/Device Management
+Requires: %{name} = %{version}-%{release}
+
+%description locale
+locale package for cryptsetup
+
+%package doc
+License: GPL-2.0+
+Summary: The cryptsetup doc package
+Group: Base/Device Management
+Requires: %{name} = %{version}-%{release}
+
+%description doc
+doc package for cryptsetup
+
+%prep
+%setup -q
+cp %{SOURCE1} ./%{name}.manifest
+
+%build
+cp %{SOURCE1} .
+
+chmod +x ./autogen.sh
+./autogen.sh --prefix=%{_prefix} -localedir=%{_datarootdir}/locale -libdir=%{_libdir} \
+ --disable-cryptsetup-reencrypt --disable-integritysetup
+
+make %{?jobs:-j%jobs}
+
+%install
+rm -rf %{buildroot}
+%make_install
+
+%clean
+
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%files
+%manifest %{name}.manifest
+%license COPYING.GPL-2.0+
+%{_libdir}/libcryptsetup.so.*
+%{_prefix}/lib/tmpfiles.d/cryptsetup.conf
+%{_sbindir}/cryptsetup
+%{_sbindir}/veritysetup
+
+%files devel
+%manifest %{name}.manifest
+%license COPYING.GPL-2.0+
+%{_includedir}/libcryptsetup.h
+%{_libdir}/libcryptsetup.so
+%{_libdir}/pkgconfig/libcryptsetup.pc
+
+%files locale
+%manifest %{name}.manifest
+%license COPYING.GPL-2.0+
+%{_datarootdir}/locale/cs/LC_MESSAGES/cryptsetup.mo
+%{_datarootdir}/locale/da/LC_MESSAGES/cryptsetup.mo
+%{_datarootdir}/locale/de/LC_MESSAGES/cryptsetup.mo
+%{_datarootdir}/locale/es/LC_MESSAGES/cryptsetup.mo
+%{_datarootdir}/locale/fi/LC_MESSAGES/cryptsetup.mo
+%{_datarootdir}/locale/fr/LC_MESSAGES/cryptsetup.mo
+%{_datarootdir}/locale/id/LC_MESSAGES/cryptsetup.mo
+%{_datarootdir}/locale/it/LC_MESSAGES/cryptsetup.mo
+%{_datarootdir}/locale/ja/LC_MESSAGES/cryptsetup.mo
+%{_datarootdir}/locale/nl/LC_MESSAGES/cryptsetup.mo
+%{_datarootdir}/locale/pl/LC_MESSAGES/cryptsetup.mo
+%{_datarootdir}/locale/pt_BR/LC_MESSAGES/cryptsetup.mo
+%{_datarootdir}/locale/ru/LC_MESSAGES/cryptsetup.mo
+%{_datarootdir}/locale/sr/LC_MESSAGES/cryptsetup.mo
+%{_datarootdir}/locale/sv/LC_MESSAGES/cryptsetup.mo
+%{_datarootdir}/locale/uk/LC_MESSAGES/cryptsetup.mo
+%{_datarootdir}/locale/vi/LC_MESSAGES/cryptsetup.mo
+%{_datarootdir}/locale/zh_CN/LC_MESSAGES/cryptsetup.mo
+
+%files doc
+%manifest %{name}.manifest
+%license COPYING.GPL-2.0+
+%{_mandir}/man8/cryptsetup.8.gz
+%{_mandir}/man8/veritysetup.8.gz