projects / platform / upstream / cryptsetup.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | compact (merge: d8ba0e1 f7fc3bb)
Merge branch 'upstream' into tizen 53/288453/1
authorKarol Lewandowski <k.lewandowsk@samsung.com>
Thu, 16 Feb 2023 15:20:54 +0000 (16:20 +0100)
committerKarol Lewandowski <k.lewandowsk@samsung.com>
Thu, 16 Feb 2023 15:21:53 +0000 (16:21 +0100)
This commit upgrades cryptsetup to v2.3.7, which fixes CVE-2021-4122.

Change-Id: I6713b388b25475e6f796368eca7ceadd600acccb

1  2 
configure.ac patch | diff1 | diff2 | blob | history
lib/utils_loop.c patch | diff1 | diff2 | blob | history
packaging/cryptsetup.spec patch | diff1 | | blob | history

diff --combined configure.ac
index c5d7c6c,e88be7a..8f74740
--- 1/configure.ac
--- 2/configure.ac
+++ b/configure.ac
@@@ -1,5 -1,5 +1,5 @@@
  AC_PREREQ([2.67])
- AC_INIT([cryptsetup],[2.3.3])
+ AC_INIT([cryptsetup],[2.3.7])
  
  dnl library version from <major>.<minor>.<release>[-<suffix>]
  LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)
@@@ -57,7 -57,6 +57,6 @@@ dnl ===================================
  AC_C_RESTRICT
  
  AC_HEADER_DIRENT
- AC_HEADER_STDC
  AC_CHECK_HEADERS(fcntl.h malloc.h inttypes.h sys/ioctl.h sys/mman.h \
        sys/sysmacros.h sys/statvfs.h ctype.h unistd.h locale.h byteswap.h endian.h stdint.h)
  AC_CHECK_DECLS([O_CLOEXEC],,[AC_DEFINE([O_CLOEXEC],[0], [Defined to 0 if not provided])],
@@@ -146,6 -145,14 +145,14 @@@ AC_DEFUN([NO_FIPS], 
        fi
  ])
  
+ dnl LUKS2 online reencryption
+ AC_ARG_ENABLE([luks2-reencryption],
+       AS_HELP_STRING([--disable-luks2-reencryption], [disable LUKS2 online reencryption extension]),
+       [], [enable_luks2_reencryption=yes])
+ if test "x$enable_luks2_reencryption" = "xyes"; then
+       AC_DEFINE(USE_LUKS2_REENCRYPTION, 1, [Use LUKS2 online reencryption extension])
+ fi
  dnl ==========================================================================
  dnl pwquality library (cryptsetup CLI only)
  AC_ARG_ENABLE([pwquality],
@@@ -176,7 -183,15 +183,15 @@@ AC_DEFINE_UNQUOTED([PASSWDQC_CONFIG_FIL
  if test "x$enable_passwdqc" = "xyes"; then
        AC_DEFINE(ENABLE_PASSWDQC, 1, [Enable password quality checking using passwdqc library])
  
-       PASSWDQC_LIBS="-lpasswdqc"
+       saved_LIBS="$LIBS"
+       AC_SEARCH_LIBS([passwdqc_check], [passwdqc])
+       case "$ac_cv_search_passwdqc_check" in
+               no) AC_MSG_ERROR([failed to find passwdqc_check]) ;;
+               -l*) PASSWDQC_LIBS="$ac_cv_search_passwdqc_check" ;;
+               *) PASSWDQC_LIBS= ;;
+       esac
+       AC_CHECK_FUNCS([passwdqc_params_free])
+       LIBS="$saved_LIBS"
  fi
  
  if test "x$enable_pwquality$enable_passwdqc" = "xyesyes"; then
@@@ -236,7 -251,7 +251,7 @@@ AC_DEFUN([CONFIGURE_GCRYPT], 
  ])
  
  AC_DEFUN([CONFIGURE_OPENSSL], [
 -      PKG_CHECK_MODULES([OPENSSL], [openssl >= 0.9.8],,
 +      PKG_CHECK_MODULES([OPENSSL], [openssl1.1 >= 0.9.8],,
                AC_MSG_ERROR([You need openssl library.]))
        CRYPTO_CFLAGS=$OPENSSL_CFLAGS
        CRYPTO_LIBS=$OPENSSL_LIBS
@@@ -596,7 -611,8 +611,8 @@@ CS_STR_WITH([loopaes-cipher], [cipher f
  CS_NUM_WITH([loopaes-keybits],[key length in bits for loop-AES mode], [256])
  
  CS_NUM_WITH([keyfile-size-maxkb],[maximum keyfile size (in KiB)], [8192])
- CS_NUM_WITH([passphrase-size-max],[maximum keyfile size (in characters)], [512])
+ CS_NUM_WITH([integrity-keyfile-size-maxkb],[maximum integritysetup keyfile size (in KiB)], [4])
+ CS_NUM_WITH([passphrase-size-max],[maximum passphrase size (in characters)], [512])
  
  CS_STR_WITH([verity-hash],       [hash function for verity mode], [sha256])
  CS_NUM_WITH([verity-data-block], [data block size for verity mode], [4096])
diff --combined lib/utils_loop.c
index 681c123,9e68072..b5394de
--- 1/lib/utils_loop.c
--- 2/lib/utils_loop.c
+++ b/lib/utils_loop.c
@@@ -1,8 -1,8 +1,8 @@@
  /*
   * loopback block device utilities
   *
-  * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved.
-  * Copyright (C) 2009-2020 Milan Broz
+  * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
+  * Copyright (C) 2009-2021 Milan Broz
   *
   * This program is free software; you can redistribute it and/or
   * modify it under the terms of the GNU General Public License
@@@ -33,9 -33,6 +33,9 @@@
  # include <sys/sysmacros.h>     /* for major, minor */
  #endif
  #include <linux/loop.h>
 +#ifdef HAVE_SYS_SYSMACROS_H
 +#include <sys/sysmacros.h>     /* for major, minor */
 +#endif
  
  #include "utils_loop.h"
  
@@@ -237,8 -234,9 +237,9 @@@ static char *_sysfs_backing_file(const 
        if (stat(loop, &st) || !S_ISBLK(st.st_mode))
                return NULL;
  
-       snprintf(buf, sizeof(buf), "/sys/dev/block/%d:%d/loop/backing_file",
-                major(st.st_rdev), minor(st.st_rdev));
+       if (snprintf(buf, sizeof(buf), "/sys/dev/block/%d:%d/loop/backing_file",
+                    major(st.st_rdev), minor(st.st_rdev)) < 0)
+               return NULL;
  
        fd = open(buf, O_RDONLY);
        if (fd < 0)
diff --combined packaging/cryptsetup.spec
index 3662a88,0000000..0ebeaea
mode 100644,000000..100644
--- 1/packaging/cryptsetup.spec
--- /dev/null
+++ b/packaging/cryptsetup.spec
@@@ -1,122 -1,0 +1,122 @@@
- Version:  2.3.3
 +Name:     cryptsetup
 +Summary:  The cryptsetup
++Version:  2.3.7
 +Release:  1
 +License:  GPL-2.0+
 +Group:    Base/Device Management
 +URL:      http://code.google.com/p/cryptsetup/
 +Source0:  %{name}-%{version}.tar.xz
 +Source1:  cryptsetup.manifest
 +
 +BuildRequires: linux-kernel-headers
 +BuildRequires: device-mapper-devel
 +BuildRequires: libgpg-error-devel
 +BuildRequires: libgcrypt-devel
 +BuildRequires: libuuid-devel
 +BuildRequires: util-linux
 +BuildRequires: popt-devel
 +BuildRequires: automake
 +BuildRequires: gettext
 +BuildRequires: pkgconfig(json-c)
 +BuildRequires: pkgconfig(libssl1.1)
 +BuildRequires: pkgconfig(blkid)
 +
 +Requires:      libgpg-error
 +Requires:      device-mapper
 +Requires:      libgcrypt
 +
 +%description
 +setup cryptographic volumes for dm-crypt (including LUKS extension)
 +
 +%package devel
 +Summary:    The cryptsetup development package
 +Group:      Development/Libraries
 +License:    GPL-2.0+
 +Requires:   %{name} = %{version}-%{release}
 +
 +%description devel
 +cryptsetup development package
 +
 +%package locale
 +License:    GPL-2.0+
 +Summary:    The cryptsetup locale package
 +Group:      Base/Device Management
 +Requires:   %{name} = %{version}-%{release}
 +
 +%description locale
 +locale package for cryptsetup
 +
 +%package doc 
 +License:    GPL-2.0+
 +Summary:    The cryptsetup doc package
 +Group:      Base/Device Management
 +Requires:   %{name} = %{version}-%{release}
 +
 +%description doc
 +doc package for cryptsetup
 +
 +%prep
 +%setup -q
 +cp %{SOURCE1} ./%{name}.manifest
 +
 +%build
 +cp %{SOURCE1} .
 +
 +chmod +x ./autogen.sh
 +./autogen.sh --prefix=%{_prefix} -localedir=%{_datarootdir}/locale -libdir=%{_libdir} \
 +             --disable-cryptsetup-reencrypt --disable-integritysetup
 +
 +make %{?jobs:-j%jobs}
 +
 +%install
 +rm -rf %{buildroot}
 +%make_install
 +
 +%clean
 +
 +%post -p /sbin/ldconfig
 +
 +%postun -p /sbin/ldconfig
 +
 +%files
 +%manifest %{name}.manifest
 +%license COPYING.GPL-2.0+
 +%{_libdir}/libcryptsetup.so.*
 +%{_prefix}/lib/tmpfiles.d/cryptsetup.conf
 +%{_sbindir}/cryptsetup
 +%{_sbindir}/veritysetup
 +
 +%files devel
 +%manifest %{name}.manifest
 +%license COPYING.GPL-2.0+
 +%{_includedir}/libcryptsetup.h
 +%{_libdir}/libcryptsetup.so
 +%{_libdir}/pkgconfig/libcryptsetup.pc
 +
 +%files locale
 +%manifest %{name}.manifest
 +%license COPYING.GPL-2.0+
 +%{_datarootdir}/locale/cs/LC_MESSAGES/cryptsetup.mo
 +%{_datarootdir}/locale/da/LC_MESSAGES/cryptsetup.mo
 +%{_datarootdir}/locale/de/LC_MESSAGES/cryptsetup.mo
 +%{_datarootdir}/locale/es/LC_MESSAGES/cryptsetup.mo
 +%{_datarootdir}/locale/fi/LC_MESSAGES/cryptsetup.mo
 +%{_datarootdir}/locale/fr/LC_MESSAGES/cryptsetup.mo
 +%{_datarootdir}/locale/id/LC_MESSAGES/cryptsetup.mo
 +%{_datarootdir}/locale/it/LC_MESSAGES/cryptsetup.mo
 +%{_datarootdir}/locale/ja/LC_MESSAGES/cryptsetup.mo
 +%{_datarootdir}/locale/nl/LC_MESSAGES/cryptsetup.mo
 +%{_datarootdir}/locale/pl/LC_MESSAGES/cryptsetup.mo
 +%{_datarootdir}/locale/pt_BR/LC_MESSAGES/cryptsetup.mo
 +%{_datarootdir}/locale/ru/LC_MESSAGES/cryptsetup.mo
 +%{_datarootdir}/locale/sr/LC_MESSAGES/cryptsetup.mo
 +%{_datarootdir}/locale/sv/LC_MESSAGES/cryptsetup.mo
 +%{_datarootdir}/locale/uk/LC_MESSAGES/cryptsetup.mo
 +%{_datarootdir}/locale/vi/LC_MESSAGES/cryptsetup.mo
 +%{_datarootdir}/locale/zh_CN/LC_MESSAGES/cryptsetup.mo
 +
 +%files doc
 +%manifest %{name}.manifest
 +%license COPYING.GPL-2.0+
 +%{_mandir}/man8/cryptsetup.8.gz
 +%{_mandir}/man8/veritysetup.8.gz
Domain: System / System Framework;