!23 Update to cryptsetup-2.4.1

From: @wenchao-hao
Reviewed-by: @liuzhiqiang26
Signed-off-by: @liuzhiqiang26

0002-fix-compat-test.patch

@@ -8,10 +8,10 @@ Subject: [PATCH 2/2] fix compat test
  1 file changed, 8 insertions(+), 7 deletions(-)
 
 diff --git a/tests/compat-test b/tests/compat-test
-index a61453e..7ee946e 100755
+index a71b247..9e395b1 100755
 --- a/tests/compat-test
 +++ b/tests/compat-test
-@@ -22,6 +22,7 @@ PWD0="compatkey"
+@@ -23,6 +23,7 @@ PWD0="compatkey"
  PWD1="93R4P4pIqAH8"
  PWD2="mymJeD8ivEhE"
  PWD3="ocMakf3fAcQO"
@@ -19,7 +19,7 @@ index a61453e..7ee946e 100755
  PWDW="rUkL4RUryBom"
  VK_FILE="compattest_vkfile"
  
-@@ -225,17 +226,17 @@ echo $PWD1 | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail
+@@ -239,17 +240,17 @@ echo $PWD1 | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail
  echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT || fail
  echo -e "$PWD0\n$PWD1" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail
  echo "[4] change key"
@@ -41,26 +41,29 @@ index a61453e..7ee946e 100755
  [ $? -ne 1 ] && fail "luksOpen should return ENOENT exit code"
  echo $PWD2 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
  [ $? -ne 1 ] && fail "luksOpen should return ENOENT exit code"
-@@ -867,16 +868,16 @@ expect timeout abort "Are you sure? (Type 'yes' in capital letters):"
+@@ -866,11 +867,11 @@ set timeout $EXPECT_TIMEOUT
- send "YES\n"
+ eval spawn $CRYPTSETUP_RAW luksOpen -v -T 2 $LOOPDEV $DEV_NAME
  expect timeout abort "Enter passphrase for $EXPECT_DEV:"
  sleep 0.1
--send "$PWD0\n"
+-send "$PWD0 x\n"
-+send "$PWD4\n"
++send "$PWD4 x\n"
- expect timeout abort "Verify passphrase:"
+ expect timeout abort "No key available with this passphrase."
- sleep 0.1
--send "$PWD0\n"
-+send "$PWD4\n"
- expect timeout abort "Command successful."
- expect timeout abort eof
- eval spawn $CRYPTSETUP luksOpen -v $LOOPDEV --test-passphrase
  expect timeout abort "Enter passphrase for $EXPECT_DEV:"
  sleep 0.1
--send "$PWD0\n"
+-send "$PWD0 y\n"
-+send "$PWD4\n"
++send "$PWD4 y\n"
- expect timeout abort "Command successful."
+ expect timeout abort "No key available with this passphrase."
  expect timeout abort eof
  exit
+@@ -886,7 +887,7 @@ expect timeout abort "Are you sure? (Type 'yes' in capital letters):"
+ send "YES\n"
+ expect timeout abort "Enter any remaining passphrase:"
+ sleep 0.1
+-send "$PWD0\n"
++send "$PWD4\n"
+ expect timeout abort "Command successful."
+ expect timeout abort eof
+ eval spawn $CRYPTSETUP_RAW luksKillSlot -v $LOOPDEV 0
 -- 
-1.8.3.1
+2.30.0
 

0003-Check-segment-gaps-regardless-of-heap-space.patch

@@ -1,61 +0,0 @@
-From e8e71e43c3ff2dca951d30af48708bcb411e47d2 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Mon, 24 Aug 2020 19:21:43 +0200
-Subject: [PATCH 3/5] Check segment gaps regardless of heap space.
-
-Segments are validated in hdr_validate_segments. Gaps in segment keys
-are detected when collecting offsets. But if an invalid segment is very
-large, larger than count, it could happen that cryptsetup is unable to
-allocate enough memory, not giving a clue about what actually is the
-problem.
-
-Therefore check for gaps even if not enough memory is available. This
-gives much more information with debug output enabled.
-
-Obviously cryptsetup still fails if segments are perfectly fine but not
-enough RAM available. But at that stage, the user knows that it's the
-fault of the system, not of an invalid segment.
----
- lib/luks2/luks2_json_metadata.c | 19 ++++++++++++-------
- 1 file changed, 12 insertions(+), 7 deletions(-)
-
-diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
-index e346067..e4e1424 100644
---- a/lib/luks2/luks2_json_metadata.c
-+++ b/lib/luks2/luks2_json_metadata.c
-@@ -679,11 +679,10 @@ static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
- 	if (first_backup < 0)
- 		first_backup = count;
- 
--	intervals = malloc(first_backup * sizeof(*intervals));
--	if (!intervals) {
--		log_dbg(cd, "Not enough memory.");
--		return 1;
--	}
-+	if (first_backup <= count && (size_t)first_backup < SIZE_MAX / sizeof(*intervals))
-+		intervals = malloc(first_backup * sizeof(*intervals));
-+	else
-+		intervals = NULL;
- 
- 	for (i = 0; i < first_backup; i++) {
- 		jobj = json_segments_get_segment(jobj_segments, i);
-@@ -692,8 +691,14 @@ static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
- 			free(intervals);
- 			return 1;
- 		}
--		intervals[i].offset = json_segment_get_offset(jobj, 0);
--		intervals[i].length = json_segment_get_size(jobj, 0) ?: UINT64_MAX;
-+		if (intervals != NULL) {
-+			intervals[i].offset = json_segment_get_offset(jobj, 0);
-+			intervals[i].length = json_segment_get_size(jobj, 0) ?: UINT64_MAX;
-+		}
-+	}
-+	if (intervals == NULL) {
-+		log_dbg(cd, "Not enough memory.");
-+		return 1;
- 	}
- 
- 	r = !validate_segment_intervals(cd, first_backup, intervals);
--- 
-1.8.3.1
-

0004-Fix-posible-buffer-overflows-in-LUKS-conversion.patch

@@ -1,31 +0,0 @@
-From 88b2d1af10922e0defb3eeacac6bb03aab9cbd60 Mon Sep 17 00:00:00 2001
-From: Ondrej Kozina <okozina@redhat.com>
-Date: Thu, 27 Aug 2020 12:12:13 +0200
-Subject: [PATCH 4/5] Fix posible buffer overflows in LUKS conversion.
-
-cipher[31] and cipher_mode[31] buffers were passed to
-crypt_parse_name_and_mode() routine where sscanf(s, "%31[^-]-%31s",
-cipher, cipher_mode) was called.
-
-In corner case it could cause terminating 0 byte written beyond
-respective arrays.
----
- lib/luks2/luks2_luks1_convert.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/luks2/luks2_luks1_convert.c b/lib/luks2/luks2_luks1_convert.c
-index 603c44d..9b70df1 100644
---- a/lib/luks2/luks2_luks1_convert.c
-+++ b/lib/luks2/luks2_luks1_convert.c
-@@ -675,7 +675,7 @@ static int keyslot_LUKS1_compatible(struct crypt_device *cd, struct luks2_hdr *h
- int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct luks_phdr *hdr1)
- {
- 	size_t buf_size, buf_offset;
--	char cipher[LUKS_CIPHERNAME_L-1], cipher_mode[LUKS_CIPHERMODE_L-1];
-+	char cipher[LUKS_CIPHERNAME_L], cipher_mode[LUKS_CIPHERMODE_L];
- 	char digest[LUKS_DIGESTSIZE], digest_salt[LUKS_SALTSIZE];
- 	const char *hash;
- 	size_t len;
--- 
-1.8.3.1
-

0005-Fix-a-memleak-in-blockwise-test.patch

@@ -1,25 +0,0 @@
-From fa57d76de233e22afd79e81c98a741c23dae3498 Mon Sep 17 00:00:00 2001
-From: Milan Broz <gmazyland@gmail.com>
-Date: Sat, 29 Aug 2020 12:21:32 +0200
-Subject: [PATCH 5/5] Fix a memleak in blockwise test.
-
----
- tests/unit-utils-io.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/unit-utils-io.c b/tests/unit-utils-io.c
-index ff5be52..9e59234 100644
---- a/tests/unit-utils-io.c
-+++ b/tests/unit-utils-io.c
-@@ -99,7 +99,7 @@ static int test_write_buffer(void)
- 	if (ret < 0)
- 		goto out;
- 
--	return (size_t) ret == test_length ? 0 : -EIO;
-+	ret = (size_t) ret == test_length ? 0 : -EIO;
- out:
- 	if (fd >= 0)
- 		close(fd);
--- 
-1.8.3.1
-

cryptsetup.spec

@@ -1,18 +1,15 @@
 Name:     cryptsetup
-Version:  2.3.3
+Version:  2.4.1
-Release:  5
+Release:  1
 Summary:  Utility used to conveniently set up disk encryption
 License:  GPLv2+ and LGPLv2+
 URL:      https://gitlab.com/cryptsetup/cryptsetup
-Source0:  https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-%{version}.tar.xz
+Source0:  https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{version}.tar.xz
 
 Patch1:  0001-cryptsetup-add-system-library-paths.patch
 Patch2:  0002-fix-compat-test.patch
-Patch3:  0003-Check-segment-gaps-regardless-of-heap-space.patch
-Patch4:  0004-Fix-posible-buffer-overflows-in-LUKS-conversion.patch
-Patch5:  0005-Fix-a-memleak-in-blockwise-test.patch
 
-BuildRequires: openssl-devel, popt-devel, device-mapper-devel,  gcc
+BuildRequires: openssl-devel, popt-devel, device-mapper-devel,  gcc, libssh-devel
 BuildRequires: libuuid-devel, json-c-devel, libargon2-devel, libpwquality-devel, libblkid-devel
 Requires:      libpwquality >= 1.2.0
 
@@ -88,10 +85,13 @@ make check
 %license COPYING COPYING.LGPL AUTHORS
 %doc docs/*
 %{_sbindir}/cryptsetup
+%{_sbindir}/cryptsetup-ssh
 %{_libdir}/libcryptsetup.so.*
+%{_libdir}/cryptsetup/*.so
 %{_tmpfilesdir}/cryptsetup.conf
 %ghost %dir /run/cryptsetup
 %exclude %{_libdir}/*.la
+%exclude %{_libdir}/cryptsetup/*.la
 
 %files devel
 %doc docs/examples/*
@@ -113,6 +113,9 @@ make check
 %{_mandir}/man8/*
 
 %changelog
+* Wed Nov 17 2021 Wenchao Hao <haowenchao@huawei.com> - 2.4.1-1
+- Update to 2.4.1 version
+
 * Fri Jul 30 2021 chenyanpanHW <chenyanpan@huawei.com> - 2.3.3-5
 - DESC: delete -S git from %autosetup, and delete BuildRequires git