!23 Update to cryptsetup-2.4.1
From: @wenchao-hao Reviewed-by: @liuzhiqiang26 Signed-off-by: @liuzhiqiang26
This commit is contained in:
openeuler-ci-bot
Gitee
commit
263de2600f
@ -8,10 +8,10 @@ Subject: [PATCH 2/2] fix compat test
|
||||
1 file changed, 8 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/tests/compat-test b/tests/compat-test
|
||||
index a61453e..7ee946e 100755
|
||||
index a71b247..9e395b1 100755
|
||||
--- a/tests/compat-test
|
||||
+++ b/tests/compat-test
|
||||
@@ -22,6 +22,7 @@ PWD0="compatkey"
|
||||
@@ -23,6 +23,7 @@ PWD0="compatkey"
|
||||
PWD1="93R4P4pIqAH8"
|
||||
PWD2="mymJeD8ivEhE"
|
||||
PWD3="ocMakf3fAcQO"
|
||||
@ -19,7 +19,7 @@ index a61453e..7ee946e 100755
|
||||
PWDW="rUkL4RUryBom"
|
||||
VK_FILE="compattest_vkfile"
|
||||
|
||||
@@ -225,17 +226,17 @@ echo $PWD1 | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail
|
||||
@@ -239,17 +240,17 @@ echo $PWD1 | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail
|
||||
echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT || fail
|
||||
echo -e "$PWD0\n$PWD1" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail
|
||||
echo "[4] change key"
|
||||
@ -41,26 +41,29 @@ index a61453e..7ee946e 100755
|
||||
[ $? -ne 1 ] && fail "luksOpen should return ENOENT exit code"
|
||||
echo $PWD2 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
|
||||
[ $? -ne 1 ] && fail "luksOpen should return ENOENT exit code"
|
||||
@@ -867,16 +868,16 @@ expect timeout abort "Are you sure? (Type 'yes' in capital letters):"
|
||||
send "YES\n"
|
||||
@@ -866,11 +867,11 @@ set timeout $EXPECT_TIMEOUT
|
||||
eval spawn $CRYPTSETUP_RAW luksOpen -v -T 2 $LOOPDEV $DEV_NAME
|
||||
expect timeout abort "Enter passphrase for $EXPECT_DEV:"
|
||||
sleep 0.1
|
||||
-send "$PWD0\n"
|
||||
+send "$PWD4\n"
|
||||
expect timeout abort "Verify passphrase:"
|
||||
sleep 0.1
|
||||
-send "$PWD0\n"
|
||||
+send "$PWD4\n"
|
||||
expect timeout abort "Command successful."
|
||||
expect timeout abort eof
|
||||
eval spawn $CRYPTSETUP luksOpen -v $LOOPDEV --test-passphrase
|
||||
-send "$PWD0 x\n"
|
||||
+send "$PWD4 x\n"
|
||||
expect timeout abort "No key available with this passphrase."
|
||||
expect timeout abort "Enter passphrase for $EXPECT_DEV:"
|
||||
sleep 0.1
|
||||
-send "$PWD0\n"
|
||||
+send "$PWD4\n"
|
||||
expect timeout abort "Command successful."
|
||||
-send "$PWD0 y\n"
|
||||
+send "$PWD4 y\n"
|
||||
expect timeout abort "No key available with this passphrase."
|
||||
expect timeout abort eof
|
||||
exit
|
||||
@@ -886,7 +887,7 @@ expect timeout abort "Are you sure? (Type 'yes' in capital letters):"
|
||||
send "YES\n"
|
||||
expect timeout abort "Enter any remaining passphrase:"
|
||||
sleep 0.1
|
||||
-send "$PWD0\n"
|
||||
+send "$PWD4\n"
|
||||
expect timeout abort "Command successful."
|
||||
expect timeout abort eof
|
||||
eval spawn $CRYPTSETUP_RAW luksKillSlot -v $LOOPDEV 0
|
||||
--
|
||||
1.8.3.1
|
||||
2.30.0
|
||||
|
||||
|
||||
@ -1,61 +0,0 @@
|
||||
From e8e71e43c3ff2dca951d30af48708bcb411e47d2 Mon Sep 17 00:00:00 2001
|
||||
From: Tobias Stoeckmann <tobias@stoeckmann.org>
|
||||
Date: Mon, 24 Aug 2020 19:21:43 +0200
|
||||
Subject: [PATCH 3/5] Check segment gaps regardless of heap space.
|
||||
|
||||
Segments are validated in hdr_validate_segments. Gaps in segment keys
|
||||
are detected when collecting offsets. But if an invalid segment is very
|
||||
large, larger than count, it could happen that cryptsetup is unable to
|
||||
allocate enough memory, not giving a clue about what actually is the
|
||||
problem.
|
||||
|
||||
Therefore check for gaps even if not enough memory is available. This
|
||||
gives much more information with debug output enabled.
|
||||
|
||||
Obviously cryptsetup still fails if segments are perfectly fine but not
|
||||
enough RAM available. But at that stage, the user knows that it's the
|
||||
fault of the system, not of an invalid segment.
|
||||
---
|
||||
lib/luks2/luks2_json_metadata.c | 19 ++++++++++++-------
|
||||
1 file changed, 12 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
|
||||
index e346067..e4e1424 100644
|
||||
--- a/lib/luks2/luks2_json_metadata.c
|
||||
+++ b/lib/luks2/luks2_json_metadata.c
|
||||
@@ -679,11 +679,10 @@ static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
|
||||
if (first_backup < 0)
|
||||
first_backup = count;
|
||||
|
||||
- intervals = malloc(first_backup * sizeof(*intervals));
|
||||
- if (!intervals) {
|
||||
- log_dbg(cd, "Not enough memory.");
|
||||
- return 1;
|
||||
- }
|
||||
+ if (first_backup <= count && (size_t)first_backup < SIZE_MAX / sizeof(*intervals))
|
||||
+ intervals = malloc(first_backup * sizeof(*intervals));
|
||||
+ else
|
||||
+ intervals = NULL;
|
||||
|
||||
for (i = 0; i < first_backup; i++) {
|
||||
jobj = json_segments_get_segment(jobj_segments, i);
|
||||
@@ -692,8 +691,14 @@ static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
|
||||
free(intervals);
|
||||
return 1;
|
||||
}
|
||||
- intervals[i].offset = json_segment_get_offset(jobj, 0);
|
||||
- intervals[i].length = json_segment_get_size(jobj, 0) ?: UINT64_MAX;
|
||||
+ if (intervals != NULL) {
|
||||
+ intervals[i].offset = json_segment_get_offset(jobj, 0);
|
||||
+ intervals[i].length = json_segment_get_size(jobj, 0) ?: UINT64_MAX;
|
||||
+ }
|
||||
+ }
|
||||
+ if (intervals == NULL) {
|
||||
+ log_dbg(cd, "Not enough memory.");
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
r = !validate_segment_intervals(cd, first_backup, intervals);
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@ -1,31 +0,0 @@
|
||||
From 88b2d1af10922e0defb3eeacac6bb03aab9cbd60 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Kozina <okozina@redhat.com>
|
||||
Date: Thu, 27 Aug 2020 12:12:13 +0200
|
||||
Subject: [PATCH 4/5] Fix posible buffer overflows in LUKS conversion.
|
||||
|
||||
cipher[31] and cipher_mode[31] buffers were passed to
|
||||
crypt_parse_name_and_mode() routine where sscanf(s, "%31[^-]-%31s",
|
||||
cipher, cipher_mode) was called.
|
||||
|
||||
In corner case it could cause terminating 0 byte written beyond
|
||||
respective arrays.
|
||||
---
|
||||
lib/luks2/luks2_luks1_convert.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/luks2/luks2_luks1_convert.c b/lib/luks2/luks2_luks1_convert.c
|
||||
index 603c44d..9b70df1 100644
|
||||
--- a/lib/luks2/luks2_luks1_convert.c
|
||||
+++ b/lib/luks2/luks2_luks1_convert.c
|
||||
@@ -675,7 +675,7 @@ static int keyslot_LUKS1_compatible(struct crypt_device *cd, struct luks2_hdr *h
|
||||
int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct luks_phdr *hdr1)
|
||||
{
|
||||
size_t buf_size, buf_offset;
|
||||
- char cipher[LUKS_CIPHERNAME_L-1], cipher_mode[LUKS_CIPHERMODE_L-1];
|
||||
+ char cipher[LUKS_CIPHERNAME_L], cipher_mode[LUKS_CIPHERMODE_L];
|
||||
char digest[LUKS_DIGESTSIZE], digest_salt[LUKS_SALTSIZE];
|
||||
const char *hash;
|
||||
size_t len;
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@ -1,25 +0,0 @@
|
||||
From fa57d76de233e22afd79e81c98a741c23dae3498 Mon Sep 17 00:00:00 2001
|
||||
From: Milan Broz <gmazyland@gmail.com>
|
||||
Date: Sat, 29 Aug 2020 12:21:32 +0200
|
||||
Subject: [PATCH 5/5] Fix a memleak in blockwise test.
|
||||
|
||||
---
|
||||
tests/unit-utils-io.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tests/unit-utils-io.c b/tests/unit-utils-io.c
|
||||
index ff5be52..9e59234 100644
|
||||
--- a/tests/unit-utils-io.c
|
||||
+++ b/tests/unit-utils-io.c
|
||||
@@ -99,7 +99,7 @@ static int test_write_buffer(void)
|
||||
if (ret < 0)
|
||||
goto out;
|
||||
|
||||
- return (size_t) ret == test_length ? 0 : -EIO;
|
||||
+ ret = (size_t) ret == test_length ? 0 : -EIO;
|
||||
out:
|
||||
if (fd >= 0)
|
||||
close(fd);
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
Binary file not shown.
@ -1,18 +1,15 @@
|
||||
Name: cryptsetup
|
||||
Version: 2.3.3
|
||||
Release: 5
|
||||
Version: 2.4.1
|
||||
Release: 1
|
||||
Summary: Utility used to conveniently set up disk encryption
|
||||
License: GPLv2+ and LGPLv2+
|
||||
URL: https://gitlab.com/cryptsetup/cryptsetup
|
||||
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-%{version}.tar.xz
|
||||
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{version}.tar.xz
|
||||
|
||||
Patch1: 0001-cryptsetup-add-system-library-paths.patch
|
||||
Patch2: 0002-fix-compat-test.patch
|
||||
Patch3: 0003-Check-segment-gaps-regardless-of-heap-space.patch
|
||||
Patch4: 0004-Fix-posible-buffer-overflows-in-LUKS-conversion.patch
|
||||
Patch5: 0005-Fix-a-memleak-in-blockwise-test.patch
|
||||
|
||||
BuildRequires: openssl-devel, popt-devel, device-mapper-devel, gcc
|
||||
BuildRequires: openssl-devel, popt-devel, device-mapper-devel, gcc, libssh-devel
|
||||
BuildRequires: libuuid-devel, json-c-devel, libargon2-devel, libpwquality-devel, libblkid-devel
|
||||
Requires: libpwquality >= 1.2.0
|
||||
|
||||
@ -88,10 +85,13 @@ make check
|
||||
%license COPYING COPYING.LGPL AUTHORS
|
||||
%doc docs/*
|
||||
%{_sbindir}/cryptsetup
|
||||
%{_sbindir}/cryptsetup-ssh
|
||||
%{_libdir}/libcryptsetup.so.*
|
||||
%{_libdir}/cryptsetup/*.so
|
||||
%{_tmpfilesdir}/cryptsetup.conf
|
||||
%ghost %dir /run/cryptsetup
|
||||
%exclude %{_libdir}/*.la
|
||||
%exclude %{_libdir}/cryptsetup/*.la
|
||||
|
||||
%files devel
|
||||
%doc docs/examples/*
|
||||
@ -113,6 +113,9 @@ make check
|
||||
%{_mandir}/man8/*
|
||||
|
||||
%changelog
|
||||
* Wed Nov 17 2021 Wenchao Hao <haowenchao@huawei.com> - 2.4.1-1
|
||||
- Update to 2.4.1 version
|
||||
|
||||
* Fri Jul 30 2021 chenyanpanHW <chenyanpan@huawei.com> - 2.3.3-5
|
||||
- DESC: delete -S git from %autosetup, and delete BuildRequires git
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user