cryptsetup-2.6.1

[pierre]

New minor.point version: we have missed 2.5.0 and 2.6.0

[pierre]

Release notes are very detailed and can be found at ​https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.5/v2.5.0-ReleaseNotes and ​https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.6/v2.6.0-ReleaseNotes

for 2.6.1: Cryptsetup 2.6.1 Release Notes

Stable bug-fix release with minor extensions.

All users of cryptsetup 2.6.0 should upgrade to this version.

Changes since version 2.6.0

• bitlk: Fixes for BitLocker-compatible on-disk metadata parser (found by new cryptsetup OSS-Fuzz fuzzers).
  • Fix a possible memory leak if the metadata contains more than one description field.
  • Harden parsing of metadata entries for key and description entries.
  • Fix broken metadata parsing that can cause a crash or out of memory.

• Fix possible iteration overflow in OpenSSL2 PBKDF2 crypto backend. OpenSSL2 uses a signed integer for PBKDF2 iteration count. As cryptsetup uses an unsigned value, this can lead to overflow and a decrease in the actual iteration count. This situation can happen only if the user specifies --pbkdf-force-iterations option. OpenSSL3 (and other supported crypto backends) are not affected.

• Fix compilation for new ISO C standards (gcc with -std=c11 and higher).

• fvault2: Fix compilation with very old uuid.h.

• verity: Fix possible hash offset setting overflow.

• bitlk: Fix use of startup BEK key on big-endian platforms.

• Fix compilation with latest musl library. Recent musl no longer implements lseek64() in some configurations. Use lseek() as 64-bit offset is mandatory for cryptsetup.

• Do not initiate encryption (reencryption command) when the header and data devices are the same. If data device reduction is not requsted, this leads to data corruption since LUKS metadata was written over the data device.

• Fix possible memory leak if crypt_load() fails.

• Always use passphrases with a minimal 8 chars length for benchmarking. Some enterprise distributions decided to set an unconditional check for PBKDF2 password length when running in FIPS mode. This questionable change led to unexpected failures during LUKS format and keyslot operations, where short passwords were used for benchmarking PBKDF2 speed. PBKDF2 benchmark calculations should not be affected by this change.

[Bruce Dubbs]

Replying to pierre:

fix currency?

This is tricky. There is a 2.7 directory at ​https://www.kernel.org/pub/linux/utils/cryptsetup but it only has -rc0 files. The currency has to go to that directory and if it can't find a stable .tar.xz tarball it would need to back up to the previous directory. Not simple.

If we just leave it a 2.7, we would have to wait for the stable release. In this case the last stable release was in February.

I did find ​https://gitlab.com/cryptsetup/cryptsetup but is has one of those oh-so-clever webpages that does not present the data directly but makes the browser do some sort of secondary fetch to get most the the real data. That's a difficult task with wget or curl or links.

I'm leaning towards just marking the package as "manual" unless someone has a better idea.

[Xi Ruoyao]

Replying to Bruce Dubbs:

Replying to pierre:

fix currency?

This is tricky. There is a 2.7 directory at ​https://www.kernel.org/pub/linux/utils/cryptsetup but it only has -rc0 files. The currency has to go to that directory and if it can't find a stable .tar.xz tarball it would need to back up to the previous directory. Not simple.

If we just leave it a 2.7, we would have to wait for the stable release. In this case the last stable release was in February.

I did find ​https://gitlab.com/cryptsetup/cryptsetup but is has one of those oh-so-clever webpages that does not present the data directly but makes the browser do some sort of secondary fetch to get most the the real data. That's a difficult task with wget or curl or links.

I'm leaning towards just marking the package as "manual" unless someone has a better idea.

Try this: ​https://gitlab.com/api/v4/projects/195655/repository/tags

[Xi Ruoyao]

configure: error: Building man pages requires asciidoctor installed

:(

[Xi Ruoyao]

Replying to Xi Ruoyao:

configure: error: Building man pages requires asciidoctor installed

:(

It can be disabled with --disable-asciidoc. And even if it's disabled the man pages (shipped in the tarball) are stil installed.

[Bruce Dubbs]

Replying to Xi Ruoyao:

Replying to Bruce Dubbs:

Replying to pierre:

Try this: ​https://gitlab.com/api/v4/projects/195655/repository/tags

I can't get that to work. When I do a wget on that url it returns a single physical line that is 32580 bytes long. I can't figure out a regex to extract what is needed.

[Xi Ruoyao]

Replying to Bruce Dubbs:

Replying to Xi Ruoyao:

Replying to Bruce Dubbs:

Replying to pierre:

Try this: ​https://gitlab.com/api/v4/projects/195655/repository/tags

I can't get that to work. When I do a wget on that url it returns a single physical line that is 32580 bytes long. I can't figure out a regex to extract what is needed.

Try:

curl "https://gitlab.com/api/v4/projects/195655/repository/tags?per_page=5" | grep -o 'v[0-9\.]\+"'

[Joe Locash]

How about:

git ls-remote --tags --refs https://gitlab.com/cryptsetup/cryptsetup.git | grep -v "\-rc" | tail -1

[Bruce Dubbs]

I did the currency a bit differently in php. I had not realized that the input string was json. This explains what I did:

  // $lines is an array of size 1.  It is a json string.
  if ( $package == "cryptsetup" )
  {
     $a     = array();
     $names = array();
     $object = json_decode( $lines[0], true );

     // When decoded, each entry is an associative array.
     // The name is what we want and of the form v<version>
     foreach( $object as $a )
     {
        $name=$a['name'];
        array_push( $names, $name . "\n" );
     }

     $max = find_max( $names, "/v\d/", "/^v([\d\.]+\d)$/" );
     return $max;
  }

[Bruce Dubbs]

Fixed at commits

032d0cfcbd Update to shared-mime-info-2.4.
30940d7b95 Update to cryptsetup-2.6.1.