[arch-commits] Commit in cryptsetup/trunk (2 files)
Christian Hesse
eworm at archlinux.org
Thu Mar 11 14:29:42 UTC 2021
Date: Thursday, March 11, 2021 @ 14:29:42
Author: eworm
Revision: 409619
upgpkg: cryptsetup 2.3.5-1: new upstream release
Modified:
cryptsetup/trunk/PKGBUILD
Deleted:
cryptsetup/trunk/0001-fix-partial-reads-from-TTY.patch
---------------------------------------+
0001-fix-partial-reads-from-TTY.patch | 182 --------------------------------
PKGBUILD | 14 --
2 files changed, 3 insertions(+), 193 deletions(-)
Deleted: 0001-fix-partial-reads-from-TTY.patch
===================================================================
--- 0001-fix-partial-reads-from-TTY.patch 2021-03-11 13:53:00 UTC (rev 409618)
+++ 0001-fix-partial-reads-from-TTY.patch 2021-03-11 14:29:42 UTC (rev 409619)
@@ -1,182 +0,0 @@
-From dfe0135e684cdb85725e065b92a1f32d0f737d86 Mon Sep 17 00:00:00 2001
-From: Milan Broz <gmazyland at gmail.com>
-Date: Sat, 6 Mar 2021 22:37:00 +0100
-Subject: [PATCH 1/2] Fix partial reads from TTY (interactive terminal).
-
-Some stable kernels started to return buffer from terminal
-in partial buffers of maximal size 64 bytes.
-
-This breaks all passphrases longer than 64 characters entered
-through interactive input (for all crypto formats).
-
-(The problem is probably fixed in more recent kernels, but
-the read() call can always return a partial read here.)
-
-This patch also fixes wrong password limit, the last character
-of passphrase of maximal size was never handled.
-Now the maximal passphrase length is really 512 characters.
-
-Fixes: #627.
-(cherry picked from commit ca87b74333082ea04c8ff14450df5580b8c15260)
-Signed-off-by: Christian Hesse <mail at eworm.de>
----
- src/utils_password.c | 36 +++++++++++++++++++++++++++++-------
- tests/compat-test | 36 ++++++++++++++++++++++++++++++++++++
- 2 files changed, 65 insertions(+), 7 deletions(-)
-
-diff --git a/src/utils_password.c b/src/utils_password.c
-index cbeec1df..8e3e3423 100644
---- a/src/utils_password.c
-+++ b/src/utils_password.c
-@@ -102,18 +102,41 @@ static int tools_check_password(const char *password)
- }
-
- /* Password reading helpers */
-+
-+static ssize_t read_tty_eol(int fd, char *pass, size_t maxlen)
-+{
-+ bool eol = false;
-+ size_t read_size = 0;
-+ ssize_t r;
-+
-+ do {
-+ r = read(fd, pass, maxlen - read_size);
-+ if ((r == -1 && errno != EINTR) || quit)
-+ return -1;
-+ if (r >= 0) {
-+ if (!r || pass[r-1] == '\n')
-+ eol = true;
-+ read_size += (size_t)r;
-+ pass = pass + r;
-+ }
-+ } while (!eol && read_size != maxlen);
-+
-+ return (ssize_t)read_size;
-+}
-+
-+/* The pass buffer is zeroed and has trailing \0 already " */
- static int untimed_read(int fd, char *pass, size_t maxlen)
- {
- ssize_t i;
-
-- i = read(fd, pass, maxlen);
-+ i = read_tty_eol(fd, pass, maxlen);
- if (i > 0) {
-- pass[i-1] = '\0';
-+ if (pass[i-1] == '\n')
-+ pass[i-1] = '\0';
- i = 0;
-- } else if (i == 0) { /* EOF */
-- *pass = 0;
-+ } else if (i == 0) /* empty input */
- i = -1;
-- }
-+
- return i;
- }
-
-@@ -200,10 +223,9 @@ static int crypt_get_key_tty(const char *prompt,
- log_err(_("Error reading passphrase from terminal."));
- goto out_err;
- }
-- pass[key_size_max] = '\0';
-
- if (verify) {
-- pass_verify = crypt_safe_alloc(key_size_max);
-+ pass_verify = crypt_safe_alloc(key_size_max + 1);
- if (!pass_verify) {
- log_err(_("Out of memory while reading passphrase."));
- r = -ENOMEM;
-diff --git a/tests/compat-test b/tests/compat-test
-index 8b038036..3696bb56 100755
---- a/tests/compat-test
-+++ b/tests/compat-test
-@@ -1023,5 +1023,41 @@ EOF
- [ $? -eq 0 ] || fail "Expect script failed."
- $CRYPTSETUP remove $DEV_NAME || fail
-
-+prepare "[40] Long passphrase from TTY." wipe
-+EXPECT_DEV=$(losetup $LOOPDEV | sed -e "s/.*(\(.*\))/\1/")
-+
-+# Password of maximal length 512 characters
-+LONG_PWD=\
-+"0123456789abcdef0123456789ABCDEF0123456789abcdef0123456789ABCDEF"\
-+"Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do "\
-+"eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut e"\
-+"nim ad minim veniam, quis nostrud exercitation ullamco laboris n"\
-+"isi ut aliquip ex ea commodo consequat. Duis aute irure dolor in"\
-+" reprehenderit in voluptate velit esse cillum dolore eu fugiat n"\
-+"ulla pariatur. Excepteur sint occaecat cupidatat non proident, s"\
-+"unt in culpa qui officia deserunt mollit anim id est laborum.DEF"
-+
-+echo -n "$LONG_PWD" >$KEYE
-+
-+expect_run - >/dev/null <<EOF
-+proc abort {} { send_error "Timeout. "; exit 2 }
-+set timeout 10
-+eval spawn $CRYPTSETUP_RAW luksFormat --type luks1 $FAST_PBKDF_OPT -v $LOOPDEV
-+expect timeout abort "Are you sure? (Type 'yes' in capital letters):"
-+send "YES\n"
-+expect timeout abort "Enter passphrase for $EXPECT_DEV:"
-+sleep 0.1
-+send "$LONG_PWD\n"
-+expect timeout abort "Verify passphrase:"
-+sleep 0.1
-+send "$LONG_PWD\n"
-+expect timeout abort "Command successful."
-+expect timeout abort eof
-+eval spawn $CRYPTSETUP_RAW luksOpen -v $LOOPDEV --test-passphrase --key-file $KEYE
-+expect timeout abort "Command successful."
-+expect timeout abort eof
-+EOF
-+[ $? -eq 0 ] || fail "Expect script failed."
-+
- remove_mapping
- exit 0
-
-From 375ca00ba9cdd3c67be406a6c26bd37c2c90a0a2 Mon Sep 17 00:00:00 2001
-From: Milan Broz <gmazyland at gmail.com>
-Date: Tue, 9 Mar 2021 11:53:52 +0100
-Subject: [PATCH 2/2] Remove superfluous CONST_CAST.
-
-It only confuses cppcheck.
-(cherry picked from commit 476cd2f764aa61ae78ef5cca5394b36bedb4d379)
-Signed-off-by: Christian Hesse <mail at eworm.de>
----
- src/cryptsetup.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/cryptsetup.c b/src/cryptsetup.c
-index 6e3120e4..8d439096 100644
---- a/src/cryptsetup.c
-+++ b/src/cryptsetup.c
-@@ -472,7 +472,7 @@ static int tcrypt_load(struct crypt_device *cd, struct crypt_params_tcrypt *para
- unsigned long long tmp_pim_ull = 0;
-
- r = tools_get_key(_("Enter VeraCrypt PIM: "),
-- CONST_CAST(char**)&tmp_pim_nptr,
-+ &tmp_pim_nptr,
- &tmp_pim_size, 0, 0, opt_keyfile_stdin, opt_timeout,
- _verify_passphrase(0), 0, cd);
- if (r < 0)
-@@ -489,7 +489,7 @@ static int tcrypt_load(struct crypt_device *cd, struct crypt_params_tcrypt *para
- log_err(_("Invalid PIM value: outside of range."));
- r = -ERANGE;
- }
-- crypt_safe_free(CONST_CAST(char*)tmp_pim_nptr);
-+ crypt_safe_free(tmp_pim_nptr);
- if (r < 0)
- continue;
-
-diff --git a/src/utils_password.c b/src/utils_password.c
-index b77c48e..1e14f46 100644
---- a/src/utils_password.c
-+++ b/src/utils_password.c
-@@ -21,6 +21,7 @@
-
- #include "cryptsetup.h"
- #include <termios.h>
-+#include <stdbool.h>
-
- int opt_force_password = 0;
-
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2021-03-11 13:53:00 UTC (rev 409618)
+++ PKGBUILD 2021-03-11 14:29:42 UTC (rev 409619)
@@ -2,8 +2,8 @@
# Contributor: Thomas Bächler <thomas at archlinux.org>
pkgname=cryptsetup
-pkgver=2.3.4
-pkgrel=3
+pkgver=2.3.5
+pkgrel=1
pkgdesc='Userspace setup tool for transparent encryption of block devices using dm-crypt'
arch=(x86_64)
license=('GPL')
@@ -15,23 +15,15 @@
options=('!emptydirs')
validpgpkeys=('2A2918243FDE46648D0686F9D9B0577BD93E98FC') # Milan Broz <gmazyland at gmail.com>
source=("https://www.kernel.org/pub/linux/utils/cryptsetup/v${pkgver%.*}/${pkgname}-${pkgver}.tar."{xz,sign}
- '0001-fix-partial-reads-from-TTY.patch'
'hooks-encrypt'
'install-encrypt'
'install-sd-encrypt')
-sha256sums=('9d16eebb96b53b514778e813019b8dd15fea9fec5aafde9fae5febf59df83773'
+sha256sums=('ced9946f444d132536daf92fc8aca4277638a3c2d96e20540b2bae4d36fd70c1'
'SKIP'
- 'cefa7d7f7d4a05c354da9b6f0cb9d764191a1aa870d989724633daee137a16ff'
'c17e7e0a3dc9567dc6492e6520abac8b04b570e6318bc6ac8965a1839984b0c2'
'd325dc239ecc9a5324407b0782da6df2573e8491251836d6c4e65fa61339ce57'
'31d816b3650a57512a5f9b52c1995fa65a161faa8b37975d07c9a1b8e1a119db')
-prepare() {
- cd "${srcdir}"/$pkgname-${pkgver}
-
- patch -Np1 < ../0001-fix-partial-reads-from-TTY.patch
-}
-
build() {
cd "${srcdir}"/$pkgname-${pkgver}
More information about the arch-commits
mailing list