diffstat for cryptsetup-2.1.0 cryptsetup-2.1.0 changelog | 1365 +++++++++++++++++++++++++++++++++++++++++++++ control | 7 initramfs/cryptroot-unlock | 18 3 files changed, 1381 insertions(+), 9 deletions(-) diff -Nru cryptsetup-2.1.0/debian/changelog cryptsetup-2.1.0/debian/changelog --- cryptsetup-2.1.0/debian/changelog 2019-05-28 15:04:16.000000000 +0000 +++ cryptsetup-2.1.0/debian/changelog 2019-05-29 01:32:08.000000000 +0000 @@ -1,3 +1,14 @@ +cryptsetup (2:2.1.0-4ubuntu1) eoan; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/control: + + Recommend plymouth. + + Depend on busybox-initramfs instead of busybox | busybox-static. + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox + compatibility. + + -- Steve Langasek Tue, 28 May 2019 18:32:08 -0700 + cryptsetup (2:2.1.0-4) unstable; urgency=medium [Guilhem Moulin] @@ -17,6 +28,26 @@ -- Guilhem Moulin Tue, 28 May 2019 17:04:16 +0200 +cryptsetup (2:2.1.0-3ubuntu2) eoan; urgency=medium + + * Depend on busybox-initramfs, which is the implementation we actually use + for the initramfs and is guaranteed to always be present, instead of + busybox-static. + + -- Steve Langasek Thu, 09 May 2019 14:47:04 -0700 + +cryptsetup (2:2.1.0-3ubuntu1) eoan; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/control: + + Recommend plymouth. + + Invert the "busybox | busybox-static" Recommends, as the latter + is the one we ship in main as part of the ubuntu-standard task. + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox + compatibility. LP: #1651818 + + -- Steve Langasek Fri, 03 May 2019 16:22:03 -0700 + cryptsetup (2:2.1.0-3) unstable; urgency=medium * d/scripts/decrypt_opensc: Fix standard output poisoning. Thanks to Nils @@ -40,6 +71,19 @@ -- Guilhem Moulin Thu, 28 Feb 2019 22:32:43 +0100 +cryptsetup (2:2.1.0-1ubuntu1) disco; urgency=medium + + * Merge from Debian unstable. LP: #1815484 + * Remaining changes: + - debian/control: + + Recommend plymouth. + + Invert the "busybox | busybox-static" Recommends, as the latter + is the one we ship in main as part of the ubuntu-standard task. + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox + compatibility. LP: #1651818 + + -- Dimitri John Ledkov Wed, 13 Feb 2019 21:28:23 +0000 + cryptsetup (2:2.1.0-1) unstable; urgency=medium * New upstream release. Highlights include: @@ -82,6 +126,20 @@ -- Guilhem Moulin Sat, 09 Feb 2019 00:40:17 +0100 +cryptsetup (2:2.0.6-1ubuntu1) disco; urgency=medium + + * Merge from Debian unstable. + * Remaining changes: + - debian/control: + + Recommend plymouth. + + Invert the "busybox | busybox-static" Recommends, as the latter + is the one we ship in main as part of the ubuntu-standard task. + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox + compatibility. LP: #1651818 + * Dropped delta sector_size support, merged in Debian. + + -- Dimitri John Ledkov Tue, 05 Feb 2019 13:43:25 +0000 + cryptsetup (2:2.0.6-1) unstable; urgency=medium * New upstream bugfix release. Highlights include: @@ -146,6 +204,27 @@ -- Guilhem Moulin Mon, 22 Oct 2018 17:45:35 +0200 +cryptsetup (2:2.0.4-2ubuntu2) cosmic; urgency=medium + + * Implement support for --sector-size cryptsetup plain mode option in + crypttab. Matching support is also proposed to systemd-cryptsetup as + well. LP: #1776626 + + -- Dimitri John Ledkov Fri, 31 Aug 2018 17:00:07 +0100 + +cryptsetup (2:2.0.4-2ubuntu1) cosmic; urgency=low + + * Merge from Debian unstable. LP: #1785610. + * Remaining changes: + - debian/control: + + Recommend plymouth. + + Invert the "busybox | busybox-static" Recommends, as the latter + is the one we ship in main as part of the ubuntu-standard task. + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox + compatibility. LP: #1651818 + + -- Dimitri John Ledkov Wed, 22 Aug 2018 22:51:47 +0100 + cryptsetup (2:2.0.4-2) unstable; urgency=medium * debian/cryptsetup-initramfs.preinst: Don't try to overwrite @@ -178,6 +257,28 @@ -- Guilhem Moulin Mon, 30 Jul 2018 16:32:07 +0800 +cryptsetup (2:2.0.3-6ubuntu1) cosmic; urgency=low + + * Merge from Debian unstable. LP: #1781912. + * Remaining changes: + - debian/control: + + Recommend plymouth. + + Invert the "busybox | busybox-static" Recommends, as the latter + is the one we ship in main as part of the ubuntu-standard task. + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox + compatibility. LP: #1651818 + * Dropped changes, included in Debian: + - Drop explicit libgcrypt20 dependency from libcryptsetup4. + - Drop the CRYPTSETUP variable warning from the initramfs hook, as + overlayroot package ships a dropin in conf-hooks.d triggering false + warnings. + - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE + - Drop c99 std, as the default is now higher than that + * Dropped changes, no longer needed: + - Add maintscript to drop removed upstart system jobs. + + -- Steve Langasek Mon, 16 Jul 2018 08:27:58 -0400 + cryptsetup (2:2.0.3-6) unstable; urgency=medium * debian/TODO.md: Remove mention of parent device detection for mdadm @@ -462,6 +563,45 @@ -- Jonas Meurer Fri, 15 Jun 2018 15:32:16 +0200 +cryptsetup (2:2.0.2-1ubuntu3) cosmic; urgency=medium + + * No-change rebuild against libargon2-1 + + -- Steve Langasek Tue, 10 Jul 2018 17:01:23 +0000 + +cryptsetup (2:2.0.2-1ubuntu2) cosmic; urgency=medium + + * Apply patch from Trent Nelson to fix cryptroot-unlock for busybox + compatibility. LP: #1651818 + + -- Dimitri John Ledkov 🌈 Thu, 21 Jun 2018 16:38:31 +0100 + +cryptsetup (2:2.0.2-1ubuntu1) bionic; urgency=low + + * Merge from Debian unstable. + - bugfix upstream release, which solves problems with luks2 format + disks not unlocking. LP: #1755322. + * Remaining changes: + - debian/control: + + Depend on plymouth. + + Invert the "busybox | busybox-static" Recommends, as the latter + is the one we ship in main as part of the ubuntu-standard task. + + Drop explicit libgcrypt20 dependency from libcryptsetup4. + - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE + - Drop c99 std, as the default is now higher than that + - Drop upstart system jobs. + - Add maintscript to drop removed upstart system jobs. + - debian has its own now, but we have different version numbers. + this delta can be dropped after 18.04 release. + - Drop the CRYPTSETUP variable warning from the initramfs hook, as + overlayroot package ships a dropin in conf-hooks.d triggering false + warnings. + * Dropped changes: + - debian/cryptdisks{,-udev}.maintscript: drop, there is no package named + 'cryptdisks' or 'cryptdisks-udev'. + + -- Steve Langasek Fri, 06 Apr 2018 10:23:53 -0700 + cryptsetup (2:2.0.2-1) unstable; urgency=low * New upstream release 2.0.2 @@ -491,6 +631,40 @@ -- Guilhem Moulin Sun, 11 Feb 2018 00:02:05 +0100 +cryptsetup (2:2.0.1-0ubuntu2) bionic; urgency=medium + + * Drop the CRYPTSETUP variable warning from the initramfs hook, as + overlayroot package ships a dropin in conf-hooks.d triggering false + warnings. + + -- Dimitri John Ledkov Thu, 22 Feb 2018 14:49:16 +0000 + +cryptsetup (2:2.0.1-0ubuntu1) bionic; urgency=medium + + * Merge from Debian unstable. Remaining changes: + - debian/control: + + Depend on plymouth. + + Invert the "busybox | busybox-static" Recommends, as the latter + is the one we ship in main as part of the ubuntu-standard task. + + Drop explicit libgcrypt20 dependency from libcryptsetup4. + - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE + - Drop c99 std, as the default is now higher than that + - Drop upstart system jobs. + - Add maintscript to drop removed upstart system jobs. + - debian has its own now, but we have different version numbers + * New upstream release + * Cherry-pick Guilhem Moulin's changes below from Debian git + + [ Guilhem Moulin ] + * New upstream release 2.0.1: + - Use /run/cryptsetup as default for cryptsetup locking dir. + - Add missing symbols for new functions to debian/libcryptsetup12.symbols. + * debian/copyright: update copyright years. + * debian/patches: backport upstream's 8728ba08 to fix opening of loop-AES + devices using --key-file=-. (Closes: #888162.) + + -- Julian Andres Klode Mon, 29 Jan 2018 13:48:55 +0100 + cryptsetup (2:2.0.0-1) unstable; urgency=low [ Guilhem Moulin ] @@ -540,6 +714,26 @@ -- Guilhem Moulin Tue, 03 Oct 2017 03:37:36 +0200 +cryptsetup (2:1.7.5-1ubuntu1) bionic; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/control: + + Depend on plymouth. + + Invert the "busybox | busybox-static" Recommends, as the latter + is the one we ship in main as part of the ubuntu-standard task. + + Drop explicit libgcrypt20 dependency from libcryptsetup4. + - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE + - Drop c99 std, as the default is now higher than that + - Drop upstart system jobs. + - Add maintscript to drop removed upstart system jobs. + * Merged upstream: + - d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat + with recent FIPS enabled kernels. + * Merged in Debian: + - Use DEB_VERSION from dpkg/default.mk for pod2man release variable + + -- Julian Andres Klode Wed, 17 Jan 2018 21:39:10 +0100 + cryptsetup (2:1.7.5-1) unstable; urgency=low * New upstream release 1.7.5. @@ -562,6 +756,25 @@ -- Guilhem Moulin Thu, 14 Sep 2017 13:00:23 +0200 +cryptsetup (2:1.7.3-4ubuntu1) artful; urgency=low + + * New upstream release, merge from Debian unstable. Remaining + Ubuntu changes: + - debian/control: + + Depend on plymouth. + + Invert the "busybox | busybox-static" Recommends, as the latter + is the one we ship in main as part of the ubuntu-standard task. + + Drop explicit libgcrypt20 dependency from libcryptsetup4. + * d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat + with recent FIPS enabled kernels. + * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE + * Drop c99 std, as the default is now higher than that + * Use DEB_VERSION from dpkg/default.mk for pod2man release variable + * Drop upstart system jobs. + * Add maintscript to drop removed upstart system jobs. + + -- Andy Whitcroft Thu, 10 Aug 2017 14:07:29 +0100 + cryptsetup (2:1.7.3-4) unstable; urgency=high [ Guilhem Moulin ] @@ -774,6 +987,40 @@ -- Jonas Meurer Wed, 05 Oct 2016 20:53:09 +0200 +cryptsetup (2:1.7.2-0ubuntu4) artful; urgency=medium + + * Add maintscript to drop removed upstart system jobs. + + -- Dimitri John Ledkov Mon, 21 Aug 2017 11:36:04 +0100 + +cryptsetup (2:1.7.2-0ubuntu3) artful; urgency=medium + + * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCe + * Drop c99 std, as the default is now higher than that + * Use DEB_VERSION from dpkg/default.mk for pod2man release variable + + -- Dimitri John Ledkov Sat, 19 Aug 2017 21:46:19 +0100 + +cryptsetup (2:1.7.2-0ubuntu2) artful; urgency=medium + + * Drop upstart system jobs. + + -- Dimitri John Ledkov Sat, 19 Aug 2017 20:57:17 +0100 + +cryptsetup (2:1.7.2-0ubuntu1) yakkety; urgency=medium + + * New upstream release, merge from Debian unstable (LP: #1548137). Remaining + Ubuntu changes: + - debian/control: + + Bump initramfs-tools Suggests to Depends: so system is not + potentially rendered unbootable. + + Depend on plymouth. + + Invert the "busybox | busybox-static" Recommends, as the latter + is the one we ship in main as part of the ubuntu-standard task. + + Drop explicit libgcrypt20 dependency from libcryptsetup4. + + -- Unit 193 Wed, 22 Jun 2016 16:30:01 -0400 + cryptsetup (2:1.7.0-2) unstable; urgency=medium [ Guilhem Moulin ] @@ -848,6 +1095,35 @@ -- Jonas Meurer Thu, 07 Jan 2016 02:22:33 +0100 +cryptsetup (2:1.6.6-5ubuntu2) wily; urgency=medium + + * Fix stupid typo in Recommends "busybox | busybox-static" inversion. + Fixes binary moves for busybox into main. + + -- Andy Whitcroft Fri, 21 Aug 2015 08:56:34 +0100 + +cryptsetup (2:1.6.6-5ubuntu1) wily; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/control: + + Bump initramfs-tools Suggests to Depends: so system is not + potentially rendered unbootable. + + Depend on plymouth. + + Invert the "busybox | busybox-static" Recommends, as the latter + is the one we ship in main as part of the ubuntu-standard task. + + Drop explicit libgcrypt11 dependency from libcryptsetup4. + * Dropped changes, now in Debian: + - Remove hardcoded paths to udevadm. + - debian/initramfs/cryptroot-hook: + + Do not unconditionally include cryptsetup utils in the initramfs. + + Do not include any modules or utils in the initramfs, unless + rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in + the initramfs.conf configuration file. + - debian/cryptsetup.maintscripts: + + Migrate upstart jobs to new names. + + -- Andy Whitcroft Tue, 07 Jul 2015 16:58:45 +0100 + cryptsetup (2:1.6.6-5) unstable; urgency=high * debian/cryptdisks.functions: fix the precheck for ubuntu+upstart @@ -1000,6 +1276,71 @@ -- Jonas Meurer Fri, 28 Jun 2013 12:14:55 +0200 +cryptsetup (2:1.6.1-1ubuntu7) vivid; urgency=medium + + * Drop explicit libgcrypt11 dependency from libcryptsetup4. + + -- Adam Conrad Fri, 27 Mar 2015 18:24:38 -0600 + +cryptsetup (2:1.6.1-1ubuntu6) vivid; urgency=medium + + * No-change rebuild for the libgcrypt20 transition. + + -- Adam Conrad Fri, 27 Mar 2015 06:16:08 -0600 + +cryptsetup (2:1.6.1-1ubuntu5) vivid; urgency=medium + + * ./debian/scripts/luksformat: Drop luksFormat -s and --ciper options. They + aren't necessary any more, and aes-cbc-essiv:sha256 is obsolete. This will + now use aes-xts-plain64 by default. (LP: #1414719) + + -- Martin Pitt Fri, 27 Feb 2015 09:37:05 +0100 + +cryptsetup (2:1.6.1-1ubuntu4) vivid; urgency=medium + + * No change rebuild to get debug symbols for all architectures. + + -- Brian Murray Wed, 03 Dec 2014 08:03:31 -0800 + +cryptsetup (2:1.6.1-1ubuntu3) utopic; urgency=high + + * No change rebuild against new dh_installinit, to call update-rc.d at + postinst. + + -- Dimitri John Ledkov Wed, 28 May 2014 10:39:30 +0100 + +cryptsetup (2:1.6.1-1ubuntu2) utopic; urgency=medium + + * debian/askpass.c: + - Fix bug (LP: #1301086) where askpass fails to restore terminal + settings. + + -- Robert Barabas Fri, 18 Apr 2014 14:08:51 -0400 + +cryptsetup (2:1.6.1-1ubuntu1) trusty; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/control: + + Bump initramfs-tools Suggests to Depends: so system is not + potentially rendered unbootable. + + Depend on plymouth. + + - Invert the "busybox | busybox-static" Recommends, as the latter is + the one we ship in main as part of the ubuntu-standard task. + + - Remove hardcoded paths to udevadm (LP: #1184066). + + - debian/initramfs/cryptroot-hook: + + Do not unconditionally include cryptsetup utils in the initramfs. + + Do not include any modules or utils in the initramfs, unless + rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in + the initramfs.conf configuration file. + + - debian/cryptsetup.maintscripts: + + Migrate upstart jobs to new names. + + -- Dmitrijs Ledkovs Fri, 01 Nov 2013 16:48:57 +0000 + cryptsetup (2:1.6.1-1) unstable; urgency=low [ Milan Broz ] @@ -1041,6 +1382,50 @@ -- Jonas Meurer Fri, 28 Jun 2013 12:10:41 +0200 +cryptsetup (2:1.4.3-4ubuntu4) saucy; urgency=low + + * debian/initramfs/cryptroot-hook: + - Do not unconditionally include cryptsetup utils in the initramfs. + - Do not include any modules or utils in the initramfs, unless + rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in + the initramfs.conf configuration file. + + -- Dmitrijs Ledkovs Mon, 10 Jun 2013 16:25:46 +0100 + +cryptsetup (2:1.4.3-4ubuntu3) saucy; urgency=low + + * Remove hardcoded paths to udevadm (LP: #1184066). + + -- Colin Watson Tue, 28 May 2013 11:27:27 +0100 + +cryptsetup (2:1.4.3-4ubuntu2) raring; urgency=low + + * Invert the "busybox | busybox-static" Recommends, as the latter + is the one we ship in main as part of the ubuntu-standard task. + + -- Adam Conrad Fri, 16 Nov 2012 01:14:35 -0700 + +cryptsetup (2:1.4.3-4ubuntu1) raring; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/control: + + Bump initramfs-tools Suggests to Depends: so system is not + potentially rendered unbootable. + + Depend on plymouth. + + - init/upstart jobs: + + Rename cryptddisks{,-early}.upstart jobs to + cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs + for now. + + debian/cryptdisks{,-early}.init: Make the 'start' action of the init + script a no-op, this should be handled entirely by the upstart job; + and fix the LSB header to not declare this should be started in + runlevel 'S'. + + Do not install start symlinks for init scripts + + NB! shutdown is still handled by the SystemV init scripts + + -- Dmitrijs Ledkovs Tue, 13 Nov 2012 11:17:57 +0000 + cryptsetup (2:1.4.3-4) unstable; urgency=medium * change recommends for busybox to busybox | busybox-static. Thanks to @@ -1073,6 +1458,50 @@ -- Jonas Meurer Thu, 01 Nov 2012 15:34:09 +0100 +cryptsetup (2:1.4.3-2ubuntu1) quantal; urgency=low + + * Merge from debian unstable (LP: #1015753), remaining changes: + - debian/control: + + Bump initramfs-tools Suggests to Depends: so system is not + potentially rendered unbootable. + + Depend on plymouth. + + - init/upstart jobs: + + Add debian/cryptdisks-{enable,udev}.upstart for bootup. + + debian/cryptdisks{,-early}.init: Make the 'start' action of the init + script a no-op, this should be handled entirely by the upstart job; + and fix the LSB header to not declare this should be started in + runlevel 'S'. + + Do not install start symlinks for init scripts + + NB! shutdown is still handled by the SystemV init scripts + + * Rename cryptddisks{,-early}.upstart jobs back to + cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs + for now. + + * Dropped Changes, included in Debian: + - debian/control: + + Split up package in cryptsetup and cryptsetup-bin. (LP: #343363). + + - debian/cryptdisks.functions: + + Do not overwrite existing filesystems when creating swap (LP: #474258). + + Add aesni module when we have hardware encryption. + + Call 'udevadm settle' before 'dmsetup rename' http://pad.lv/874774 + + Suppress "Starting init crypto disks" message in "init" phase, to + avoid writing over fsck progress text. + + new function, crypttab_start_one_disk, to look for the named source + device in /etc/crypttab (by device name, UUID, or label) and start it + if configured to do so + + handle the case where crypttab contains a name for the source + device that is not the kernel's preferred name for it (as is the case + for LVs). + + - debian/initramfs/cryptroot-hook: + + Quiet warnings from find on arches that don't have all the + kernel/{arch,crypto} bits we're testing for. + + -- Dmitrijs Ledkovs Tue, 21 Aug 2012 11:57:28 +0100 + cryptsetup (2:1.4.3-2) unstable; urgency=medium * fix the shared library symbols magic: so far, the symbols file for @@ -1148,6 +1577,64 @@ -- Jonas Meurer Wed, 11 Apr 2012 23:55:35 +0200 +cryptsetup (2:1.4.1-2ubuntu4) precise; urgency=low + + * Our swap creation can trigger udev change events, which means udev may be + holding the device open at the time we try to call 'dmsetup rename' and + cause the /subsequent/ events to be missed because of dmsetup creating + device nodes by hand. So call 'udevadm settle' before 'dmsetup rename', + to ensure blkid is out of the way first. This should ensure swap + partitions are found by mountall in a non-racy manner. LP: #874774. + + -- Steve Langasek Fri, 13 Apr 2012 20:23:21 -0700 + +cryptsetup (2:1.4.1-2ubuntu3) precise; urgency=low + + * Start cryptdisks-enable upstart job on 'or container', to let us + simplify the udevtrigger job. + + -- Steve Langasek Wed, 04 Apr 2012 17:02:00 -0700 + +cryptsetup (2:1.4.1-2ubuntu2) precise; urgency=low + + * Split up package in cryptsetup and cryptsetup-bin. (LP: #343363). + * Do not overwrite existing filesystems when creating swap (LP: #474258). + * Add aesni module when we have hardware encryption. + + -- Jean-Louis Dupond Mon, 12 Mar 2012 10:14:30 +0100 + +cryptsetup (2:1.4.1-2ubuntu1) precise; urgency=low + + [ Jean-Louis Dupond ] + * Merge from debian unstable (LP: #776264), remaining changes: + - debian/cryptdisks.functions: Suppress "Starting init crypto disks" message + in "init" phase, to avoid writing over fsck progress text. + - debian/cryptroot-hook: Quiet warnings from find on arches that + don't have all the kernel/{arch,crypto} bits we're testing for. + - debian/control: + + Bump initramfs-tools Suggests to Depends: so system is not + potentially rendered unbootable. + + Depend on plymouth. + - Add debian/cryptdisks-{enable,udev}.upstart. + - debian/cryptdisks.functions: + + new function, crypttab_start_one_disk, to look for the named source + device in /etc/crypttab (by device name, UUID, or label) and start it + if configured to do so + - debian/cryptdisks{,-early}.init: Make the 'start' action of the init + script a no-op, this should be handled entirely by the upstart job; + and fix the LSB header to not declare this should be started in + runlevel 'S' + - debian/rules: + + Do not install start symlinks for init scripts, and + install debian/cryptdisks-{enable,udev}.upstart scripts. + + [ Steve Langasek ] + * debian/cryptdisks.functions: handle the case where crypttab contains a + name for the source device that is not the kernel's preferred name for + it (as is the case for LVs). + + -- Jean-Louis Dupond Thu, 08 Mar 2012 07:32:40 +0100 + cryptsetup (2:1.4.1-2) unstable; urgency=low * acknowledge NMU. Thanks to Michael Biebl. (closes: #659182) @@ -1357,6 +1844,56 @@ -- Jonas Meurer Sun, 16 Jan 2011 01:01:03 +0100 +cryptsetup (2:1.1.3-4ubuntu3) precise; urgency=low + + [ Pali Rohar ] + * debian/cryptdisks.functions: Suppress "Starting init crypto disks" message + in "init" phase, to avoid writing over fsck progress text. + + -- Martin Pitt Wed, 26 Oct 2011 09:16:15 +0200 + +cryptsetup (2:1.1.3-4ubuntu2) oneiric; urgency=low + + * debian/cryptroot-hook: Quiet warnings from find on arches that + don't have all the kernel/{arch,crypto} bits we're testing for. + + -- Adam Conrad Sat, 01 Oct 2011 00:33:00 -0600 + +cryptsetup (2:1.1.3-4ubuntu1) natty; urgency=low + + * Merge from debian unstable (LP: #682177), remaining changes: + - debian/control: + + Bump initramfs-tools Suggests to Depends: so system is not + potentially rendered unbootable. + + Depend on plymouth. + - Add debian/cryptdisks-{enable,udev}.upstart. + - debian/cryptdisks.functions: + + new function, crypttab_start_one_disk, to look for the named source + device in /etc/crypttab (by device name, UUID, or label) and start it + if configured to do so + + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure + we only ever have one of these running at a time; otherwise multiple + invocations could steal each other's input and/or write over each + other's output + + when called by cryptdisks-enable, check that we don't already have a + corresponding cryptdisks-udev job running (probably waiting for a + passphrase); if there is, wait until it's finished before continuing. + - debian/cryptdisks{,-early}.init: Make the 'start' action of the init + script a no-op, this should be handled entirely by the upstart job; + and fix the LSB header to not declare this should be started in + runlevel 'S' + - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on + upgrade. + - debian/rules: + + Do not install start symlinks for init scripts, and + install debian/cryptdisks-{enable,udev}.upstart scripts. + + link dynamically against libgcrypt and libgpg-error. + - Add debian/cryptsetup.apport: Apport package hook. Install in + debian/rules and create dir in debian/cryptsetup.dirs. + - debian/cryptsetup.postrm: call update-initramfs on package removal. + + -- Lorenzo De Liso Sat, 27 Nov 2010 17:37:43 +0100 + cryptsetup (2:1.1.3-4) unstable; urgency=high * bump standards-version to 3.9.1, no changes required @@ -1462,6 +1999,69 @@ -- Jonas Meurer Sat, 10 Jul 2010 14:32:40 +0200 +cryptsetup (2:1.1.2-1ubuntu1) maverick; urgency=low + + * Merge from Debian unstable (LP: #594365). Remaining changes: + - debian/control: + + Bump initramfs-tools Suggests to Depends: so system is not + potentially rendered unbootable. + + Depend on plymouth. + - Add debian/cryptdisks-{enable,udev}.upstart. + - debian/cryptdisks.functions: + + new function, crypttab_start_one_disk, to look for the named source + device in /etc/crypttab (by device name, UUID, or label) and start it + if configured to do so + + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure + we only ever have one of these running at a time; otherwise multiple + invocations could steal each other's input and/or write over each + other's output + + initially create the device under a temporary name and rename it only + at the end using 'dmsetup rename', to ensure that upstart/mountall + doesn't see our device before it's ready to go. + + do_tmp should mount under /var/run/cryptsetup for changing the + permissions of the filesystem root, not directly on /tmp, since + mounting on /tmp a) is racy, b) confuses mountall something fierce. + + when called by cryptdisks-enable, check that we don't already have a + corresponding cryptdisks-udev job running (probably waiting for a + passphrase); if there is, wait until it's finished before continuing. + - debian/cryptdisks{,-early}.init: Make the 'start' action of the init + script a no-op, this should be handled entirely by the upstart job; + and fix the LSB header to not declare this should be started in + runlevel 'S' + - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on + upgrade. + - debian/rules: Do not install start symlinks for init scripts, and + install debian/cryptdisks-{enable,udev}.upstart scripts. + - Add debian/cryptsetup.apport: Apport package hook. Install in + debian/rules and create dir in debian/cryptsetup.dirs. + - debian/rules: link dynamically against libgcrypt and libgpg-error. + - debian/cryptsetup.postrm: call update-initramfs on package removal. + * Dropped changes, merged/superseded in Debian: + - Add ext4 support to passdev. + - cryptroot-hook: don't call copy_modules_dir with empty arguments when + archcrypto isn't found + - Set USPLASH=y and FRAMEBUFFER=y in the hook config to pull plymouth into + the initramfs. + - change interaction to use plymouth directly if present, and if not, to + fall back to /lib/cryptsetup/askpass as before + - cryptdisks.functions: replace 'echo -e' bashism with 'printf'. + - debian/initramfs/cryptroot-script: if plymouth is present in the + initramfs, use this directly, bypassing the cryptsetup askpass script + - debian/initramfs/cryptroot-hook: Properly anchor our regexps when + grepping /etc/crypttab so that we don't incorrectly match device names + that are substrings of one another. + - debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot + file descriptor to subprocesses. + - Fix grammar error in debian/initramfs/cryptroot-script + ("setup" -> "set up") + - debian/initramfs/cryptroot-script: Fix this to work with current + initramfs-tools: + + Source /scripts/functions after checking for prerequisites. + + prereqs(): Do not assume we are running within initramfs, and + calculate relative path correctly. + + -- Steve Langasek Mon, 14 Jun 2010 21:47:28 -0700 + cryptsetup (2:1.1.2-1) unstable; urgency=low * new upstream release, changes include: @@ -1579,6 +2179,171 @@ -- Jonas Meurer Mon, 08 Mar 2010 14:15:35 +0100 +cryptsetup (2:1.1.0~rc2-1ubuntu14) maverick; urgency=low + + [ David Stansby ] + * Fix grammar error in debian/initramfs/cryptroot-script + ("setup" -> "set up") (LP: #578896) + + -- James Westby Mon, 17 May 2010 13:33:40 +0100 + +cryptsetup (2:1.1.0~rc2-1ubuntu13) lucid; urgency=low + + * debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot + file descriptor to subprocesses. + + -- Colin Watson Mon, 29 Mar 2010 22:18:36 +0100 + +cryptsetup (2:1.1.0~rc2-1ubuntu12) lucid; urgency=low + + * debian/initramfs/cryptroot-hook: Properly anchor our regexps when + grepping /etc/crypttab so that we don't incorrectly match device names + that are substrings of one another. + * debian/cryptdisks-{enable,udev}.conf, debian/control: drop + 'console output' and add a hard dependency on plymouth instead of + watershed, to avoid spitting extra messages to the console. + + -- Steve Langasek Thu, 18 Feb 2010 06:19:19 -0800 + +cryptsetup (2:1.1.0~rc2-1ubuntu11) lucid; urgency=low + + * Set FRAMEBUFFER=y in the file that we actually ship. + * debian/cryptsetup.postrm: call update-initramfs on package removal. + LP: #468228. + + -- Steve Langasek Mon, 25 Jan 2010 03:07:52 -0800 + +cryptsetup (2:1.1.0~rc2-1ubuntu10) lucid; urgency=low + + * cryptdisks.functions: replace 'echo -e' bashism with 'printf'. + * cryptdisks.functions: when called by cryptdisks-enable, check that we + don't already have a corresponding cryptdisks-udev job running (probably + waiting for a passphrase); if there is, wait until it's finished before + continuing. + + -- Steve Langasek Thu, 21 Jan 2010 14:57:21 +0000 + +cryptsetup (2:1.1.0~rc2-1ubuntu9) lucid; urgency=low + + * Set FRAMEBUFFER=y in the hook config as well, to pull plymouth into the + initramfs. + * cryptdisks.functions, debian/initramfs/cryptroot-script: fix the + invocation of plymouth, so that we actually get proper passphrase prompts + (once bug #496765 is fixed). + + -- Steve Langasek Sat, 16 Jan 2010 02:32:41 -0800 + +cryptsetup (2:1.1.0~rc2-1ubuntu8) lucid; urgency=low + + * cryptdisks.functions: do_tmp should mount under /var/run/cryptsetup for + changing the permissions of the filesystem root, not directly on /tmp, + since mounting on /tmp a) is racy, b) confuses mountall something fierce. + LP: #475936. + + -- Steve Langasek Tue, 22 Dec 2009 20:24:28 +0000 + +cryptsetup (2:1.1.0~rc2-1ubuntu7) lucid; urgency=low + + * Depend on watershed. + + -- Steve Langasek Tue, 22 Dec 2009 01:37:36 +0000 + +cryptsetup (2:1.1.0~rc2-1ubuntu6) lucid; urgency=low + + [ Steve Langasek ] + * Fix the LSB header in the init scripts, now that we don't install to + rcS.d. + + [ Martin Pitt ] + * debian/initramfs/cryptroot-script: Fix this to work with current + initramfs-tools: + - Source /scripts/functions after checking for prerequisites. + - prereqs(): Do not assume we are running within initramfs, and calculate + relative path correctly. + + -- Martin Pitt Fri, 18 Dec 2009 17:07:07 +0100 + +cryptsetup (2:1.1.0~rc2-1ubuntu5) lucid; urgency=low + + * Rename the upstart job introduced in the previous upload to + cryptdisks-udev and restore the previous version of the job as + cryptdisks-enable, to run at the end of udev coldplugging as before; + this isn't entirely race-free, but should nevertheless give us the + two passes needed to cover devices that are decrypted using keys stored + on other encrypted disks. LP: #443980. + + -- Steve Langasek Wed, 16 Dec 2009 06:41:30 +0000 + +cryptsetup (2:1.1.0~rc2-1ubuntu4) lucid; urgency=low + + [ Steve Langasek ] + * debian/initramfs/cryptroot-script: if plymouth is present in the + initramfs, use this directly, bypassing the cryptsetup askpass script; + but keep support for these other frontends around on a transitional + basis. + * debian/cryptdisks.functions: + - change interaction to use plymouth directly if present, and if not, to + fall back to /lib/cryptsetup/askpass as before + - wrap the call to /lib/cryptsetup/askpass with watershed, to make sure + we only ever have one of these running at a time; otherwise multiple + invocations could steal each other's input and/or write over each + other's output + - new function, crypttab_start_one_disk, to look for the named source + device in /etc/crypttab (by device name, UUID, or label) and start it + if configured to do so + * debian/cryptdisks-enable.upstart: run the upstart job once for each block + device, using the new crypttab_start_one_disk function, triggered by udev; + this doesn't eliminate the possibility of a race with gdm when the + decrypted volume isn't a 'bootwait' mount point (since gdm kills + plymouth), but it does eliminate the race between udev and cryptsetup. + LP: #454898. + * debian/cryptdisks-enable.upstart: check that the package is installed + and exit gracefully if it's not. LP: #435814 + * debian/cryptdisk.functions: initially create the device under a temporary + name and rename it only at the end using 'dmsetup rename', to ensure that + upstart/mountall doesn't see our device before it's ready to go. + LP: #475936. + + [ Colin Watson ] + * Add ext4 support to passdev. + + -- Steve Langasek Tue, 15 Dec 2009 18:05:45 -0800 + +cryptsetup (2:1.1.0~rc2-1ubuntu3) lucid; urgency=low + + * cryptroot-hook: Use if [ -n … ] instead of if ! test -z …. + + -- Loïc Minier Sat, 12 Dec 2009 11:32:52 +0100 + +cryptsetup (2:1.1.0~rc2-1ubuntu2) lucid; urgency=low + + * cryptroot-hook: dont call copy_modules_dir with empty arguments when + archcrypto isnt found (LP: #495161) + + -- Oliver Grawert Fri, 11 Dec 2009 14:39:00 +0100 + +cryptsetup (2:1.1.0~rc2-1ubuntu1) lucid; urgency=low + + * Merge with Debian testing. Remaining Ubuntu changes: + - debian/rules: cryptsetup is linked dynamically against libgcrypt and + libgpg-error. + - Upstart migration: + + Add debian/cryptdisks-enable.upstart. + + debian/cryptdisks{,-early}.init: Make the 'start' action of the init + script a no-op, this should be handled entirely by the upstart job. + (LP #473615) + + debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on + upgrade. + + debian/rules: Do not install start symlinks for those two, and install + debian/cryptdisks-enable.upstart scripts. + - Add debian/cryptsetup.apport: Apport package hook. Install in + debian/rules, and create dir in debian/cryptsetup.dirs. + - Start usplash in initramfs, since we need it for fancy passphrase input: + + debian/initramfs/cryptroot-conf, debian/initramfs-conf.d: USPLASH=y + + debian/control: Bump initramfs-tools Suggests to Depends:. + + -- Martin Pitt Wed, 11 Nov 2009 15:04:27 +0100 + cryptsetup (2:1.1.0~rc2-1) unstable; urgency=low * new upstream release candidate (1.1.0-rc2), highlights include: @@ -1752,6 +2517,80 @@ -- Jonas Meurer Sat, 04 Jul 2009 15:52:06 +0200 +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu8) lucid; urgency=low + + [ Steve Langasek ] + * Make the 'start' action of the init script a no-op, this should be + handled entirely by the upstart job now; and remove any symlinks from + /etc/rcS.d on upgrade. LP: #473615. + + [ Reinhard Tartler ] + * Add an apport hook + * import the blkid and un_blkid from debian, LP: #446517 + * also use this script by default (setting in /etc/default/cryptdisks) + + -- Steve Langasek Wed, 04 Nov 2009 12:06:47 +0000 + +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu7) karmic; urgency=low + + * Reupload previous version, siretart had left changes in bzr which + weren't documented in the changelog and caused FTBFS. + + -- Scott James Remnant Wed, 14 Oct 2009 13:57:59 +0100 + +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu6) karmic; urgency=low + + [ Steve Langasek ] + * Move the Debian Vcs- fields aside. + + [ Scott James Remnant ] + * debian/cryptdisks-enable.upstart: Don't overcompensate for my idiocy, + cryptsetup should not need a controlling terminal, just a terminal + is fine. May fix LP: #439138. + + -- Scott James Remnant Wed, 14 Oct 2009 04:52:16 +0100 + +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu4) karmic; urgency=low + + * debian/cryptdisks-enable.upstart: Things that often help include + not setting stdin/out to /dev/null, so you can actually type the + passphrase. I am an idiot. LP: #430496. + + -- Scott James Remnant Thu, 17 Sep 2009 17:58:01 +0100 + +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu3) karmic; urgency=low + + * debian/cryptdisks-enable.upstart: add upstart job to enable encrypted + disks once we've finished probing for udev devices, so that mountall + can use them. LP: #430496. + + -- Scott James Remnant Thu, 17 Sep 2009 00:04:00 +0100 + +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu2) karmic; urgency=low + + * debian/initramfs/cryptroot-conf: declare that we want usplash included + in the initramfs whenever this package is installed. LP: #427356. + + -- Steve Langasek Tue, 15 Sep 2009 08:43:15 -0700 + +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu1) karmic; urgency=low + + * Merge from debian unstable, remaining changes: + - Ubuntu specific: + + debian/rules: link dynamically for better security supportability and + smaller packages. + + debian/control: Depend on initramfs-tools so system is not potentially + rendered unbootable. + - debian/initramfs/cryptroot-script wait for encrypted device to appear, + report with log_*_msg (debian bug 488271). + - debian/initramfs/cryptroot-hook: fix support for UUID and LABEL + correlation between fstab and crypttab (debian bug 522041). + - debian/askpass.c, debian/initramfs/cryptroot-script: using newline + escape in passphrase prompt to avoid line-wrapping (debian bug 528133). + * Drop 04_fix_udevsettle_call.patch: fixed upstream differently. + + -- Kees Cook Sun, 10 May 2009 17:29:32 -0700 + cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low * New upstream svn snapshot. Highlights include: @@ -1793,6 +2632,67 @@ -- Jonas Meurer Mon, 06 Apr 2009 08:49:14 +0200 +cryptsetup (2:1.0.6-7ubuntu7) jaunty; urgency=low + + * debian/control: Depend on initramfs-tools so system is not potentially + rendered unbootable (LP: #358654). + + -- Kees Cook Thu, 09 Apr 2009 12:29:31 -0700 + +cryptsetup (2:1.0.6-7ubuntu6) jaunty; urgency=low + + * debian/initramfs/cryptroot-script: we don't require vol_id to understand + the encrypted device, but we should check the device is fully up first + before continuing by calling udevadm settle. LP: #291752. + + -- Steve Langasek Sat, 07 Mar 2009 21:39:14 -0800 + +cryptsetup (2:1.0.6-7ubuntu5) jaunty; urgency=low + + * debian/initramfs/cryptroot-hook: fix support for UUID and LABEL correlation + between fstab and crypttab (LP: #287879). + + -- TJ Mon, 16 Feb 2009 23:00:00 +0000 + +cryptsetup (2:1.0.6-7ubuntu4) jaunty; urgency=low + + * debian/askpass.c: also handle newline escape code in console prompt. + + -- Kees Cook Sun, 15 Feb 2009 08:57:05 -0800 + +cryptsetup (2:1.0.6-7ubuntu3) jaunty; urgency=low + + [ https://launchpad.net/~svenkata ] + * debian/checks/un_vol_id: dynamically build the "unknown volume type" + string, to allow for encrypted swap, LP: #316607 + + -- Dustin Kirkland Thu, 12 Feb 2009 16:57:30 -0600 + +cryptsetup (2:1.0.6-7ubuntu2) jaunty; urgency=low + + * debian/askpass.c: handle newline escape code in password prompt. + * debian/initramfs/cryptroot-script: add newline to split cryptroot + password prompt onto two lines for readability (LP: #326900). + + -- Kees Cook Sun, 08 Feb 2009 07:26:01 -0800 + +cryptsetup (2:1.0.6-7ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/initramfs/cryptroot-script: + - must source /scripts/functions to get the log_*_msg() functions. + - wait for encrypted device to show up (LP 164044, 291752). + - disable error message 'failed to setup lvm device' (LP 151532). + - debian/rules: + - fix location of ltmain.sh (Ubuntu-specific until libtool 2.2.x is + in Debian unstable). + - link dynamically (LP 62751). + - add 04_fix_udevsettle_call.patch: fix path to binary for udevsettle. + * Revert versioned build-depency on libdevmapper-dev, since Ubuntu's + version is higher now. + + -- Kees Cook Tue, 06 Jan 2009 13:00:16 -0800 + cryptsetup (2:1.0.6-7) unstable; urgency=medium * Add patches/01_gettext_package.patch: Remove -luks from GETTEXT_PACKAGE @@ -1837,6 +2737,38 @@ -- Jonas Meurer Wed, 17 Dec 2008 21:25:45 +0100 +cryptsetup (2:1.0.6-6ubuntu2.1) intrepid-proposed; urgency=low + + * debian/initramfs/cryptroot-script: do not require that vol_id + can parse the encrypted device as valid (LP: #291752). + + -- Kees Cook Fri, 31 Oct 2008 13:10:06 -0700 + +cryptsetup (2:1.0.6-6ubuntu2) intrepid; urgency=low + + * Fixes for (LP: #272301) + * debian/initramfs/cryptroot-script: must source /scripts/functions to get + the log_*_msg() functions + * 04_fix_udevsettle_call.patch: fix path to binary for udevsettle + + -- Dustin Kirkland Fri, 19 Sep 2008 18:03:28 -0500 + +cryptsetup (2:1.0.6-6ubuntu1) intrepid; urgency=low + + * drop almost all ubuntu specific changes from the cryptsetup package, + because they have been merged in debian. Thanks a lot! + * merge from debian, remaining changes: + - remove versioned build-depency on libdevmapper-dev, we are using a + rather sophisticated loop for making sure the root filesystem appears. + * debian/rules: fix location of ltmain.sh + * don't exit usplash anymore in the init script. LP: #110970, #139363 + * Disable error message 'failed to setup lvm device'. It is harmless, and + caused by the fact that the udev rules provided by lvm2 are setting up + the lvm on their own. In debian the scripts here are responsible for this + but obviously fail in ubuntu. LP: #151532 + + -- Reinhard Tartler Sat, 30 Aug 2008 17:52:16 +0200 + cryptsetup (2:1.0.6-6) unstable; urgency=high * Don't cat keyfile into pipe for do_noluks(). cryptsetup handles @@ -1938,6 +2870,79 @@ -- Jonas Meurer Mon, 07 Jul 2008 00:30:07 +0200 +cryptsetup (2:1.0.6-2ubuntu7) intrepid; urgency=low + + * reintroduce changes from 2:1.0.6-2ubuntu5 that have been accidentally + dropped in version 2:1.0.6-2ubuntu6. + + -- Reinhard Tartler Fri, 20 Jun 2008 15:15:54 +0200 + +cryptsetup (2:1.0.6-2ubuntu6) intrepid; urgency=low + + [ Kjell Braden ] + * load scripts/functions for log_{begin,end}_msg + * debian/initramfs/cryptroot-script: wait for the cryptsource, not the resulting mapped root device + * debian/initramfs/cryptroot-hook: copy binaries to the right directory + + [ Reinhard Tartler ] + * remove versioned build-depency on libdevmapper-dev, we are using a + rather sophisticated loop for making sure the root filesystem appears. + + -- Reinhard Tartler Wed, 18 Jun 2008 00:26:43 +0200 + +cryptsetup (2:1.0.6-2ubuntu5) intrepid; urgency=low + + * Okay, I give up. include preprocessed manpages and adapt + debian/rules to easily produce those. + ATTENTION: on subsequent uploads, make sure that the manpages are + available and up-to-date. + + -- Reinhard Tartler Sun, 15 Jun 2008 13:33:07 +0200 + +cryptsetup (2:1.0.6-2ubuntu4) intrepid; urgency=low + + * also use local dtd in debian/doc/variables.xml.in. + + -- Reinhard Tartler Sun, 15 Jun 2008 12:55:42 +0200 + +cryptsetup (2:1.0.6-2ubuntu3) intrepid; urgency=low + + * try harder to fix FTBFS. + + -- Reinhard Tartler Sun, 15 Jun 2008 11:42:54 +0200 + +cryptsetup (2:1.0.6-2ubuntu2) intrepid; urgency=low + + * build docbook documentation using local dtds instead of trying to + download them at buildtime. Fixes FTBFS. + + -- Reinhard Tartler Sun, 15 Jun 2008 11:12:28 +0200 + +cryptsetup (2:1.0.6-2ubuntu1) intrepid; urgency=low + + * Merge new debian version. Remaining changes: + - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using + bzr on launchpad. + - debian/rules: cryptsetup is linked dynamically against libgcrypt and + libgpg-error. + - cryptdisks.functions: stop usplash on user input. LP #62751 + - Parse comments in lines not starting with '#', LP #185380 + - If the encrypted source device hasn't shown up yet, give it a + little while to deal with removable devices. LP #164044 + * Depend on race-free version of libdevmapper, thus making udevsettle + call from cryptsetup binary unnecessary. Dropping patch + debian/patches/06_run_udevsettle.patch + * remove patch from LP #73862, loading optimized modules has been solved + in debian in another way. + * cryptdisk.functions: remove spurious call to load_optimized_module. + LP: #239946 + * bugfix: make regex work if keyfile has extended attributes. LP: #231339. + * remove patch in cryptdisks.functions for rexecing the script itself for + ensuring that a tty is always available. (See LP #58794.) According to + Scott, this is not necessary anymore. + + -- Reinhard Tartler Sat, 14 Jun 2008 23:28:51 +0200 + cryptsetup (2:1.0.6-2) unstable; urgency=low [ Jonas Meurer ] @@ -1963,6 +2968,54 @@ -- David Härdeman Mon, 26 May 2008 08:12:32 +0200 +cryptsetup (2:1.0.6-1ubuntu4) intrepid; urgency=low + + [ Kjell Braden ] + * Fix configuration parsing (LP: #239808) + + [ Reinhard Tartler ] + * cryptroot-script: use 'echo' instead of 'log_begin_msg' (LP: #237723) + + -- Reinhard Tartler Fri, 13 Jun 2008 21:26:17 +0200 + +cryptsetup (2:1.0.6-1ubuntu3) intrepid; urgency=low + + * Parse comments in lines not starting with '#', LP: #185380 + * in cryptroot hook, don't rely on 'udevadm settle' to wait long enough + for the cryptdevice to appear. Reimplement the busy waiting loop found + while waiting for the root file system. Patch based on work by Swâmi + Petaramesh. LP: #164044 + * debian/crypdisks.functions: call 'env' with full path. LP: #178829. + + -- Reinhard Tartler Mon, 26 May 2008 22:12:32 +0200 + +cryptsetup (2:1.0.6-1ubuntu2) intrepid; urgency=low + + * Simplify the patch in debian/cryptdisks.functions that stops usplash + before asking for a passphrase. + + -- Reinhard Tartler Mon, 26 May 2008 20:18:14 +0200 + +cryptsetup (2:1.0.6-1ubuntu1) intrepid; urgency=low + + * Merge new debian version. Remaining changes: + - cryptsetup is linked dynamically against libgcrypt and libgpg-error. + - stop usplash on user input. LP #62751 + - debian/cryptdisks.functions: Always output and read from the console. + LP #58794. + - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using + bzr on launchpad. + - debian/initramfs/cryptroot-hook: LP #73862 + Added patch to install aes optimized cypher module + - try to load optimized cypher module in cryptsetup.functions as well, + because cryptroot-hook is only executed when we really have a + cryptoroot. + * other ubuntu changes have been merged into debian. Please report bugs + if you believe some patches have been dropped. + * removed 07_typos_fix.patch, has been reviewed and applied upstream. + + -- Reinhard Tartler Sun, 25 May 2008 22:52:30 +0200 + cryptsetup (2:1.0.6-1) unstable; urgency=low [ Jonas Meurer ] @@ -2094,6 +3147,138 @@ -- Jonas Meurer Thu, 06 Dec 2007 15:56:05 +0100 +cryptsetup (2:1.0.5-2ubuntu12) hardy; urgency=low + + * added debian/patches/07_typos_fix.dpatch: fixed typos in man pages. (LP: #164181) + + -- Bruno Barrera Yever Mon, 07 Apr 2008 18:43:05 -0500 + +cryptsetup (2:1.0.5-2ubuntu11) hardy; urgency=low + + * debian/initramfs/cryptroot-script: Do show the disk name after all, since + some people use multiple encrypted partitions as LVM PVs. (LP: #201413) + + -- Martin Pitt Sun, 06 Apr 2008 11:54:41 -0600 + +cryptsetup (2:1.0.5-2ubuntu10) hardy; urgency=low + + * debian/initramfs/cryptroot-script: Do not mention the name of the + encrypted device. It is just technobabble anyway (sda4_crypt), and there + is just one root partition ever, so it is not needed to tell apart + different partitions. From a security POV, someone who can change your + initramfs to boot a different root partition can just as well change the + strings, too. (LP: #201413) + + -- Martin Pitt Wed, 02 Apr 2008 15:51:53 +0200 + +cryptsetup (2:1.0.5-2ubuntu9) hardy; urgency=low + + * debian/scripts/luksformat: Use 256 bit key size by default. + (LP: #78508) + * debian/patches/02_manpage.dpatch: Clarify default key sizes (128 for + luksFormat and 256 for create) in cryptsetup.8. (side-note in LP #78508) + + -- Martin Pitt Wed, 27 Feb 2008 17:43:46 +0100 + +cryptsetup (2:1.0.5-2ubuntu8) hardy; urgency=low + + * Fix -x calls and access() call. + + -- Scott James Remnant Fri, 14 Dec 2007 16:54:53 +0000 + +cryptsetup (2:1.0.5-2ubuntu7) hardy; urgency=low + + * debian/initramfs/cryptroot-script: call udevadm instead of udevsettle + * debian/patches/06_call_udevsettle.dpatch: likewise + + -- Scott James Remnant Fri, 14 Dec 2007 16:11:36 +0000 + +cryptsetup (2:1.0.5-2ubuntu6) hardy; urgency=low + + * Make cryptsetup understand devices specified by UUID=... or LABEL= + in crypttab. (LP: #153597) + + -- Andrea Colangelo Mon, 29 Oct 2007 18:22:51 +0100 + +cryptsetup (2:1.0.5-2ubuntu5) hardy; urgency=low + + * reenable additional udevsettle calls in cryptroot hook from + https://launchpad.net/bugs/85640, LP: #132373. + * change maintainer to ubuntu-core-dev. + * use Vcs-Bzr instead of XSCB-Vcs-Bzr header in debian/control. + + -- Reinhard Tartler Thu, 08 Nov 2007 23:52:19 +0100 + +cryptsetup (2:1.0.5-2ubuntu4) hardy; urgency=low + + * reapply changes from version 2:1.0.5-2ubuntu2, got dropped with last + upload. Sorry, pitti. + * convert patch to lib/libdevmapper.c to a dpatch. + + -- Reinhard Tartler Sun, 04 Nov 2007 21:42:43 +0100 + +cryptsetup (2:1.0.5-2ubuntu3) hardy; urgency=low + + * RELIABILY FIX: lib/libdevmapper.c: Ensure that pending device creation + events are being processed by calling /sbin/udevsettle. Patch based on + OpenSUSE bug #285478, LP: #132373. + * Based on the change above, the patch from LP #85640 is no longer needed. + dropping the relevant parts. + * Fix debian/rules to not fail to build if autom4te.cache is left behind + from a previous incomplete build. + + -- Reinhard Tartler Fri, 02 Nov 2007 20:53:31 +0100 + +cryptsetup (2:1.0.5-2ubuntu2) gutsy; urgency=low + + * debian/initramfs/cryptroot-script: + - If the supplied password worked, remove the prompt from usplash again, + so that the user has some visual feedback that everything is alright. + (LP: #151305) + - Do not show the UUID device node of the outer physical device. It is + scary ("/dev/disk/by-uuid/1234yadayada") and displaying it does not + improve security at all: If attackers can tamper with your initramfs, + they can also change the prompt, and if the UUID of the physical device + changes, then booting will not even get that far. Now it is a much more + friendly "Enter passphrase for sda5_crypt:" which is still technical, + but it's necessary to point out which device will be unlocked in case + there are several. + + -- Martin Pitt Thu, 11 Oct 2007 19:51:58 +0200 + +cryptsetup (2:1.0.5-2ubuntu1) gutsy; urgency=low + + * Merge new debian version. Remaining changes: + - cryptsetup is linked dynamically against libgcrypt and libgpg-error. + This will break systems where /usr is a separate encrypted filesystem + but not have other bad consequences (in particular, systems with + encrypted root are still fine). The upsides include better + security supportability and smaller packages. + - libcryptsetup.so et al removed from the binary packages. They have + no stable ABI and are not suitable for use by other packages, and + were in violation of library policies etc. They're not needed since + the cryptsetup executable statically contains the relevant parts of + libcryptsetup. + - cryptdisks.functions: remove #!/bin/bash as it isn't a script + by itself; it's only sourced by other scripts. This gets rid + of the lintian warning `script-not-executable' for this file. + - stop usplash on user input. LP #62751 + - Always output and read from the console. LP #58794. + - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using + bzr on launchpad. + - Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate + libnsl linkage; + - debian/initramfs/cryptroot-hook: (LP: #73862) + Added patch to install aes optimized cypher module + - try to load optimized cypher module in cryptsetup.functions as well, + because cryptroot-hook is only executed when we really have a + cryptoroot. + - apply patch from pitti for allowing UUIDs in /etc/crypttab. + This allowes crypted PVs! LP: #144390. + - remove README.ubuntu, since it contains old and obsolete information. + + -- Reinhard Tartler Tue, 02 Oct 2007 21:31:28 +0200 + cryptsetup (2:1.0.5-2) unstable; urgency=low [ Jonas Meurer ] @@ -2142,6 +3327,68 @@ -- Jonas Meurer Mon, 24 Sep 2007 15:42:06 +0200 +cryptsetup (2:1.0.5-1ubuntu5) UNRELEASED; urgency=low + + * apply patch from pitti for allowing UUIDs in /etc/crypttab. + This allowes crypted PVs! LP: #144390. + * remove README.ubuntu, since it contains old and obsolete information. + + -- Reinhard Tartler Tue, 02 Oct 2007 19:59:24 +0200 + +cryptsetup (2:1.0.5-1ubuntu4) gutsy; urgency=low + + [ Stephan Hermann ] + * debian/initramfs/cryptroot-hook: (LP: #73862) + - Added patch to install aes optimized cypher module + + [ Reinhard Tartler ] + * re-applying old patch to new package version + * try to load optimized cypher module in cryptsetup.functions as well, + because cryptroot-hook is only executed when we really have a + cryptoroot. + + -- Reinhard Tartler Thu, 27 Sep 2007 19:38:48 +0200 + +cryptsetup (2:1.0.5-1ubuntu3) gutsy; urgency=low + + * Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate + libnsl linkage; should finally produce a usable cryptsetup binary for + the udeb. + + -- Colin Watson Wed, 19 Sep 2007 15:28:52 +0100 + +cryptsetup (2:1.0.5-1ubuntu2) gutsy; urgency=low + + * Bump libgcrypt11 build-dependency to 1.2.4-2ubuntu1 and rebuild for + proper udeb dependencies. + + -- Colin Watson Wed, 19 Sep 2007 01:37:02 +0100 + +cryptsetup (2:1.0.5-1ubuntu1) gutsy; urgency=low + + * Merge new debian version. Remaining changes: + - cryptsetup is linked dynamically against libgcrypt and libgpg-error. + This will break systems where /usr is a separate encrypted filesystem + but not have other bad consequences (in particular, systems with + encrypted root are still fine). The upsides include better + security supportability and smaller packages. + - libcryptsetup.so et al removed from the binary packages. They have + no stable ABI and are not suitable for use by other packages, and + were in violation of library policies etc. They're not needed since + the cryptsetup executable statically contains the relevant parts of + libcryptsetup. + - cryptdisks.functions: remove #!/bin/bash as it isn't a script + by itself; it's only sourced by other scripts. This gets rid + of the lintian warning `script-not-executable' for this file. + - stop usplash on user input. LP #62751 + - Always output and read from the console. LP #58794. + * Add XSBC-Vcs-Bzr tag to indicate that this package is managed using + bzr on launchpad. + * UVF exception request granted by Scott Kitterman and Chuck Short + LP: #138295 + + -- Reinhard Tartler Sat, 08 Sep 2007 19:04:54 +0200 + cryptsetup (2:1.0.5-1) unstable; urgency=low [ Jonas Meurer ] @@ -2162,6 +3409,66 @@ -- Jonas Meurer Fri, 27 Jul 2007 04:59:33 +0200 +cryptsetup (2:1.0.4+svn29-1ubuntu6) gutsy; urgency=low + + * Add notes by Ilkka Tuohela in a new file debian/README.ubuntu + + -- Reinhard Tartler Sat, 08 Sep 2007 18:43:56 +0200 + +cryptsetup (2:1.0.4+svn29-1ubuntu5) gutsy; urgency=low + + * cryptsetup is linked dynamically against libgcrypt and libgpg-error. + This will break systems where /usr is a separate encrypted filesystem + but not have other bad consequences (in particular, systems with + encrypted root are still fine). The upsides include better + security supportability and smaller packages. + * libcryptsetup.so et al removed from the binary packages. They have + no stable ABI and are not suitable for use by other packages, and + were in violation of library policies etc. They're not needed since + the cryptsetup executable statically contains the relevant parts of + libcryptsetup. + * cryptdisks.functions: remove #!/bin/bash as it isn't a script + by itself; it's only sourced by other scripts. This gets rid + of the lintian warning `script-not-executable' for this file. + + -- Ian Jackson Fri, 31 Aug 2007 12:05:33 +0100 + +cryptsetup (2:1.0.4+svn29-1ubuntu4) gutsy; urgency=low + + * s/$CRYPTCMD/cryptsetup/ in debian/cryptdisks.functions + (LP: #115617) + + -- Reinhard Tartler Tue, 29 May 2007 17:04:05 +0200 + +cryptsetup (2:1.0.4+svn29-1ubuntu3) gutsy; urgency=low + + * make luksformat check if filesystem is already mounted to prevent a + strange error message. thanks to mvo for the patch (LP: #116633) + * remove file debian/initramfs-cryptroot-script from source. it is not + installed anywhere, and a leftover from the last merge. + * add missing hunk of cryptsetup.functions compared to debian package. + * reapply http://librarian.launchpad.net/7329604/bug85640.debdiff to + debian/initramfs/cryptroot-script, since stgraber's patch has been + lost in the last merge. (LP: #85640) + + -- Reinhard Tartler Tue, 29 May 2007 15:02:57 +0200 + +cryptsetup (2:1.0.4+svn29-1ubuntu2) gutsy; urgency=low + + * modprobe dm-mod from cryptsetup.functions. (LP: #64625, #91405) + + -- Reinhard Tartler Tue, 29 May 2007 13:31:39 +0200 + +cryptsetup (2:1.0.4+svn29-1ubuntu1) gutsy; urgency=low + + * Merge from Debian unstable. Remaining Ubuntu changes: + - stop usplash on user input. Ubuntu: #62751 + - Always output and read from the console. Ubuntu: #58794. + - Wait for Udev to be ready to avoid partition non-detection. (LP: #85640) + * Modify Maintainer value to match Debian-Maintainer-Field Spec + + -- Andrea Veri Sun, 6 May 2007 22:33:25 +0200 + cryptsetup (2:1.0.4+svn29-1) unstable; urgency=low * New upstream svn snapshot with several bugfixes @@ -2214,6 +3521,20 @@ -- Jonas Meurer Sat, 28 Apr 2007 20:45:50 +0200 +cryptsetup (2:1.0.4+svn26-1ubuntu2) feisty; urgency=low + + * Wait for Udev to be ready to avoid partition non-detection. (LP: #85640) + + -- Stéphane Graber Thu, 14 Apr 2007 10:03:41 +0200 + +cryptsetup (2:1.0.4+svn26-1ubuntu1) feisty; urgency=low + + * merge debian changes. Remaining ubuntu changes: + - stop usplash on user input. Ubuntu: #62751 + - Always output and read from the console. Ubuntu: #58794. + + -- Reinhard Tartler Sat, 3 Feb 2007 21:30:03 +0100 + cryptsetup (2:1.0.4+svn26-1) unstable; urgency=high [ Jonas Meurer ] @@ -2263,6 +3584,28 @@ -- Jonas Meurer Tue, 28 Nov 2006 18:17:12 +0100 +cryptsetup (2:1.0.4-8ubuntu2) feisty; urgency=low + + * fix and improve initramfs hook: terminate usplash if running, since + adequate secure text input is not possible with usplash ATM + * usplash support: Terminate usplash before asking a password. + Closes https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/62751 + + -- Reinhard Tartler Wed, 24 Jan 2007 22:43:28 +0100 + +cryptsetup (2:1.0.4-8ubuntu1) feisty; urgency=low + + * merge debian changes, remaining patches: + - Always output and read from the console. Ubuntu: #58794. + * other changes have been merged or do noy apply anymore + * read password via usplash if available in initramfs for rootfs. based on a patch from + Swen Thümmler (Thanks for that!) Ubuntu #62751 + * read password from initscript via usplash if running. should fix the + rest of Ubuntu #62751. Only problem with that patch: It asks only once + for the password! improvements welcome! + + -- Reinhard Tartler Sun, 19 Nov 2006 20:04:19 +0100 + cryptsetup (2:1.0.4-8) unstable; urgency=high [ Jonas Meurer ] @@ -2420,6 +3763,27 @@ -- Jonas Meurer Mon, 4 Sep 2006 03:55:35 +0200 +cryptsetup (2:1.0.3-3ubuntu3) edgy; urgency=low + + * Always output and read from the console. Ubuntu: #58794. + + -- Scott James Remnant Thu, 21 Sep 2006 03:05:18 +0100 + +cryptsetup (2:1.0.3-3ubuntu2) edgy; urgency=low + + * Load the dm-crypt module on startup. Ubuntu: #53475. + + -- Scott James Remnant Wed, 23 Aug 2006 11:53:49 +0200 + +cryptsetup (2:1.0.3-3ubuntu1) edgy; urgency=low + + * Sync with Debian: + Remaining Ubuntu Changes + + debian/cryptdisks.functions: + - Tell usplash to quit if we ask for a passphrase + + -- Sebastian Dröge Tue, 11 Jul 2006 20:03:27 +0200 + cryptsetup (2:1.0.3-3) unstable; urgency=low [ Jonas Meurer ] @@ -2839,3 +4203,4 @@ * "integrated LUKS" support (very messy hack) -- Michael Gebetsroither Thu, 10 Feb 2005 18:16:21 +0100 + diff -Nru cryptsetup-2.1.0/debian/control cryptsetup-2.1.0/debian/control --- cryptsetup-2.1.0/debian/control 2019-05-28 15:04:16.000000000 +0000 +++ cryptsetup-2.1.0/debian/control 2019-05-28 22:12:10.000000000 +0000 @@ -1,7 +1,8 @@ Source: cryptsetup Section: admin Priority: optional -Maintainer: Debian Cryptsetup Team +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian Cryptsetup Team Uploaders: Jonas Meurer , Guilhem Moulin Build-Depends: autoconf, @@ -69,11 +70,11 @@ Package: cryptsetup-initramfs Architecture: all -Depends: busybox | busybox-static, +Depends: busybox-initramfs, cryptsetup-run (>= ${source:Version}), initramfs-tools (>= 0.129) | linux-initramfs-tool, ${misc:Depends} -Recommends: console-setup, kbd +Recommends: console-setup, kbd, plymouth Breaks: cryptsetup (<< 2:2.0.3-1) Replaces: cryptsetup (<< 2:2.0.3-1) Description: disk encryption support - initramfs integration diff -Nru cryptsetup-2.1.0/debian/initramfs/cryptroot-unlock cryptsetup-2.1.0/debian/initramfs/cryptroot-unlock --- cryptsetup-2.1.0/debian/initramfs/cryptroot-unlock 2019-05-28 15:04:16.000000000 +0000 +++ cryptsetup-2.1.0/debian/initramfs/cryptroot-unlock 2019-05-28 22:12:11.000000000 +0000 @@ -40,8 +40,14 @@ pgrep_exe() { local exe pid exe="$(readlink -f -- "$1" 2>/dev/null)" && [ -f "$exe" ] || return 0 - ps -eo pid= | while read pid; do - [ "$(readlink -f "/proc/$pid/exe")" != "$exe" ] || printf '%d\n' "$pid" + ps | awk '{print $1, $5}' | while read LINE; do + set $LINE + local pid=$1 + local cmd=$2 + if [ "$cmd" == "$exe" ]; then + echo $pid + break + fi done } @@ -101,7 +107,7 @@ break fi - usleep 100000 + sleep 0.1 timer=$(( $timer - 1 )) if [ $timer -le 0 ]; then echo "Error: Timeout reached while waiting for askpass." >&2 @@ -112,7 +118,7 @@ # find the cryptsetup process with same $CRYPTTAB_NAME local o v for o in NAME TRIED OPTION_tries; do - if v="$(grep -z -m1 "^CRYPTTAB_$o=" "/proc/$pid/environ")"; then + if v="$(tr '\0' '\n' < "/proc/$pid/environ" | grep -m1 "^CRYPTTAB_$o=")"; then eval "CRYPTTAB_$o"="\${v#CRYPTTAB_$o=}" else eval unset -v "CRYPTTAB_$o" @@ -128,7 +134,7 @@ fi for pid in $(pgrep_exe "/sbin/cryptsetup"); do - if grep -Fxqz "CRYPTTAB_NAME=$CRYPTTAB_NAME" "/proc/$pid/environ"; then + if tr '\0' '\n' < "/proc/$pid/environ" | grep -Fxq "CRYPTTAB_NAME=$CRYPTTAB_NAME"; then PID=$pid BIRTH=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) || break return 0 @@ -148,7 +154,7 @@ wait_for_answer() { local timer=$(( 10 * $TIMEOUT )) b while [ -d "/proc/$PID" ] && b=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) && [ $b -le $BIRTH ]; do - usleep 100000 + sleep 0.1 timer=$(( $timer - 1 )) if [ $timer -le 0 ]; then echo "Error: Timeout reached while waiting for PID $PID." >&2