UbuntuUpdates.org

Package "cryptsetup"

Name: cryptsetup

Description:

disk encryption support - startup scripts
Latest version: 2:2.2.2-3ubuntu2.4
Release: focal (20.04)
Level: updates
Repository: main
Homepage: https://gitlab.com/cryptsetup/cryptsetup

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "cryptsetup"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "cryptsetup" in Focal

Repository Area Version
base main 2:2.2.2-3ubuntu2
security main 2:2.2.2-3ubuntu2.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2:2.2.2-3ubuntu2.4 2022-02-15 17:06:45 UTC

  cryptsetup (2:2.2.2-3ubuntu2.4) focal-security; urgency=medium

  * SECURITY UPDATE: decryption through LUKS2 reencryption crash recovery
    - debian/patches/CVE-2021-4122.patch: add disable-luks2 reencryption
      configure option in configure.ac, lib/luks2/luks2_keyslot.c,
      lib/luks2/luks2_reencrypt.c, lib/setup.c, tests/api-test-2.c,
      tests/luks2-reencryption-test.
    - debian/rules: Disable LUKS2 reencryption by adding new
      --disable-luks2-reencryption build option.
    - CVE-2021-4122

 -- Marc Deslauriers <email address hidden> Tue, 18 Jan 2022 12:36:47 -0500
Source diff to previous version

Version: 2:2.2.2-3ubuntu2.3 2020-10-21 07:07:32 UTC

  cryptsetup (2:2.2.2-3ubuntu2.3) focal; urgency=medium

  * Introduce retry logic for external invocations after mdadm (LP: #1879980)
    - Currently, if an encrypted rootfs is configured on top of a MD RAID1
      array and such array gets degraded (e.g., a member is removed/failed)
      the cryptsetup scripts cannot mount the rootfs, and the boot fails.
      We fix that issue here by allowing the cryptroot script to be re-run
      by initramfs-tools/local-block stage, as mdadm can activate degraded
      arrays at that stage.
      There is an initramfs-tools counter-part for this fix, but alone the
      cryptsetup portion is harmless.
    - d/cryptsetup-initramfs.install: ship the new local-bottom script.
    - d/functions: declare variables for local-top|block|bottom scripts
      (flag that local-block is running and external invocation counter.)
    - d/i/s/local-block/cryptroot: set flag that local-block is running.
    - d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
    - d/i/s/local-top/cryptroot: change the logic from just waiting 180
      seconds to waiting 5 seconds first, then allowing initramfs-tools
      to run mdadm (to activate degraded arrays) and call back at least
      30 times/seconds more.

 -- <email address hidden> (Guilherme G. Piccoli) Wed, 16 Sep 2020 17:40:05 -0300
Source diff to previous version

Version: 2:2.2.2-3ubuntu2.2 2020-09-14 15:07:00 UTC

  cryptsetup (2:2.2.2-3ubuntu2.2) focal-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds write
    - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of
      heap space in lib/luks2/luks2_json_metadata.c.
    - CVE-2020-14382
  * debian/patches/decrease_memlock_ulimit.patch
    Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473)
    tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
    - Thanks Guilherme G. Piccoli.

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 10 Sep 2020 08:47:50 -0300
1891473 cryptsetup ftbfs in focal


About   -   Send Feedback to @ubuntu_updates