| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
"BSD" is ambiguous, use the precise license BSD-3-Clause.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
There is no need to build depend on the target libtool.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Version 2.18.2, 2021-10-25
Avoid using short exponents when encrypting in ElGamal,
as some PGP implementations generate keys with parameters
that are weak when short exponents are used (GH #2794)
Fix a low risk OAEP decryption side channel (GH #2797)
Work around a miscompilation of SHA-3 caused by a bug in Clang 12
and XCode 13. (GH #2826)
Remove support in OpenSSL provider for algorithms which are disabled
by default in OpenSSL 3.0 (GH #2823, #2814)
Add CI based on GitHub actions to replace Travis CI (GH #2632)
Fix the online OCSP test, as the certificate involved had expired.
(GH #2799)
Fix some test failures induced by the expiration of the trust root
"DST Root CA X3" (GH #2820)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cryptsetup 2.4.1 Release Notes
==============================
Stable bug-fix release with minor extensions.
All users of cryptsetup 2.4.0 should upgrade to this version.
Changes since version 2.4.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Fix compilation for libc implementations without dlvsym().
Some alternative libc implementations (like musl) do not provide
versioned symbols dlvsym function. Code now fallbacks to dlsym
operation for dynamic LUKS2 token load.
It is up to maintainers to ensure that LUKS2 token plugins are
compiled for the supported version.
* Fix compilation and tests on systems with non-standard libraries
(standalone argp library, external gettext library, BusyBox
implementations of standard tools).
* Try to workaround some issues on systems without udev support.
NOTE: non-udev systems cannot provide all functionality for kernel
device-mapper, and some operations can fail.
* Fixes for OpenSSL3 crypto backend (including FIPS mode).
Because cryptsetup still requires some hash functions implemented
in OpenSSL3 legacy provider, crypto backend now uses its library
context and tries to load both default and legacy OpenSSL3 providers.
If FIPS mode is detected, no library context is used, and it is up
to the OpenSSL system-wide policy to load proper providers.
NOTE: We still use some deprecated API in the OpenSSL3 backend,
and there are some known problems in OpenSSL 3.0.0.
* Print error message when assigning a token to an inactive keyslot.
* Fix offset bug in LUKS2 encryption code if --offset option was used.
* Do not allow LUKS2 decryption for devices with data offset.
Such devices cannot be used after decryption.
* Fix LUKS1 cryptsetup repair command for some specific problems.
Repair code can now fix wrongly used initialization vector
specification in ECB mode (that is insecure anyway!) and repair
the upper-case hash specification in the LUKS1 header.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Without the udevrules cryptsetup luksOpen will be hanging with "Udev
cookie 0xd4de0f6 (semid 5) waiting for zero".
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Otherwise cryptsetup-native depends on the target kernel and thus the
target compiler, as can be seen by:
$ bitbake -g cryptsetup-native
$ grep 'cryptsetup.*linux-yocto' task-depends.dot
"cryptsetup-native.do_build" -> "linux-yocto.do_deploy"
"cryptsetup-native.do_build" -> "linux-yocto.do_package_write_rpm"
"cryptsetup-native.do_populate_sysroot" -> "linux-yocto.do_populate_sysroot"
$ grep 'linux-yocto.*gcc-cross' task-depends.dot
"linux-yocto.do_kernel_configme" -> "gcc-cross-x86_64.do_populate_sysroot"
"linux-yocto.do_prepare_recipe_sysroot" -> "gcc-cross-x86_64.do_populate_sysroot"
This also moves the runtime dependencies to near the end of the recipe,
which is more customary.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
OE-core recipe is called util-linux-libuuid now
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Luca Boccassi <luca.boccassi@microsoft.com>
|
| |
|
|
|
| |
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The util-linux recipe in Poky has been split, and libuuid is separate now:
http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=d42487bf52310d095178e480b7ddec2666471009
This allows to build util-linux with cryptsetup, for native dm-verity
support.
The main cryptsetup build needs libuuid and not the full util-linux, so
switch the build-dependency over, thus allowing users to enable the
cryptsetup util-linux's PACKAGECONFIG.
The libblkid dependency is handled individually by the crypsetup's
PACKAGECONFIG option.
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
This helps in re-running the configure generation with autotools 2.70+
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Upstream supports building a binary with MinGW but not a shared library,
so remove the configure option for MinGW targets.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
CPU is not supported _yet_
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Library and command-line tool to manage the fs-verity
feature, introduced in Linux 5.4 and supported in ext4
and f2fs filesystems.
https://www.kernel.org/doc/html/latest/filesystems/fsverity.html
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Removed patches were upstreamed.
License checksum changed due to modified copyright years
(see @8397f0f7c45264a).
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
reproduce steps:
1. bitbake libmcrypt
2. add bb.note('hello') in do_fetch of base.bbclass
3. bitbake libmcrypt
do_configure failed:
Making clean in doc
make[1]: Entering directory 'build/tmp-glibc/work/cortexa72-wrs-linux/libmcrypt/2.5.8-r0/libmcrypt-2.5.8/doc'
make[1]: *** No rule to make target 'clean'. Stop.
make[1]: Leaving directory 'build/tmp-glibc/work/cortexa72-wrs-linux/libmcrypt/2.5.8-r0/libmcrypt-2.5.8/doc'
Makefile:316: recipe for target 'clean-recursive' failed
error occurred in autotools_preconfigure, since we have build one time
in step1, we have CONFIGURESTAMPFILE, and also BB_TASKHASH changed after
step2, in step3, after do_fetch, ${S} is renewed, but with main Makefile
exist but no Makefile exist under sub folder, so above error occurred.
set CLEANBROKEN to fix this error
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
See full changelog https://botan.randombit.net/news.html#version-2-14-0-2020-04-06
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This is a bug-fix release, see full changelog:
- https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.3/v2.3.1-ReleaseNotes
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
INFO: pkcs11-helper, 1.26, 11, None, c7a0cfa08ddc75d963a835d3588170af0e5f1115
After this commit:
INFO: Skip package pkcs11-helper (status = MATCH, current version = 1.26, next version = 1.26)
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
See full changelog https://github.com/OpenSC/pkcs11-helper/releases/tag/pkcs11-helper-1.26
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
-License-Update: Copyright year updated to 2020.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
Use builtin_bswap32 with clang if available
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Clang warns about unused functions on some arches e.g. mips
unused function '_bswap32' [-Werror,-Wunused-function]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Yuan Chao <yuanc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Since commit [libdevmapper/lvm2: force recipe libdevmapper to populate
sysroot only] applied, if recipe DEPENDS on libdevmapper, we have to
add it to packages RDEPENDS to fix [file-rdeps] QA issue
Set PREFERRED_RPROVIDER_libdevmapper = "lvm2" in layer.conf to explicit
RDEPENDS on libdevmapper in cryptsetup
Suggested-by : peter.kjellerstedt@axis.com
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Since commit [libdevmapper/lvm2: force recipe libdevmapper to populate
sysroot only] applied, if recipe DEPENDS on libdevmapper, we have to
add it to packages RDEPENDS to fix [file-rdeps] QA issue
Skip [build-deps] and [file-rdeps] QA checking, add lvm2 to DEPENDS will
triger circular dependencies, use recipe libdevmapper to replace,
ignore the QA checking is fine.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The cryptsetup 2.1 uses LUKS2 format as the default LUKS format. This
change introduced the following issues:
* LUKS2 requires kernel userspace crypto API to be available
(CONFIG_CRYPTO_USER_API and CONFIG_CRYPTO_USER_API_SKCIPHER). But
linux-yocto doesn't enable these options by default. If missing these
kernel modules, the cryptsetup will fall back to using dmcrypt-device
for keyslot processing.
$ cryptsetup --debug --type luks luksFormat /dev/sda3
[snip]
Checking if cipher aes-xts-plain64 is usable.
Userspace crypto wrapper cannot use aes-xts-plain64 (-95).
Using dmcrypt to access keyslot area.
[snip]
* The grub can not decrypt a LUKS2 encrypted boot partition because it
doesn't support LUKS2 now.
See grub bug: https://savannah.gnu.org/bugs/?55093
Add a PACKAGCONFIG for luks format and set the default LUKS format to
LUKS1. The users can specify '--type luks2' in cryptsetup command line
if they want to use LUKS2.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When building cryptsetup-native, don't enable udev support since there
is not a udev-native recipe.
When udev is enabled, change the dependency from a DEPENDS to an
RDEPENDS. The --enable-udev option adds a runtime check for udev before
using udev features of libdevmapper. Because of this, udev isn't needed
at build time, just runtime.
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Reviewed-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
Add various PACKAGECONFIG options, keeping the default options enabled.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
