[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#815480: marked as done (Linux kernel crypto 'no key' patches break cryptsetup if not carefully backported)

Your message dated Thu, 08 Dec 2016 01:08:54 +0000
with message-id <1481159334.3013.0.camel@decadent.org.uk>
and subject line Re: Bug#815480: cryptsetup: versions before 1.7.1 incompatible with latest batch of Linux kernels (mainline and stable)
has caused the Debian Bug report #815480,
regarding Linux kernel crypto 'no key' patches break cryptsetup if not carefully backported
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
815480: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815480
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: cryptsetup
Severity: important
Tags: upstream fixed-upstream

This bug is actually severity grave as it renders systems unbootable and
data unaccessible, but since it can only trigger on non-Debian kernels ATM,
I am reporting it at severity important.

https://gitlab.com/cryptsetup/cryptsetup/issues/284
https://bugzilla.kernel.org/show_bug.cgi?id=112631

cryptsetup is rendered useless by the latest batch of upstream stable
kernels, as well as by Linux mainline.

On systems with encrypted root, this renders the system unbootable.
Otherwise, it renders any encrypted partitions and media unaccessible.

Reproduced in Debian stable with a custom 3.18.27 kernel.

The issue has been fixed upstream in the cryptsetup master branch, and in
the cryptsetup v1_7_x branch.  The fix will land in the 1.7.1 release, I
think.

The kernel people did not reply yet due to the weekend, but I expect the
change will be made optional or reverted... for a while (and I hope for the
"optional").

Regardless, it would be nice to have updated cryptsetup uploaded to unstable
ASAP, and an eventual Debian stable backport...

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

--- End Message ---
--- Begin Message --- 
On Wed, 2016-12-07 at 12:49 +0100, Jonas Meurer wrote:
> Hi Ben,
> 
> > On Mon, 07 Mar 2016 03:45:17 +0000 Ben Hutchings <ben@decadent.org.uk>
> wrote:
> > Control: retitle -1 Linux kernel crypto 'no key'Â patches break cryptsetup if not carefully backported
> > 
> > Linux 3.2.78 and 3.16.7-ckt25 have this problem, but I have fixed it
> > (at least, the result works on my machine!) before uploading stable
> > updates based on those versions.
> > 
> > If you use any other stable kernel branch, you'll need to either
> > upgrade to 4.4 or request the appropriate stable maintainer fixes their
> > backport of the 'no key' patches.
> 
> Probably this bugreport should be closed, no? To my understanding, the
> Linux kernels in Debian are all patched to fix this problem and besides,
> cryptsetup packages in Unstable and Stretch are fixed to work with the
> backwards-incompatible changes anyway since quite some time.

Right, I don't think this ever really affected the Debian package.

Ben.

-- 
Ben Hutchings
When in doubt, use brute force. - Ken Thompson

Attachment: signature.asc
Description: This is a digitally signed message part


--- End Message ---
Reply to: