[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#928269: unblock: cryptsetup/2.1.0-3

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi there,

The cryptsetup package found in Buster, currently at version 2:2.1.0-2,
contains regressions affecting unlocking using OpenSC (PKCS#15 compatible
Smart Card):

    [#926573] The `decrypt_opensc` keyscript poisons standard output,
    causing `cryptsetup open --key-file -` to fail.  (Since 2:2.0.3-7.)
    https://salsa.debian.org/cryptsetup-team/cryptsetup/merge_requests/8

    [#928263] The initramfs hook fails to copy libpcsclite.so to the
    initramfs on non-usrmerge systems, causing the pcscd daemon to fail to
    start, hence failing unlocking at initramfs stage.  (Since 2:2.0.3-2.)

These regressions are RC for users relying on OpenSC integration, but
the bugs have ‘Severity: important’ since src:cryptsetup is still usable
to others.

Debdiff between 2:2.1.0-2 and 2:2.1.0-3 attached.

Thanks for considering its inclusion in Buster!
Cheers,
-- 
Guilhem.

diff -Nru cryptsetup-2.1.0/debian/changelog cryptsetup-2.1.0/debian/changelog
--- cryptsetup-2.1.0/debian/changelog	2019-02-28 22:32:43.000000000 +0100
+++ cryptsetup-2.1.0/debian/changelog	2019-04-30 21:20:47.000000000 +0200
@@ -1,3 +1,12 @@
+cryptsetup (2:2.1.0-3) unstable; urgency=medium
+
+  * d/scripts/decrypt_opensc: Fix standard output poisoning.  Thanks to Nils
+    Mueller for the report and patch.  (Closes: #926573.)
+  * d/initramfs/hooks/cryptopensc: Ensure that libpcsclite.so is copied to the
+    initramfs on non-usrmerge systems.  (Closes: #928263.)
+
+ -- Guilhem Moulin <guilhem@debian.org>  Tue, 30 Apr 2019 21:20:47 +0200
+
 cryptsetup (2:2.1.0-2) unstable; urgency=medium
 
   * debian/copyright:
diff -Nru cryptsetup-2.1.0/debian/initramfs/hooks/cryptopensc cryptsetup-2.1.0/debian/initramfs/hooks/cryptopensc
--- cryptsetup-2.1.0/debian/initramfs/hooks/cryptopensc	2019-02-28 22:32:43.000000000 +0100
+++ cryptsetup-2.1.0/debian/initramfs/hooks/cryptopensc	2019-04-30 21:20:47.000000000 +0200
@@ -47,7 +47,7 @@
 # pcscd utilizes pthread_cancel
 copy_exec /usr/sbin/pcscd
 LIBC_DIR="$(ldd /usr/sbin/pcscd | sed -nr 's#.* => (/lib.*)/libc\.so\.[0-9.-]+ \(0x[[:xdigit:]]+\)$#\1#p')"
-find -L "$LIBC_DIR" -maxdepth 1 \( -name 'libgcc_s.*' -o -name 'libusb-*.so*' -o -name 'libpcsclite.so*' \) -type f | while read so; do
+find -L "$LIBC_DIR" "/usr$LIBC_DIR" -maxdepth 1 \( -name 'libgcc_s.*' -o -name 'libusb-*.so*' -o -name 'libpcsclite.so*' \) -type f | while read so; do
     copy_exec "$so"
 done
 
diff -Nru cryptsetup-2.1.0/debian/scripts/decrypt_opensc cryptsetup-2.1.0/debian/scripts/decrypt_opensc
--- cryptsetup-2.1.0/debian/scripts/decrypt_opensc	2019-02-28 22:32:43.000000000 +0100
+++ cryptsetup-2.1.0/debian/scripts/decrypt_opensc	2019-04-30 21:20:47.000000000 +0200
@@ -12,7 +12,7 @@
 check_card() {
     cardfound=0
 
-    if /usr/bin/opensc-tool -n 2>&1; then
+    if /usr/bin/opensc-tool -n >/dev/null 2>&1; then
         cardfound=1
     fi
 }

Attachment: signature.asc
Description: PGP signature

Reply to: