[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#935827: marked as done (buster-pu: package cryptsetup/2:2.1.0-5+deb10u2)

Your message dated Sat, 07 Sep 2019 14:34:49 +0100
with message-id <[🔎] f49e2985d8466065c49c03185c24465a32228fb5.camel@adam-barratt.org.uk>
and subject line Closing bugs for fixes including in 10.1 point release
has caused the Debian Bug report #935827,
regarding buster-pu: package cryptsetup/2:2.1.0-5+deb10u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
935827: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935827
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Dear release team,

Another regression was found in cryptsetup :-/  Its scope is quite narrow as
it only affects mapped device size ≥2TiB (2³² 512-bits sectors) on 32-bits
platforms.  And AFAICT ‘crypt’ targets are not affected, only ‘integrity’ ones
are; both standalone dm-integrity volumes set up with integritysetup(8), as
well as volumes used for *experimental* authenticated disk encryption and set
up with cryptsetup(8).

In these scenarios the size overflows (due to size_t being incorrectly used in
place of uint64_t) and the device is mapped with a truncated size.  There is a
risk of data loss if the user writes inside the container, for instance while
trying to recover it, so that should IMHO be fixed via s-p-u.

This is an upstream regression from 2.1.0, so Stretch is not affected.
2:2.2.0-3 from Sid contains the cherry-picked upstream fix, but Buster's
2:2.1.0-5 (and 2:2.1.0-5+deb10u1) is affected.  Changelog since 2:2.1.0-5 is
as follows, and debdiff against 2:2.1.0-5 and 2:2.1.0-5+deb10u1 attached.

--8<--------------------------------------------------------------------->8--

cryptsetup (2:2.1.0-5+deb10u2) buster; urgency=medium

  * Cherry pick upstream commit 8f8f0b32: Fix mapped segments overflow on
    32bit architectures.  Regression since 2:2.1.0-1.  (Closes: #935702)

 -- Guilhem Moulin <guilhem@debian.org>  Mon, 26 Aug 2019 14:54:10 +0200

cryptsetup (2:2.1.0-5+deb10u1) buster; urgency=high

  * Backport upstream commits c03e3fe8, 725720df and fe4e1de5 to fix support
    for LUKS2 headers without any bound keyslot.  Adding a new key slot using
    the volume key was failing, both via the crypt_keyslot_add_by_volume_key()
    API call and with `luksAddKey --master-key`.  The former in particular
    might yield data loss if, in order to change a passphrase, an application
    destroys the keyslot before adding a new one (using the volume key), cf.
    #928893.  Note that doing so is *unsafe*: applications should instead use
    crypt_keyslot_change_by_passphrase() from libcryptsetup >=1.6.0.
    Trying to open LUKS2 volume by supplying the volume key on the command
    line was also failing if there were no bound keyslot on the header.
    (Closes: #934715)

 -- Guilhem Moulin <guilhem@debian.org>  Fri, 16 Aug 2019 19:18:10 +0200

--8<--------------------------------------------------------------------->8--

A s-p-u was previously filed (#934956) — and accepted — for 2:2.1.0-5+deb10u1.
The new commit cherry-picked from upstream also includes a unit test; like
most of the test suite it'll be ignored by the build daemons as it requires
root access, but I did verify that the entire test suite still passes on amd64
and i386 (and that indeed large devices no longer overflow).

Given that Buster currently has 2:2.1.0-5, should the .changes include all
changes since that version, or only since 2:2.1.0-5+deb10u1?

Thanks for considering its inclusion in Buster!  CC'ing KiBi for the d-i ack.
Cheers,
-- 
Guilhem.

diffstat for cryptsetup-2.1.0 cryptsetup-2.1.0

 changelog                                                          |   23 +
 gbp.conf                                                           |    1 
 patches/Fix-getting-default-LUKS2-keyslot-encryption-paramet.patch |   56 +++
 patches/Fix-mapped-segments-overflow-on-32bit-architectures.patch  |  151 ++++++++++
 patches/Fix-volume-key-file-if-no-LUKS2-keyslots-are-present.patch |   86 +++++
 patches/Mention-limitation-of-crypt_get_volume_key_size.patch      |   20 +
 patches/series                                                     |    4 
 7 files changed, 341 insertions(+)

diff -Nru cryptsetup-2.1.0/debian/changelog cryptsetup-2.1.0/debian/changelog
--- cryptsetup-2.1.0/debian/changelog	2019-06-10 14:51:15.000000000 +0200
+++ cryptsetup-2.1.0/debian/changelog	2019-08-26 14:54:10.000000000 +0200
@@ -1,3 +1,26 @@
+cryptsetup (2:2.1.0-5+deb10u2) buster; urgency=medium
+
+  * Cherry pick upstream commit 8f8f0b32: Fix mapped segments overflow on
+    32bit architectures.  Regression since 2:2.1.0-1.  (Closes: #935702)
+
+ -- Guilhem Moulin <guilhem@debian.org>  Mon, 26 Aug 2019 14:54:10 +0200
+
+cryptsetup (2:2.1.0-5+deb10u1) buster; urgency=high
+
+  * Backport upstream commits c03e3fe8, 725720df and fe4e1de5 to fix support
+    for LUKS2 headers without any bound keyslot.  Adding a new key slot using
+    the volume key was failing, both via the crypt_keyslot_add_by_volume_key()
+    API call and with `luksAddKey --master-key`.  The former in particular
+    might yield data loss if, in order to change a passphrase, an application
+    destroys the keyslot before adding a new one (using the volume key), cf.
+    #928893.  Note that doing so is *unsafe*: applications should instead use
+    crypt_keyslot_change_by_passphrase() from libcryptsetup >=1.6.0.
+    Trying to open LUKS2 volume by supplying the volume key on the command
+    line was also failing if there were no bound keyslot on the header.
+    (Closes: #934715)
+
+ -- Guilhem Moulin <guilhem@debian.org>  Fri, 16 Aug 2019 19:18:10 +0200
+
 cryptsetup (2:2.1.0-5) unstable; urgency=medium
 
   [ Jonas Meurer ]
diff -Nru cryptsetup-2.1.0/debian/gbp.conf cryptsetup-2.1.0/debian/gbp.conf
--- cryptsetup-2.1.0/debian/gbp.conf	2019-06-10 14:51:15.000000000 +0200
+++ cryptsetup-2.1.0/debian/gbp.conf	2019-08-26 14:54:10.000000000 +0200
@@ -4,3 +4,4 @@
 [buildpackage]
 upstream-tag    = v%(version)s
 upstream-branch = upstream-2.0.x
+debian-branch   = debian-buster
diff -Nru cryptsetup-2.1.0/debian/patches/Fix-getting-default-LUKS2-keyslot-encryption-paramet.patch cryptsetup-2.1.0/debian/patches/Fix-getting-default-LUKS2-keyslot-encryption-paramet.patch
--- cryptsetup-2.1.0/debian/patches/Fix-getting-default-LUKS2-keyslot-encryption-paramet.patch	1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-2.1.0/debian/patches/Fix-getting-default-LUKS2-keyslot-encryption-paramet.patch	2019-08-26 14:54:10.000000000 +0200
@@ -0,0 +1,56 @@
+From c03e3fe88a9761f34b22d2b4d4654353783e2d4f Mon Sep 17 00:00:00 2001
+From: Ondrej Kozina <okozina@redhat.com>
+Date: Tue, 26 Feb 2019 11:49:58 +0100
+Subject: Fix getting default LUKS2 keyslot encryption parameters.
+
+When information about original keyslot size is missing (no active
+keyslot assigned to default segment) we have to fallback to
+default luks2 encryption parameters even though we know default
+segment cipher and mode.
+
+Fixes: #442.
+---
+ lib/setup.c        |    3 ++-
+ tests/api-test-2.c |   19 +++++++++++++++++++
+ 2 files changed, 21 insertions(+), 1 deletion(-)
+
+--- a/lib/setup.c
++++ b/lib/setup.c
+@@ -4632,7 +4632,8 @@ const char *crypt_keyslot_get_encryption
+ 	cipher =  LUKS2_get_cipher(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT);
+ 	if (!LUKS2_keyslot_cipher_incompatible(cd, cipher)) {
+ 		*key_size = crypt_get_volume_key_size(cd);
+-		return cipher;
++		if (*key_size)
++			return cipher;
+ 	}
+ 
+ 	/* Fallback to default LUKS2 keyslot encryption */
+--- a/tests/api-test-2.c
++++ b/tests/api-test-2.c
+@@ -914,6 +914,25 @@ static void AddDeviceLuks2(void)
+ 	FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key3, key_size, 0), "VK doesn't match any digest assigned to segment 0");
+ 	crypt_free(cd);
+ 
++	/*
++	 * Check regression in getting keyslot encryption parameters when
++	 * volume key size is unknown (no active keyslots).
++	 */
++	if (!_fips_mode) {
++		OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
++		crypt_set_iteration_time(cd, 1);
++		OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
++		EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
++		/* drop context copy of volume key */
++		crypt_free(cd);
++		OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
++		OK_(crypt_load(cd, CRYPT_LUKS, NULL));
++		EQ_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
++		OK_(crypt_keyslot_destroy(cd, 0));
++		EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
++		crypt_free(cd);
++	}
++
+ 	_cleanup_dmdevices();
+ }
+ 
diff -Nru cryptsetup-2.1.0/debian/patches/Fix-mapped-segments-overflow-on-32bit-architectures.patch cryptsetup-2.1.0/debian/patches/Fix-mapped-segments-overflow-on-32bit-architectures.patch
--- cryptsetup-2.1.0/debian/patches/Fix-mapped-segments-overflow-on-32bit-architectures.patch	1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-2.1.0/debian/patches/Fix-mapped-segments-overflow-on-32bit-architectures.patch	2019-08-26 14:54:10.000000000 +0200
@@ -0,0 +1,151 @@
+From 8f8f0b3258152a260c6a40be89b485f943f81484 Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyland@gmail.com>
+Date: Mon, 26 Aug 2019 10:01:17 +0200
+Subject: Fix mapped segments overflow on 32bit architectures.
+
+All set_segment functions must use uin64_t everywhere,
+not size_t that is platform dependent.
+
+The code later uses it correctly, it is just wrong function
+prototype definitions.
+
+Reported in
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935702
+
+(TODO: add a test for other segment types.)
+---
+ lib/libdevmapper.c          |   12 ++++++------
+ lib/utils_dm.h              |   12 ++++++------
+ tests/integrity-compat-test |   26 ++++++++++++++++++++++++++
+ 3 files changed, 38 insertions(+), 12 deletions(-)
+
+--- a/lib/libdevmapper.c
++++ b/lib/libdevmapper.c
+@@ -2592,9 +2592,9 @@ int dm_is_dm_kernel_name(const char *nam
+ 	return strncmp(name, "dm-", 3) ? 0 : 1;
+ }
+ 
+-int dm_crypt_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
++int dm_crypt_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
+ 	struct device *data_device, struct volume_key *vk, const char *cipher,
+-	size_t iv_offset, size_t data_offset, const char *integrity, uint32_t tag_size,
++	uint64_t iv_offset, uint64_t data_offset, const char *integrity, uint32_t tag_size,
+ 	uint32_t sector_size)
+ {
+ 	int r = -EINVAL;
+@@ -2632,7 +2632,7 @@ err:
+ 	return r;
+ }
+ 
+-int dm_verity_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
++int dm_verity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
+ 	struct device *data_device, struct device *hash_device, struct device *fec_device,
+ 	const char *root_hash, uint32_t root_hash_size, uint64_t hash_offset_block,
+ 	uint64_t hash_blocks, struct crypt_params_verity *vp)
+@@ -2658,7 +2658,7 @@ int dm_verity_target_set(struct dm_targe
+ 	return 0;
+ }
+ 
+-int dm_integrity_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
++int dm_integrity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
+ 			struct device *meta_device,
+ 		        struct device *data_device, uint64_t tag_size, uint64_t offset,
+ 			uint32_t sector_size, struct volume_key *vk,
+@@ -2697,8 +2697,8 @@ int dm_integrity_target_set(struct dm_ta
+ 	return 0;
+ }
+ 
+-int dm_linear_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
+-	struct device *data_device, size_t data_offset)
++int dm_linear_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
++	struct device *data_device, uint64_t data_offset)
+ {
+ 	if (!data_device)
+ 		return -EINVAL;
+--- a/lib/utils_dm.h
++++ b/lib/utils_dm.h
+@@ -156,22 +156,22 @@ void dm_backend_exit(struct crypt_device
+ int dm_targets_allocate(struct dm_target *first, unsigned count);
+ void dm_targets_free(struct crypt_device *cd, struct crypt_dm_active_device *dmd);
+ 
+-int dm_crypt_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
++int dm_crypt_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
+ 	struct device *data_device, struct volume_key *vk, const char *cipher,
+-	size_t iv_offset, size_t data_offset, const char *integrity,
++	uint64_t iv_offset, uint64_t data_offset, const char *integrity,
+ 	uint32_t tag_size, uint32_t sector_size);
+-int dm_verity_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
++int dm_verity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
+ 	struct device *data_device, struct device *hash_device, struct device *fec_device,
+ 	const char *root_hash, uint32_t root_hash_size, uint64_t hash_offset_block,
+ 	uint64_t hash_blocks, struct crypt_params_verity *vp);
+-int dm_integrity_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
++int dm_integrity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
+ 	struct device *meta_device,
+ 	struct device *data_device, uint64_t tag_size, uint64_t offset, uint32_t sector_size,
+ 	struct volume_key *vk,
+ 	struct volume_key *journal_crypt_key, struct volume_key *journal_mac_key,
+ 	const struct crypt_params_integrity *ip);
+-int dm_linear_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
+-	struct device *data_device, size_t data_offset);
++int dm_linear_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
++	struct device *data_device, uint64_t data_offset);
+ 
+ int dm_remove_device(struct crypt_device *cd, const char *name, uint32_t flags);
+ int dm_status_device(struct crypt_device *cd, const char *name);
+--- a/tests/integrity-compat-test
++++ b/tests/integrity-compat-test
+@@ -7,6 +7,8 @@ INTSETUP_VALGRIND=../.libs/integritysetu
+ INTSETUP_LIB_VALGRIND=../.libs
+ 
+ DEV_NAME=dmc_test
++DEV_NAME_BIG=dmc_fake
++DEV_LOOP=""
+ DEV=test123.img
+ DEV2=test124.img
+ KEY_FILE=key.img
+@@ -18,6 +20,9 @@ dmremove() { # device
+ 
+ cleanup() {
+ 	[ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME
++	[ -b /dev/mapper/$DEV_NAME_BIG ] && dmremove $DEV_NAME_BIG
++	[ -n "$DEV_LOOP" ] && losetup -d "$DEV_LOOP"
++	DEV_LOOP=""
+ 	rm -f $DEV $DEV2 $KEY_FILE >/dev/null 2>&1
+ }
+ 
+@@ -282,6 +287,7 @@ int_mode() # alg tag_size sector_size [k
+ 
+ [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
+ [ ! -x "$INTSETUP" ] && skip "Cannot find $INTSETUP, test skipped."
++which blockdev >/dev/null || skip "Cannot find blockdev utility, test skipped."
+ 
+ [ -n "$VALG" ] && valgrind_setup && INTSETUP=valgrind_run
+ which hexdump >/dev/null 2>&1 || skip "WARNING: hexdump tool required."
+@@ -358,6 +364,26 @@ if [ -n "$DM_INTEGRITY_META" ] ; then
+ 	echo "[OK]"
+ else
+ 	echo "[N/A]"
++fi
++
++echo -n "Big device:"
++add_device
++DEV_LOOP=$(losetup -f $DEV --show)
++if [ -n "$DEV_LOOP" ] ; then
++dmsetup create $DEV_NAME_BIG <<EOF
++0 16284 linear $DEV_LOOP 0
++16284 80000000000 zero
++EOF
++	[ ! -b /dev/mapper/$DEV_NAME_BIG ] && fail
++	$INTSETUP format -q -s 512 --no-wipe /dev/mapper/$DEV_NAME_BIG
++	$INTSETUP open /dev/mapper/$DEV_NAME_BIG $DEV_NAME || fail
++	D_SIZE=$($INTSETUP dump /dev/mapper/$DEV_NAME_BIG | grep provided_data_sectors | sed -e 's/.*provided_data_sectors\ \+//g')
++	A_SIZE=$(blockdev --getsz /dev/mapper/$DEV_NAME)
++	# Compare strings (to avoid 64bit integers), not integers
++	[ -n "$A_SIZE" -a "$D_SIZE" != "$A_SIZE" ] && fail
++	echo "[OK]"
++else
++	echo "[N/A]"
+ fi
+ 
+ cleanup
diff -Nru cryptsetup-2.1.0/debian/patches/Fix-volume-key-file-if-no-LUKS2-keyslots-are-present.patch cryptsetup-2.1.0/debian/patches/Fix-volume-key-file-if-no-LUKS2-keyslots-are-present.patch
--- cryptsetup-2.1.0/debian/patches/Fix-volume-key-file-if-no-LUKS2-keyslots-are-present.patch	1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-2.1.0/debian/patches/Fix-volume-key-file-if-no-LUKS2-keyslots-are-present.patch	2019-08-26 14:54:10.000000000 +0200
@@ -0,0 +1,86 @@
+From 725720dfc31ff26c4a60089a478fe5e882925ef3 Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyland@gmail.com>
+Date: Wed, 14 Aug 2019 12:31:40 +0200
+Subject: Fix volume key file if no LUKS2 keyslots are present.
+
+If all keyslots are removed, LUKS2 has no longer information about
+the volume key size (there is only key digest present).
+
+If user wants to open or add new keyslot, it must get information
+about key size externally.
+
+We do not want to guess key size from the file size (it does not
+work for block devices for example), so require explicit --keyfil
+option in these cases.
+
+Fixes #470.
+---
+ src/cryptsetup.c   |   18 ++++++++++++++++--
+ tests/compat-test2 |    7 ++++++-
+ 2 files changed, 22 insertions(+), 3 deletions(-)
+
+--- a/src/cryptsetup.c
++++ b/src/cryptsetup.c
+@@ -1249,6 +1249,13 @@ static int action_open_luks(void)
+ 
+ 	if (opt_master_key_file) {
+ 		keysize = crypt_get_volume_key_size(cd);
++		if (!keysize && !opt_key_size) {
++			log_err(_("Cannot dermine volume key size for LUKS without keyslots, please use --key-size option."));
++			r = -EINVAL;
++			goto out;
++		} else if (!keysize)
++			keysize = opt_key_size / 8;
++
+ 		r = tools_read_mk(opt_master_key_file, &key, keysize);
+ 		if (r < 0)
+ 			goto out;
+@@ -1553,6 +1560,13 @@ static int action_luksAddKey(void)
+ 	}
+ 
+ 	if (opt_master_key_file) {
++		if (!keysize && !opt_key_size) {
++			log_err(_("Cannot dermine volume key size for LUKS without keyslots, please use --key-size option."));
++			r = -EINVAL;
++			goto out;
++		} else if (!keysize)
++			keysize = opt_key_size / 8;
++
+ 		r = tools_read_mk(opt_master_key_file, &key, keysize);
+ 		if (r < 0)
+ 			goto out;
+@@ -2752,9 +2766,9 @@ int main(int argc, const char **argv)
+ 	   strcmp(aname, "luksFormat") &&
+ 	   strcmp(aname, "open") &&
+ 	   strcmp(aname, "benchmark") &&
+-	   (strcmp(aname, "luksAddKey") || !opt_unbound))
++	   strcmp(aname, "luksAddKey"))
+ 		usage(popt_context, EXIT_FAILURE,
+-		      _("Option --key-size is allowed only for luksFormat, luksAddKey (with --unbound),\n"
++		      _("Option --key-size is allowed only for luksFormat, luksAddKey,\n"
+ 			"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."),
+ 		      poptGetInvocationName(popt_context));
+ 
+--- a/tests/compat-test2
++++ b/tests/compat-test2
+@@ -492,7 +492,7 @@ echo $PWD1 | $CRYPTSETUP luksOpen $LOOPD
+ $CRYPTSETUP  luksClose  $DEV_NAME || fail
+ 
+ prepare "[21] luksDump" wipe
+-echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --uuid $TEST_UUID --type luks2 $LOOPDEV $KEY1 || fail
++echo $PWD1 | $CRYPTSETUP -q luksFormat --key-size 256 $FAST_PBKDF_OPT --uuid $TEST_UUID --type luks2 $LOOPDEV $KEY1 || fail
+ echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 || fail
+ $CRYPTSETUP luksDump $LOOPDEV | grep -q "0: luks2" || fail
+ $CRYPTSETUP luksDump $LOOPDEV | grep -q $TEST_UUID || fail
+@@ -504,6 +504,11 @@ echo $PWD1 | $CRYPTSETUP luksDump -q $LO
+ fips_mode || {
+ 	echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --master-key-file $VK_FILE $LOOPDEV || fail
+ }
++# Use volume key file without keyslots
++$CRYPTSETUP luksErase -q $LOOPDEV || fail
++$CRYPTSETUP luksOpen --master-key-file $VK_FILE --key-size 256 --test-passphrase $LOOPDEV || fail
++echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --master-key-file $VK_FILE --key-size 256 $LOOPDEV || fail
++echo $PWD1 | $CRYPTSETUP luksOpen --test-passphrase $LOOPDEV || fail
+ 
+ prepare "[22] remove disappeared device" wipe
+ dmsetup create $DEV_NAME --table "0 39998 linear $LOOPDEV 2" || fail
diff -Nru cryptsetup-2.1.0/debian/patches/Mention-limitation-of-crypt_get_volume_key_size.patch cryptsetup-2.1.0/debian/patches/Mention-limitation-of-crypt_get_volume_key_size.patch
--- cryptsetup-2.1.0/debian/patches/Mention-limitation-of-crypt_get_volume_key_size.patch	1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-2.1.0/debian/patches/Mention-limitation-of-crypt_get_volume_key_size.patch	2019-08-26 14:54:10.000000000 +0200
@@ -0,0 +1,20 @@
+From fe4e1de56639f1e6851ff8e47729f703a25dece4 Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyland@gmail.com>
+Date: Mon, 29 Jul 2019 14:32:13 +0200
+Subject: Mention limitation of crypt_get_volume_key_size().
+
+---
+ lib/libcryptsetup.h |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/lib/libcryptsetup.h
++++ b/lib/libcryptsetup.h
+@@ -1448,6 +1448,8 @@ uint64_t crypt_get_iv_offset(struct cryp
+  *
+  * @return volume key size
+  *
++ * @note For LUKS2, this function can be used only if there is at least
++ *       one keyslot assigned to data segment.
+  */
+ int crypt_get_volume_key_size(struct crypt_device *cd);
+ 
diff -Nru cryptsetup-2.1.0/debian/patches/series cryptsetup-2.1.0/debian/patches/series
--- cryptsetup-2.1.0/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-2.1.0/debian/patches/series	2019-08-26 14:54:10.000000000 +0200
@@ -0,0 +1,4 @@
+Fix-getting-default-LUKS2-keyslot-encryption-paramet.patch
+Mention-limitation-of-crypt_get_volume_key_size.patch
+Fix-volume-key-file-if-no-LUKS2-keyslots-are-present.patch
+Fix-mapped-segments-overflow-on-32bit-architectures.patch

diffstat for cryptsetup-2.1.0 cryptsetup-2.1.0

 changelog                                                         |    7 
 patches/Fix-mapped-segments-overflow-on-32bit-architectures.patch |  151 ++++++++++
 patches/series                                                    |    1 
 3 files changed, 159 insertions(+)

diff -Nru cryptsetup-2.1.0/debian/changelog cryptsetup-2.1.0/debian/changelog
--- cryptsetup-2.1.0/debian/changelog	2019-08-16 19:18:10.000000000 +0200
+++ cryptsetup-2.1.0/debian/changelog	2019-08-26 14:54:10.000000000 +0200
@@ -1,3 +1,10 @@
+cryptsetup (2:2.1.0-5+deb10u2) buster; urgency=medium
+
+  * Cherry pick upstream commit 8f8f0b32: Fix mapped segments overflow on
+    32bit architectures.  Regression since 2:2.1.0-1.  (Closes: #935702)
+
+ -- Guilhem Moulin <guilhem@debian.org>  Mon, 26 Aug 2019 14:54:10 +0200
+
 cryptsetup (2:2.1.0-5+deb10u1) buster; urgency=high
 
   * Backport upstream commits c03e3fe8, 725720df and fe4e1de5 to fix support
diff -Nru cryptsetup-2.1.0/debian/patches/Fix-mapped-segments-overflow-on-32bit-architectures.patch cryptsetup-2.1.0/debian/patches/Fix-mapped-segments-overflow-on-32bit-architectures.patch
--- cryptsetup-2.1.0/debian/patches/Fix-mapped-segments-overflow-on-32bit-architectures.patch	1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-2.1.0/debian/patches/Fix-mapped-segments-overflow-on-32bit-architectures.patch	2019-08-26 14:54:10.000000000 +0200
@@ -0,0 +1,151 @@
+From 8f8f0b3258152a260c6a40be89b485f943f81484 Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyland@gmail.com>
+Date: Mon, 26 Aug 2019 10:01:17 +0200
+Subject: Fix mapped segments overflow on 32bit architectures.
+
+All set_segment functions must use uin64_t everywhere,
+not size_t that is platform dependent.
+
+The code later uses it correctly, it is just wrong function
+prototype definitions.
+
+Reported in
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935702
+
+(TODO: add a test for other segment types.)
+---
+ lib/libdevmapper.c          |   12 ++++++------
+ lib/utils_dm.h              |   12 ++++++------
+ tests/integrity-compat-test |   26 ++++++++++++++++++++++++++
+ 3 files changed, 38 insertions(+), 12 deletions(-)
+
+--- a/lib/libdevmapper.c
++++ b/lib/libdevmapper.c
+@@ -2592,9 +2592,9 @@ int dm_is_dm_kernel_name(const char *nam
+ 	return strncmp(name, "dm-", 3) ? 0 : 1;
+ }
+ 
+-int dm_crypt_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
++int dm_crypt_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
+ 	struct device *data_device, struct volume_key *vk, const char *cipher,
+-	size_t iv_offset, size_t data_offset, const char *integrity, uint32_t tag_size,
++	uint64_t iv_offset, uint64_t data_offset, const char *integrity, uint32_t tag_size,
+ 	uint32_t sector_size)
+ {
+ 	int r = -EINVAL;
+@@ -2632,7 +2632,7 @@ err:
+ 	return r;
+ }
+ 
+-int dm_verity_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
++int dm_verity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
+ 	struct device *data_device, struct device *hash_device, struct device *fec_device,
+ 	const char *root_hash, uint32_t root_hash_size, uint64_t hash_offset_block,
+ 	uint64_t hash_blocks, struct crypt_params_verity *vp)
+@@ -2658,7 +2658,7 @@ int dm_verity_target_set(struct dm_targe
+ 	return 0;
+ }
+ 
+-int dm_integrity_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
++int dm_integrity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
+ 			struct device *meta_device,
+ 		        struct device *data_device, uint64_t tag_size, uint64_t offset,
+ 			uint32_t sector_size, struct volume_key *vk,
+@@ -2697,8 +2697,8 @@ int dm_integrity_target_set(struct dm_ta
+ 	return 0;
+ }
+ 
+-int dm_linear_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
+-	struct device *data_device, size_t data_offset)
++int dm_linear_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
++	struct device *data_device, uint64_t data_offset)
+ {
+ 	if (!data_device)
+ 		return -EINVAL;
+--- a/lib/utils_dm.h
++++ b/lib/utils_dm.h
+@@ -156,22 +156,22 @@ void dm_backend_exit(struct crypt_device
+ int dm_targets_allocate(struct dm_target *first, unsigned count);
+ void dm_targets_free(struct crypt_device *cd, struct crypt_dm_active_device *dmd);
+ 
+-int dm_crypt_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
++int dm_crypt_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
+ 	struct device *data_device, struct volume_key *vk, const char *cipher,
+-	size_t iv_offset, size_t data_offset, const char *integrity,
++	uint64_t iv_offset, uint64_t data_offset, const char *integrity,
+ 	uint32_t tag_size, uint32_t sector_size);
+-int dm_verity_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
++int dm_verity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
+ 	struct device *data_device, struct device *hash_device, struct device *fec_device,
+ 	const char *root_hash, uint32_t root_hash_size, uint64_t hash_offset_block,
+ 	uint64_t hash_blocks, struct crypt_params_verity *vp);
+-int dm_integrity_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
++int dm_integrity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
+ 	struct device *meta_device,
+ 	struct device *data_device, uint64_t tag_size, uint64_t offset, uint32_t sector_size,
+ 	struct volume_key *vk,
+ 	struct volume_key *journal_crypt_key, struct volume_key *journal_mac_key,
+ 	const struct crypt_params_integrity *ip);
+-int dm_linear_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
+-	struct device *data_device, size_t data_offset);
++int dm_linear_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
++	struct device *data_device, uint64_t data_offset);
+ 
+ int dm_remove_device(struct crypt_device *cd, const char *name, uint32_t flags);
+ int dm_status_device(struct crypt_device *cd, const char *name);
+--- a/tests/integrity-compat-test
++++ b/tests/integrity-compat-test
+@@ -7,6 +7,8 @@ INTSETUP_VALGRIND=../.libs/integritysetu
+ INTSETUP_LIB_VALGRIND=../.libs
+ 
+ DEV_NAME=dmc_test
++DEV_NAME_BIG=dmc_fake
++DEV_LOOP=""
+ DEV=test123.img
+ DEV2=test124.img
+ KEY_FILE=key.img
+@@ -18,6 +20,9 @@ dmremove() { # device
+ 
+ cleanup() {
+ 	[ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME
++	[ -b /dev/mapper/$DEV_NAME_BIG ] && dmremove $DEV_NAME_BIG
++	[ -n "$DEV_LOOP" ] && losetup -d "$DEV_LOOP"
++	DEV_LOOP=""
+ 	rm -f $DEV $DEV2 $KEY_FILE >/dev/null 2>&1
+ }
+ 
+@@ -282,6 +287,7 @@ int_mode() # alg tag_size sector_size [k
+ 
+ [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
+ [ ! -x "$INTSETUP" ] && skip "Cannot find $INTSETUP, test skipped."
++which blockdev >/dev/null || skip "Cannot find blockdev utility, test skipped."
+ 
+ [ -n "$VALG" ] && valgrind_setup && INTSETUP=valgrind_run
+ which hexdump >/dev/null 2>&1 || skip "WARNING: hexdump tool required."
+@@ -358,6 +364,26 @@ if [ -n "$DM_INTEGRITY_META" ] ; then
+ 	echo "[OK]"
+ else
+ 	echo "[N/A]"
++fi
++
++echo -n "Big device:"
++add_device
++DEV_LOOP=$(losetup -f $DEV --show)
++if [ -n "$DEV_LOOP" ] ; then
++dmsetup create $DEV_NAME_BIG <<EOF
++0 16284 linear $DEV_LOOP 0
++16284 80000000000 zero
++EOF
++	[ ! -b /dev/mapper/$DEV_NAME_BIG ] && fail
++	$INTSETUP format -q -s 512 --no-wipe /dev/mapper/$DEV_NAME_BIG
++	$INTSETUP open /dev/mapper/$DEV_NAME_BIG $DEV_NAME || fail
++	D_SIZE=$($INTSETUP dump /dev/mapper/$DEV_NAME_BIG | grep provided_data_sectors | sed -e 's/.*provided_data_sectors\ \+//g')
++	A_SIZE=$(blockdev --getsz /dev/mapper/$DEV_NAME)
++	# Compare strings (to avoid 64bit integers), not integers
++	[ -n "$A_SIZE" -a "$D_SIZE" != "$A_SIZE" ] && fail
++	echo "[OK]"
++else
++	echo "[N/A]"
+ fi
+ 
+ cleanup
diff -Nru cryptsetup-2.1.0/debian/patches/series cryptsetup-2.1.0/debian/patches/series
--- cryptsetup-2.1.0/debian/patches/series	2019-08-16 19:18:10.000000000 +0200
+++ cryptsetup-2.1.0/debian/patches/series	2019-08-26 14:54:10.000000000 +0200
@@ -1,3 +1,4 @@
 Fix-getting-default-LUKS2-keyslot-encryption-paramet.patch
 Mention-limitation-of-crypt_get_volume_key_size.patch
 Fix-volume-key-file-if-no-LUKS2-keyslots-are-present.patch
+Fix-mapped-segments-overflow-on-32bit-architectures.patch

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Version: 10.1

Hi,

The fixes referenced by each of these bugs were included in today's
buster point release.

Regards,

Adam

--- End Message ---
Reply to: