Bug#928269: unblock: cryptsetup/2.1.0-3
Control: tags -1 confirmed d-i
Hi,
On Tue, Apr 30, 2019 at 10:14:22PM +0200, Guilhem Moulin wrote:
> The cryptsetup package found in Buster, currently at version 2:2.1.0-2,
> contains regressions affecting unlocking using OpenSC (PKCS#15 compatible
> Smart Card):
>
> [#926573] The `decrypt_opensc` keyscript poisons standard output,
> causing `cryptsetup open --key-file -` to fail. (Since 2:2.0.3-7.)
> https://salsa.debian.org/cryptsetup-team/cryptsetup/merge_requests/8
>
> [#928263] The initramfs hook fails to copy libpcsclite.so to the
> initramfs on non-usrmerge systems, causing the pcscd daemon to fail to
> start, hence failing unlocking at initramfs stage. (Since 2:2.0.3-2.)
>
> These regressions are RC for users relying on OpenSC integration, but
> the bugs have ‘Severity: important’ since src:cryptsetup is still usable
> to others.
>
> Debdiff between 2:2.1.0-2 and 2:2.1.0-3 attached.
This looks ok, but needs a d-i ack. Cc'ed kibi.
Thanks,
Ivo
> diff -Nru cryptsetup-2.1.0/debian/changelog cryptsetup-2.1.0/debian/changelog
> --- cryptsetup-2.1.0/debian/changelog 2019-02-28 22:32:43.000000000 +0100
> +++ cryptsetup-2.1.0/debian/changelog 2019-04-30 21:20:47.000000000 +0200
> @@ -1,3 +1,12 @@
> +cryptsetup (2:2.1.0-3) unstable; urgency=medium
> +
> + * d/scripts/decrypt_opensc: Fix standard output poisoning. Thanks to Nils
> + Mueller for the report and patch. (Closes: #926573.)
> + * d/initramfs/hooks/cryptopensc: Ensure that libpcsclite.so is copied to the
> + initramfs on non-usrmerge systems. (Closes: #928263.)
> +
> + -- Guilhem Moulin <guilhem@debian.org> Tue, 30 Apr 2019 21:20:47 +0200
> +
> cryptsetup (2:2.1.0-2) unstable; urgency=medium
>
> * debian/copyright:
> diff -Nru cryptsetup-2.1.0/debian/initramfs/hooks/cryptopensc cryptsetup-2.1.0/debian/initramfs/hooks/cryptopensc
> --- cryptsetup-2.1.0/debian/initramfs/hooks/cryptopensc 2019-02-28 22:32:43.000000000 +0100
> +++ cryptsetup-2.1.0/debian/initramfs/hooks/cryptopensc 2019-04-30 21:20:47.000000000 +0200
> @@ -47,7 +47,7 @@
> # pcscd utilizes pthread_cancel
> copy_exec /usr/sbin/pcscd
> LIBC_DIR="$(ldd /usr/sbin/pcscd | sed -nr 's#.* => (/lib.*)/libc\.so\.[0-9.-]+ \(0x[[:xdigit:]]+\)$#\1#p')"
> -find -L "$LIBC_DIR" -maxdepth 1 \( -name 'libgcc_s.*' -o -name 'libusb-*.so*' -o -name 'libpcsclite.so*' \) -type f | while read so; do
> +find -L "$LIBC_DIR" "/usr$LIBC_DIR" -maxdepth 1 \( -name 'libgcc_s.*' -o -name 'libusb-*.so*' -o -name 'libpcsclite.so*' \) -type f | while read so; do
> copy_exec "$so"
> done
>
> diff -Nru cryptsetup-2.1.0/debian/scripts/decrypt_opensc cryptsetup-2.1.0/debian/scripts/decrypt_opensc
> --- cryptsetup-2.1.0/debian/scripts/decrypt_opensc 2019-02-28 22:32:43.000000000 +0100
> +++ cryptsetup-2.1.0/debian/scripts/decrypt_opensc 2019-04-30 21:20:47.000000000 +0200
> @@ -12,7 +12,7 @@
> check_card() {
> cardfound=0
>
> - if /usr/bin/opensc-tool -n 2>&1; then
> + if /usr/bin/opensc-tool -n >/dev/null 2>&1; then
> cardfound=1
> fi
> }
Reply to: