Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
Control: affects -1 + src:argon2 cryptsetup-udeb
Dear Release Team,
[ Reason ]
While collecting LUKS2 PBKDF memory cost values in kibi and I discovered
that memory cost were significantly lower when `cryptsetup luksFormat`
was run in d-i compared to the final system.
elbrus argued at https://bugs.debian.org/1032235#107 that ≥0~20190702-0.1
was not suitable for bookworm at this point of the release cycle, hence
the targeted fix for t-p-u.
[ Impact ]
The lower memory cost has security implications for the volume. See
https://bugs.debian.org/1028250#78 and follow-up messages.
[ Tests ]
* Upstream test suite.
* New benchmarks (with cryptsetup/2:2.6.1-4~deb12u1) at
https://bugs.debian.org/1028250#93 .
* DEP-8 for cryptsetup (reverse dependency).
[ Risks ]
Changing d/rules so late in the release cycle might sound scary, however
the change merely reverts a commit from 2018 that is no longer relevant
and is causing the issue. It was partially reverted in 0~20190702-0.1
already, but but for the argon2 binary only (see #1032234) not
libargon2-1-udeb.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
* Add Breaks on cryptsetup-initramfs <2:2.6.1-2 as the rebuild with
recent glibc broke it.
* Set 'debian-branch = debian/bookworm' in d/gbp.conf.
* Restore threading support to libargon2-1-udeb as well an the argon2
binary.
[ Other info ]
CC'ing kibi for d-i-ack.
--
Guilhem.
diffstat for argon2-0~20171227 argon2-0~20171227
changelog | 18 ++++++++++++++++++
control | 1 +
gbp.conf | 2 +-
libargon2-1-udeb.install | 2 ++
rules | 11 -----------
5 files changed, 22 insertions(+), 12 deletions(-)
diff -Nru argon2-0~20171227/debian/changelog argon2-0~20171227/debian/changelog
--- argon2-0~20171227/debian/changelog 2022-02-13 10:41:34.000000000 +0100
+++ argon2-0~20171227/debian/changelog 2023-04-21 21:29:33.000000000 +0200
@@ -1,3 +1,21 @@
+argon2 (0~20171227-0.3+deb12u1) bookworm; urgency=medium
+
+ * Non-maintainer upload.
+
+ [ Bastian Germann ]
+ * Add Breaks on cryptsetup-initramfs (see #1032235)
+
+ [ Guilhem Moulin ]
+ * d/gbp.conf: Set 'debian-branch = debian/bookworm'.
+ * d/rules: Restore threading support to libargon2-1-udeb (closes: #1034696).
+ This is beneficial for cryptsetup-udeb, see #1028250. Removing threading
+ support in libargon2-1-udeb was done for historical reasons no longer
+ relevant since Debian Bookworm. This also restores threading support to
+ argon2 which was inadvertently dropped in 0~20171227-0.1 (closes:
+ #1032234).
+
+ -- Guilhem Moulin <guilhem@debian.org> Fri, 21 Apr 2023 21:29:33 +0200
+
argon2 (0~20171227-0.3) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru argon2-0~20171227/debian/control argon2-0~20171227/debian/control
--- argon2-0~20171227/debian/control 2022-02-13 10:41:34.000000000 +0100
+++ argon2-0~20171227/debian/control 2023-04-21 21:29:33.000000000 +0200
@@ -60,6 +60,7 @@
Architecture: any
Pre-Depends: ${misc:Pre-Depends}
Depends: ${shlibs:Depends}, ${misc:Depends}
+Breaks: cryptsetup-initramfs (<<2:2.6.1-2)
Multi-Arch: same
Description: memory-hard hashing function - runtime library
Argon2 is a password-hashing function that can be used to hash passwords
diff -Nru argon2-0~20171227/debian/gbp.conf argon2-0~20171227/debian/gbp.conf
--- argon2-0~20171227/debian/gbp.conf 2022-02-13 10:41:34.000000000 +0100
+++ argon2-0~20171227/debian/gbp.conf 2023-04-21 21:29:33.000000000 +0200
@@ -1,7 +1,7 @@
[DEFAULT]
debian-tag = debian/%(version)s
pristine-tar = True
-debian-branch = debian/sid
+debian-branch = debian/bookworm
[buildpackage]
upstream-tag = v%(version)s
diff -Nru argon2-0~20171227/debian/libargon2-1-udeb.install argon2-0~20171227/debian/libargon2-1-udeb.install
--- argon2-0~20171227/debian/libargon2-1-udeb.install 1970-01-01 01:00:00.000000000 +0100
+++ argon2-0~20171227/debian/libargon2-1-udeb.install 2023-04-21 21:29:33.000000000 +0200
@@ -0,0 +1,2 @@
+#!/usr/bin/dh-exec
+libargon2.so.1 => usr/lib/${DEB_HOST_MULTIARCH}/${SONAME}
diff -Nru argon2-0~20171227/debian/rules argon2-0~20171227/debian/rules
--- argon2-0~20171227/debian/rules 2022-02-13 10:41:34.000000000 +0100
+++ argon2-0~20171227/debian/rules 2023-04-21 21:29:33.000000000 +0200
@@ -16,26 +16,15 @@
export SOVER=1
export DEBPREFIX=0~
export UPSTREAMVER=$(subst $(DEBPREFIX),,$(DEB_VERSION_UPSTREAM))
-export UDEBLIB=$(SONAME).udeb
%:
dh $@
-override_dh_auto_build:
- dh_auto_build -- NO_THREADS=1
- mv $(SONAME) $(UDEBLIB)
- dh_auto_build
-
override_dh_install:
dh_install
sed -i '/^## /d' debian/${PKG}-dev/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig/libargon2.pc
sed -i s/@HOST_MULTIARCH@/$(DEB_HOST_MULTIARCH)/ debian/${PKG}-dev/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig/libargon2.pc
sed -i s/@UPSTREAM_VER@/$(UPSTREAMVER)/ debian/${PKG}-dev/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig/libargon2.pc
- install -D $(UDEBLIB) debian/$(SOPKG)-udeb/usr/lib/$(DEB_HOST_MULTIARCH)/$(SONAME)
-
-override_dh_auto_clean:
- dh_auto_clean
- -rm $(UDEBLIB)
override_dh_auto_test:
-$(MAKE) -j1 test
Attachment:
signature.asc
Description: PGP signature