From a33dca52979052c574bb505c211b89a8f490665e Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@windriver.com>
Date: Fri, 19 Aug 2022 10:00:57 -0400
Subject: cryptsetup: upgrade 2.3.2 -> 2.3.7

Stable security bug-fix release that fixes CVE-2021-4122.

ReleaseNotes:
https://kernel.org/pub/linux/utils/cryptsetup/v2.3/v2.3.7-ReleaseNotes

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 5dca16b451abf80b1bfacfc533daf447ff4dad7c)
This is just the rename and SRC_URI hash updates made to apply
to dunfell.
Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
---
 .../recipes-crypto/cryptsetup/cryptsetup_2.3.2.bb  | 92 ----------------------
 .../recipes-crypto/cryptsetup/cryptsetup_2.3.7.bb  | 92 ++++++++++++++++++++++
 2 files changed, 92 insertions(+), 92 deletions(-)
 delete mode 100644 meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.3.2.bb
 create mode 100644 meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.3.7.bb

diff --git a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.3.2.bb b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.3.2.bb
deleted file mode 100644
index 3c1c8b0beb..0000000000
--- a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.3.2.bb
+++ /dev/null
@@ -1,92 +0,0 @@
-SUMMARY = "Manage plain dm-crypt and LUKS encrypted volumes"
-DESCRIPTION = "Cryptsetup is used to conveniently setup dm-crypt managed \
-device-mapper mappings. These include plain dm-crypt volumes and \
-LUKS volumes. The difference is that LUKS uses a metadata header \
-and can hence offer more features than plain dm-crypt. On the other \
-hand, the header is visible and vulnerable to damage."
-HOMEPAGE = "https://gitlab.com/cryptsetup/cryptsetup"
-SECTION = "console"
-LICENSE = "GPL-2.0-with-OpenSSL-exception"
-LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326"
-
-DEPENDS = " \
-    json-c \
-    libdevmapper \
-    popt \
-    util-linux \
-"
-
-RDEPENDS_${PN} = " \
-    libdevmapper \
-"
-
-SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz"
-SRC_URI[md5sum] = "6e4ffb6d35a73f7539a5d0c1354654cd"
-SRC_URI[sha256sum] = "a89e13dff0798fd0280e801d5f0cc8cfdb2aa5b1929bec1b7322e13d3eca95fb"
-
-inherit autotools gettext pkgconfig
-
-# Use openssl because libgcrypt drops root privileges
-# if libgcrypt is linked with libcap support
-PACKAGECONFIG ??= " \
-    keyring \
-    cryptsetup \
-    veritysetup \
-    cryptsetup-reencrypt \
-    integritysetup \
-    ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \
-    kernel_crypto \
-    internal-argon2 \
-    blkid \
-    luks-adjust-xts-keysize \
-    openssl \
-"
-PACKAGECONFIG_append_class-target = " \
-    udev \
-"
-
-PACKAGECONFIG[keyring] = "--enable-keyring,--disable-keyring"
-PACKAGECONFIG[fips] = "--enable-fips,--disable-fips"
-PACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-pwquality,libpwquality"
-PACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-passwdqc,passwdqc"
-PACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-cryptsetup"
-PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-veritysetup"
-PACKAGECONFIG[cryptsetup-reencrypt] = "--enable-cryptsetup-reencrypt,--disable-cryptsetup-reencrypt"
-PACKAGECONFIG[integritysetup] = "--enable-integritysetup,--disable-integritysetup"
-PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux"
-PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,udev lvm2-udevrules"
-PACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--disable-kernel_crypto"
-# gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the flag isn't
-# recognized.
-PACKAGECONFIG[gcrypt-pbkdf2] = "--enable-gcrypt-pbkdf2"
-PACKAGECONFIG[internal-argon2] = "--enable-internal-argon2,--disable-internal-argon2"
-PACKAGECONFIG[internal-sse-argon2] = "--enable-internal-sse-argon2,--disable-internal-sse-argon2"
-PACKAGECONFIG[blkid] = "--enable-blkid,--disable-blkid,util-linux"
-PACKAGECONFIG[dev-random] = "--enable-dev-random,--disable-dev-random"
-PACKAGECONFIG[luks-adjust-xts-keysize] = "--enable-luks-adjust-xts-keysize,--disable-luks-adjust-xts-keysize"
-PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl"
-PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt"
-PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss"
-PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel"
-PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle"
-PACKAGECONFIG[luks2] = "--with-default-luks-format=LUKS2,--with-default-luks-format=LUKS1"
-
-RRECOMMENDS_${PN} = "kernel-module-aes-generic \
-                     kernel-module-dm-crypt \
-                     kernel-module-md5 \
-                     kernel-module-cbc \
-                     kernel-module-sha256-generic \
-                     kernel-module-xts \
-"
-
-EXTRA_OECONF = "--enable-static"
-# Building without largefile is not supported by upstream
-EXTRA_OECONF += "--enable-largefile"
-# Requires a static popt library
-EXTRA_OECONF += "--disable-static-cryptsetup"
-# There's no recipe for libargon2 yet
-EXTRA_OECONF += "--disable-libargon2"
-
-FILES_${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}"
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.3.7.bb b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.3.7.bb
new file mode 100644
index 0000000000..d303f27ebb
--- /dev/null
+++ b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.3.7.bb
@@ -0,0 +1,92 @@
+SUMMARY = "Manage plain dm-crypt and LUKS encrypted volumes"
+DESCRIPTION = "Cryptsetup is used to conveniently setup dm-crypt managed \
+device-mapper mappings. These include plain dm-crypt volumes and \
+LUKS volumes. The difference is that LUKS uses a metadata header \
+and can hence offer more features than plain dm-crypt. On the other \
+hand, the header is visible and vulnerable to damage."
+HOMEPAGE = "https://gitlab.com/cryptsetup/cryptsetup"
+SECTION = "console"
+LICENSE = "GPL-2.0-with-OpenSSL-exception"
+LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326"
+
+DEPENDS = " \
+    json-c \
+    libdevmapper \
+    popt \
+    util-linux \
+"
+
+RDEPENDS_${PN} = " \
+    libdevmapper \
+"
+
+SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz"
+SRC_URI[md5sum] = "9c5952cebb836ee783b0b76c5380a964"
+SRC_URI[sha256sum] = "61835132a5986217af17b8943013aa3fe6d47bdc1a07386343526765e2ce27a9"
+
+inherit autotools gettext pkgconfig
+
+# Use openssl because libgcrypt drops root privileges
+# if libgcrypt is linked with libcap support
+PACKAGECONFIG ??= " \
+    keyring \
+    cryptsetup \
+    veritysetup \
+    cryptsetup-reencrypt \
+    integritysetup \
+    ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \
+    kernel_crypto \
+    internal-argon2 \
+    blkid \
+    luks-adjust-xts-keysize \
+    openssl \
+"
+PACKAGECONFIG_append_class-target = " \
+    udev \
+"
+
+PACKAGECONFIG[keyring] = "--enable-keyring,--disable-keyring"
+PACKAGECONFIG[fips] = "--enable-fips,--disable-fips"
+PACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-pwquality,libpwquality"
+PACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-passwdqc,passwdqc"
+PACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-cryptsetup"
+PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-veritysetup"
+PACKAGECONFIG[cryptsetup-reencrypt] = "--enable-cryptsetup-reencrypt,--disable-cryptsetup-reencrypt"
+PACKAGECONFIG[integritysetup] = "--enable-integritysetup,--disable-integritysetup"
+PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux"
+PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,udev lvm2-udevrules"
+PACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--disable-kernel_crypto"
+# gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the flag isn't
+# recognized.
+PACKAGECONFIG[gcrypt-pbkdf2] = "--enable-gcrypt-pbkdf2"
+PACKAGECONFIG[internal-argon2] = "--enable-internal-argon2,--disable-internal-argon2"
+PACKAGECONFIG[internal-sse-argon2] = "--enable-internal-sse-argon2,--disable-internal-sse-argon2"
+PACKAGECONFIG[blkid] = "--enable-blkid,--disable-blkid,util-linux"
+PACKAGECONFIG[dev-random] = "--enable-dev-random,--disable-dev-random"
+PACKAGECONFIG[luks-adjust-xts-keysize] = "--enable-luks-adjust-xts-keysize,--disable-luks-adjust-xts-keysize"
+PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl"
+PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt"
+PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss"
+PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel"
+PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle"
+PACKAGECONFIG[luks2] = "--with-default-luks-format=LUKS2,--with-default-luks-format=LUKS1"
+
+RRECOMMENDS_${PN} = "kernel-module-aes-generic \
+                     kernel-module-dm-crypt \
+                     kernel-module-md5 \
+                     kernel-module-cbc \
+                     kernel-module-sha256-generic \
+                     kernel-module-xts \
+"
+
+EXTRA_OECONF = "--enable-static"
+# Building without largefile is not supported by upstream
+EXTRA_OECONF += "--enable-largefile"
+# Requires a static popt library
+EXTRA_OECONF += "--disable-static-cryptsetup"
+# There's no recipe for libargon2 yet
+EXTRA_OECONF += "--disable-libargon2"
+
+FILES_${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}"
+
+BBCLASSEXTEND = "native nativesdk"
-- 
cgit 1.2.3-korg