disk encryption support - startup scripts
Other versions of "cryptsetup" in Focal
Packages in group
Deleted packages are displayed in grey.
cryptsetup (2:2.2.2-3ubuntu2.3) focal; urgency=medium
* Introduce retry logic for external invocations after mdadm (LP: #1879980)
- Currently, if an encrypted rootfs is configured on top of a MD RAID1
array and such array gets degraded (e.g., a member is removed/failed)
the cryptsetup scripts cannot mount the rootfs, and the boot fails.
We fix that issue here by allowing the cryptroot script to be re-run
by initramfs-tools/local-block stage, as mdadm can activate degraded
arrays at that stage.
There is an initramfs-tools counter-part for this fix, but alone the
cryptsetup portion is harmless.
- d/cryptsetup-initramfs.install: ship the new local-bottom script.
- d/functions: declare variables for local-top|block|bottom scripts
(flag that local-block is running and external invocation counter.)
- d/i/s/local-block/cryptroot: set flag that local-block is running.
- d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
- d/i/s/local-top/cryptroot: change the logic from just waiting 180
seconds to waiting 5 seconds first, then allowing initramfs-tools
to run mdadm (to activate degraded arrays) and call back at least
30 times/seconds more.
-- <email address hidden> (Guilherme G. Piccoli) Wed, 16 Sep 2020 17:40:05 -0300
|Source diff to previous version|
cryptsetup (2:2.2.2-3ubuntu2.2) focal-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds write
- debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of
heap space in lib/luks2/luks2_json_metadata.c.
Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473)
tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
- Thanks Guilherme G. Piccoli.
-- <email address hidden> (Leonidas S. Barbosa) Thu, 10 Sep 2020 08:47:50 -0300
Send Feedback to @ubuntu_updates