[Pkg-loop-aes-commits] r1394 - in /trunk/loop-aes-utils: ./
debian/changelog debian/patches/00list
debian/patches/20guesshelper.dpatch debian/patches/20loop-AES.dpatch
debian/patches/30nfs4.dpatch debian/patches/40page_size.dpatch
xam at users.alioth.debian.org
xam at users.alioth.debian.org
Sun Apr 22 17:26:49 UTC 2007
Author: xam
Date: Sun Apr 22 17:26:49 2007
New Revision: 1394
URL: http://svn.debian.org/wsvn/pkg-loop-aes/?sc=1&rev=1394
Log:
* UNRELEASED
* Update loop-AES patch to v3.1f
- patches/20loop-AES: Update
- patches/40pagesize: Drop, included upstream
Removed:
trunk/loop-aes-utils/debian/patches/40page_size.dpatch
Modified:
trunk/loop-aes-utils/ (props changed)
trunk/loop-aes-utils/debian/changelog
trunk/loop-aes-utils/debian/patches/00list
trunk/loop-aes-utils/debian/patches/20guesshelper.dpatch
trunk/loop-aes-utils/debian/patches/20loop-AES.dpatch
trunk/loop-aes-utils/debian/patches/30nfs4.dpatch
Propchange: trunk/loop-aes-utils/
------------------------------------------------------------------------------
--- svk:merge (original)
+++ svk:merge Sun Apr 22 17:26:49 2007
@@ -1,1 +1,1 @@
-02a4734a-7125-4a10-a2dd-ccf7f6155d04:/local/pkg-loop-aes/trunk/loop-aes-utils:9892
+02a4734a-7125-4a10-a2dd-ccf7f6155d04:/local/pkg-loop-aes/trunk/loop-aes-utils:9895
Modified: trunk/loop-aes-utils/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-loop-aes/trunk/loop-aes-utils/debian/changelog?rev=1394&op=diff
==============================================================================
--- trunk/loop-aes-utils/debian/changelog (original)
+++ trunk/loop-aes-utils/debian/changelog Sun Apr 22 17:26:49 2007
@@ -1,3 +1,12 @@
+loop-aes-utils (2.12r-17) unstable; urgency=low
+
+ * UNRELEASED
+ * Update loop-AES patch to v3.1f
+ - patches/20loop-AES: Update
+ - patches/40pagesize: Drop, included upstream
+
+ -- Max Vozeler <xam at debian.org> Sun, 22 Apr 2007 18:20:44 +0200
+
loop-aes-utils (2.12r-16) unstable; urgency=low
* Sync with util-linux 2.12r-19
Modified: trunk/loop-aes-utils/debian/patches/00list
URL: http://svn.debian.org/wsvn/pkg-loop-aes/trunk/loop-aes-utils/debian/patches/00list?rev=1394&op=diff
==============================================================================
--- trunk/loop-aes-utils/debian/patches/00list (original)
+++ trunk/loop-aes-utils/debian/patches/00list Sun Apr 22 17:26:49 2007
@@ -9,4 +9,3 @@
30nfs4-intr-default
30nfs4-setclientid
30swsusp-resume
-40page_size
Modified: trunk/loop-aes-utils/debian/patches/20guesshelper.dpatch
URL: http://svn.debian.org/wsvn/pkg-loop-aes/trunk/loop-aes-utils/debian/patches/20guesshelper.dpatch?rev=1394&op=diff
==============================================================================
--- trunk/loop-aes-utils/debian/patches/20guesshelper.dpatch (original)
+++ trunk/loop-aes-utils/debian/patches/20guesshelper.dpatch Sun Apr 22 17:26:49 2007
@@ -9,9 +9,9 @@
@DPATCH@
diff -urNad trunk~/mount/mount.c trunk/mount/mount.c
---- trunk~/mount/mount.c 2007-04-22 17:58:59.000000000 +0200
-+++ trunk/mount/mount.c 2007-04-22 17:59:00.000000000 +0200
-@@ -465,6 +465,61 @@
+--- trunk~/mount/mount.c 2007-04-22 18:19:55.000000000 +0200
++++ trunk/mount/mount.c 2007-04-22 18:19:56.000000000 +0200
+@@ -466,6 +466,61 @@
}
/*
@@ -73,7 +73,7 @@
* guess_fstype_and_mount()
* Mount a single file system. Guess the type when unknown.
* returns: 0: OK, -1: error in errno, 1: other error
-@@ -473,9 +528,11 @@
+@@ -474,9 +529,11 @@
*/
static int
guess_fstype_and_mount(const char *spec, const char *node, const char **types,
@@ -87,7 +87,7 @@
if (*types && strcasecmp (*types, "auto") == 0)
*types = NULL;
-@@ -484,10 +541,16 @@
+@@ -485,10 +542,16 @@
if (!*types && !(flags & MS_REMOUNT)) {
*types = guess_fstype(spec);
@@ -108,7 +108,7 @@
}
}
-@@ -711,61 +774,6 @@
+@@ -712,61 +775,6 @@
}
/*
@@ -170,7 +170,7 @@
* try_mount_one()
* Try to mount one file system. When "bg" is 1, this is a retry
* in the background. One additional exit code EX_BG is used here.
-@@ -777,7 +785,7 @@
+@@ -778,7 +786,7 @@
static int
try_mount_one (const char *spec0, const char *node0, const char *types0,
const char *opts0, int freq, int pass, int bg, int ro) {
@@ -179,7 +179,7 @@
int mnt5_res = 0; /* only for gcc */
int mnt_err;
int flags;
-@@ -856,7 +864,7 @@
+@@ -857,7 +865,7 @@
if (!fake) {
mnt5_res = guess_fstype_and_mount (spec, node, &types, flags & ~MS_NOSYS,
@@ -188,7 +188,7 @@
if(!mnt5_res && LoopMountAutomaticChmod && (getuid() == 0)) {
/*
* If loop was set up using random keys and new file system
-@@ -867,6 +875,11 @@
+@@ -868,6 +876,11 @@
error (_("Error: encrypted file system chmod() failed"));
}
}
Modified: trunk/loop-aes-utils/debian/patches/20loop-AES.dpatch
URL: http://svn.debian.org/wsvn/pkg-loop-aes/trunk/loop-aes-utils/debian/patches/20loop-AES.dpatch?rev=1394&op=diff
==============================================================================
--- trunk/loop-aes-utils/debian/patches/20loop-AES.dpatch (original)
+++ trunk/loop-aes-utils/debian/patches/20loop-AES.dpatch Sun Apr 22 17:26:49 2007
@@ -473,7 +473,7 @@
+#endif // _AES_H
diff -urN util-linux-2.12r/mount/lomount.c util-linux-2.12r-AES/mount/lomount.c
--- util-linux-2.12r/mount/lomount.c 2004-12-21 00:11:04.000000000 +0200
-+++ util-linux-2.12r-AES/mount/lomount.c 2006-04-09 09:45:15.000000000 +0300
++++ util-linux-2.12r-AES/mount/lomount.c 2007-02-17 09:58:11.000000000 +0200
@@ -1,4 +1,15 @@
-/* Originally from Ted's losetup.c */
+/* Taken from Ted's losetup.c - Mitch <m.dsouza at mrc-apu.cam.ac.uk> */
@@ -491,7 +491,7 @@
#define LOOPMAJOR 7
-@@ -13,60 +24,79 @@
+@@ -13,60 +24,81 @@
#include <errno.h>
#include <stdlib.h>
#include <unistd.h>
@@ -508,6 +508,7 @@
+#include <locale.h>
+#include <sys/time.h>
+#include <sys/utsname.h>
++#include <signal.h>
#include "loop.h"
#include "lomount.h"
@@ -571,6 +572,7 @@
+char *loInitValue = (char *)0;
+char *gpgKeyFile = (char *)0;
+char *gpgHomeDir = (char *)0;
++char *clearTextKeyFile = (char *)0;
+char *loopOffsetBytes = (char *)0;
+char *loopSizeBytes = (char *)0;
+char *loopEncryptionType = (char *)0;
@@ -605,7 +607,7 @@
if ((fd = open(device, O_RDONLY)) < 0) {
int errsv = errno;
-@@ -74,73 +104,64 @@
+@@ -74,73 +106,64 @@
device, strerror (errsv));
return 2;
}
@@ -728,7 +730,7 @@
char *
find_unused_loop_device (void) {
/* Just creating a device, say in /tmp, is probably a bad idea -
-@@ -148,9 +169,8 @@
+@@ -148,9 +171,8 @@
So, we just try /dev/loop[0-7]. */
char dev[20];
char *loop_formats[] = { "/dev/loop%d", "/dev/loop/%d" };
@@ -739,7 +741,7 @@
for (j = 0; j < SIZE(loop_formats); j++) {
for(i = 0; i < 256; i++) {
-@@ -159,16 +179,14 @@
+@@ -159,16 +181,14 @@
somedev++;
fd = open (dev, O_RDONLY);
if (fd >= 0) {
@@ -758,7 +760,7 @@
continue;/* continue trying as long as devices exist */
}
break;
-@@ -176,75 +194,609 @@
+@@ -176,75 +196,626 @@
}
if (!somedev)
@@ -923,6 +925,7 @@
+ char str[10], *a[16], *e[2], *h;
+ pid_t gpid;
+ struct passwd *p;
++ void *oldSigPipeHandler;
+
+ if((getuid() == 0) && gpgHomeDir && gpgHomeDir[0]) {
+ h = gpgHomeDir;
@@ -1070,8 +1073,13 @@
+ }
+
+ x = strlen(pass);
++
++ /* ignore possible SIGPIPE signal while writing to gpg */
++ oldSigPipeHandler = signal(SIGPIPE, SIG_IGN);
+ rd_wr_retry(pfdi[1], pass, x, 1);
+ rd_wr_retry(pfdi[1], "\n", 1, 1);
++ if(oldSigPipeHandler != SIG_ERR) signal(SIGPIPE, oldSigPipeHandler);
++
+ close(pfdi[1]);
+ memset(pass, 0, x);
+ x = 0;
@@ -1084,7 +1092,7 @@
+ }
+ if(strlen(multiKeyPass[x]) < LOOP_PASSWORD_MIN_LENGTH) break;
+ x++;
- }
++ }
+ warnAboutBadKeyData(x);
+ if(x >= 65)
+ multiKeyMode = 65;
@@ -1095,23 +1103,29 @@
+ if(!multiKeyPass[0]) goto nomem1;
+ return multiKeyPass[0];
+}
-
-- if (pass == NULL)
-- return "";
++
+static char *sGetPass(int minLen, int warnLen)
+{
+ char *p, *s, *seed;
-+ int i, ask2;
-
-- pass[i] = 0;
-- return pass;
++ int i, ask2, close_i_fd = 0;
++
+ if(!passFDnumber) {
++ if(clearTextKeyFile) {
++ if((i = open(clearTextKeyFile, O_RDONLY)) == -1) {
++ fprintf(stderr, _("Error: unable to open %s for reading\n"), clearTextKeyFile);
++ return NULL;
++ }
++ close_i_fd = 1;
++ goto contReadFrom_i;
++ }
+ p = getpass(_("Password: "));
+ ask2 = passAskTwice ? 1 : 0;
+ } else {
+ i = atoi(passFDnumber);
++ contReadFrom_i:
+ if(gpgKeyFile && gpgKeyFile[0]) {
+ p = get_FD_pass(i);
++ if(close_i_fd) close(i);
+ } else {
+ int x = 0;
+ while(x < 66) {
@@ -1120,6 +1134,7 @@
+ if(strlen(multiKeyPass[x]) < LOOP_PASSWORD_MIN_LENGTH) break;
+ x++;
+ }
++ if(close_i_fd) close(i);
+ warnAboutBadKeyData(x);
+ if(x >= 65) {
+ multiKeyMode = 65;
@@ -1167,7 +1182,7 @@
+ nomem:
+ fprintf(stderr, _("Error: Unable to allocate memory\n"));
+ return(NULL);
-+ }
+ }
+ strcpy(s, p);
+ memset(p, 0, i);
+ if(ask2) {
@@ -1185,20 +1200,18 @@
+ }
+ strcat(s, seed);
+ return(s);
- }
-
--static int
--digits_only(const char *s) {
-- while (*s)
-- if (!isdigit(*s++))
-- return 0;
-- return 1;
++}
+
+- if (pass == NULL)
+- return "";
+/* this is for compatibility with historic loop-AES version */
+static void unhashed1_key_setup(unsigned char *keyStr, int ile, unsigned char *keyBuf, int bufSize)
+{
+ register int x, y, z, cnt = ile;
+ unsigned char *kp;
-+
+
+- pass[i] = 0;
+- return pass;
+ memset(keyBuf, 0, bufSize);
+ kp = keyStr;
+ for(x = 0; x < (bufSize * 8); x += 6) {
@@ -1221,16 +1234,22 @@
+ keyBuf[z] |= y >> (8 - (x & 7));
+ }
+ }
-+}
-+
+ }
+
+-static int
+-digits_only(const char *s) {
+- while (*s)
+- if (!isdigit(*s++))
+- return 0;
+- return 1;
+/* this is for compatibility with mainline mount */
+static void unhashed2_key_setup(unsigned char *keyStr, int ile, unsigned char *keyBuf, int bufSize)
+{
+ memset(keyBuf, 0, bufSize);
+ strncpy((char *)keyBuf, (char *)keyStr, bufSize - 1);
+ keyBuf[bufSize - 1] = 0;
- }
-
++}
++
+static void rmd160HashTwiceWithA(unsigned char *ib, int ile, unsigned char *ob, int ole)
+{
+ char tmpBuf[20 + 20];
@@ -1258,8 +1277,8 @@
+ } else {
+ return llseek(fd, offset, whence);
+ }
-+}
-+
+ }
+
+static int loop_create_random_keys(char *partition, long long offset, long long sizelimit, int loopro, unsigned char *k)
+{
+ int x, y, fd;
@@ -1421,7 +1440,7 @@
mode = (*loopro ? O_RDONLY : O_RDWR);
if ((ffd = open(file, mode)) < 0) {
if (!*loopro && errno == EROFS)
-@@ -256,32 +808,25 @@
+@@ -256,32 +827,25 @@
}
if ((fd = open(device, mode)) < 0) {
perror (device);
@@ -1443,6 +1462,8 @@
- "%s", encryption);
- }
- }
+-
+- loopinfo64.lo_offset = offset;
+ memset (&loopinfo, 0, sizeof (loopinfo));
+ xstrncpy ((char *)loopinfo.lo_file_name, file, LO_NAME_SIZE);
+ if (loopEncryptionType)
@@ -1452,8 +1473,6 @@
+ if (loopSizeBytes)
+ loopinfo.lo_sizelimit = mystrtoull(loopSizeBytes, 0);
-- loopinfo64.lo_offset = offset;
--
-#ifdef MCL_FUTURE
+#ifdef MCL_FUTURE
/*
@@ -1465,7 +1484,7 @@
if(mlockall(MCL_CURRENT | MCL_FUTURE)) {
perror("memlock");
fprintf(stderr, _("Couldn't lock into memory, exiting.\n"));
-@@ -289,126 +834,223 @@
+@@ -289,126 +853,224 @@
}
#endif
@@ -1624,12 +1643,12 @@
return 1;
}
- close (ffd);
--
+
- i = ioctl(fd, LOOP_SET_STATUS64, &loopinfo64);
- if (i) {
- struct loop_info loopinfo;
- int errsv = errno;
-
+-
- i = loop_info64_to_old(&loopinfo64, &loopinfo);
- if (i) {
- errno = errsv;
@@ -1773,12 +1792,13 @@
+ %s -d loop_device # delete\n\
+ %s -R loop_device # resize\n\
+options: -e encryption -o offset -s sizelimit -p passwdfd -T -S pseed\n\
-+ -H phash -I loinit -K gpgkey -G gpghome -C itercountk -v -r\n"),
++ -H phash -I loinit -K gpgkey -G gpghome -C itercountk -v -r\n\
++ -P cleartextkey\n"),
+ progname, progname, progname, progname, progname, progname);
exit(1);
}
-@@ -439,107 +1081,247 @@
+@@ -439,107 +1101,252 @@
fprintf (stderr, "\n");
}
@@ -1831,6 +1851,7 @@
+ { "loinit=", &loInitValue },
+ { "gpgkey=", &gpgKeyFile },
+ { "gpghome=", &gpgHomeDir },
++ { "cleartextkey=", &clearTextKeyFile },
+ { "itercountk=", &passIterThousands },
+ };
+ struct options *p;
@@ -1959,13 +1980,13 @@
+ case 'F': /* read loop related options from /etc/fstab */
+ option_F = 1;
+ setup_o = 1;
++ break;
++ case 'G': /* GnuPG home dir */
++ gpgHomeDir = optarg;
++ setup_o = 1;
break;
- case 'f':
- find = 1;
-+ case 'G': /* GnuPG home dir */
-+ gpgHomeDir = optarg;
-+ setup_o = 1;
-+ break;
+ case 'H': /* passphrase hash function name */
+ passHashFuncName = optarg;
+ setup_o = 1;
@@ -1985,6 +2006,10 @@
+ break;
+ case 'p': /* read passphrase from given fd */
+ passFDnumber = optarg;
++ setup_o = 1;
++ break;
++ case 'P': /* read passphrase from given file */
++ clearTextKeyFile = optarg;
+ setup_o = 1;
+ break;
+ case 'r': /* read-only */
@@ -2099,8 +2124,8 @@
#endif
diff -urN util-linux-2.12r/mount/lomount.h util-linux-2.12r-AES/mount/lomount.h
--- util-linux-2.12r/mount/lomount.h 2004-07-11 20:23:46.000000000 +0300
-+++ util-linux-2.12r-AES/mount/lomount.h 2006-04-09 09:45:15.000000000 +0300
-@@ -1,6 +1,18 @@
++++ util-linux-2.12r-AES/mount/lomount.h 2007-02-17 09:58:11.000000000 +0200
+@@ -1,6 +1,19 @@
extern int verbose;
-extern int set_loop(const char *, const char *, unsigned long long,
- const char *, int, int *);
@@ -2118,6 +2143,7 @@
+extern char *loInitValue;
+extern char *gpgKeyFile;
+extern char *gpgHomeDir;
++extern char *clearTextKeyFile;
+extern char *loopOffsetBytes;
+extern char *loopSizeBytes;
+extern char *loopEncryptionType;
@@ -2461,10 +2487,10 @@
+#endif
diff -urN util-linux-2.12r/mount/losetup.8 util-linux-2.12r-AES/mount/losetup.8
--- util-linux-2.12r/mount/losetup.8 2004-12-05 03:35:54.000000000 +0200
-+++ util-linux-2.12r-AES/mount/losetup.8 2005-09-24 14:48:53.000000000 +0300
++++ util-linux-2.12r-AES/mount/losetup.8 2007-02-17 09:58:11.000000000 +0200
@@ -1,42 +1,29 @@
-.TH LOSETUP 8 "2003-07-01" "Linux" "MAINTENANCE COMMANDS"
-+.TH LOSETUP 8 "2005-09-17" "Linux" "MAINTENANCE COMMANDS"
++.TH LOSETUP 8 "2007-02-17" "Linux" "MAINTENANCE COMMANDS"
.SH NAME
losetup \- set up and control loop devices
.SH SYNOPSIS
@@ -2524,7 +2550,7 @@
.ad b
.SH DESCRIPTION
.B losetup
-@@ -44,45 +31,113 @@
+@@ -44,45 +31,135 @@
to detach loop devices and to query the status of a loop device. If only the
\fIloop_device\fP argument is given, the status of the corresponding loop
device is shown.
@@ -2554,9 +2580,9 @@
+.IP \fB\-a\fP
+Show status of all loop devices.
+.IP "\fB\-C \fIitercountk\fP"
-+Runs hashed password through \fIitercountk\fP thousand iterations of AES-256
++Runs hashed passphrase through \fIitercountk\fP thousand iterations of AES-256
+before using it for loop encryption. This consumes lots of CPU cycles at
-+loop setup/mount time but not thereafter. In combination with password seed
++loop setup/mount time but not thereafter. In combination with passphrase seed
+this slows down dictionary attacks. Iteration is not done in multi-key mode.
+.IP "\fB\-d\fP"
Detach the file or device associated with the specified loop device.
@@ -2577,11 +2603,11 @@
+.IP \fBXOR\fP
+Use a simple XOR encryption.
+.IP "\fBAES128 AES\fP"
-+Use 128 bit AES encryption. Password is hashed with SHA-256 by default.
++Use 128 bit AES encryption. Passphrase is hashed with SHA-256 by default.
+.IP \fBAES192\fP
-+Use 192 bit AES encryption. Password is hashed with SHA-384 by default.
++Use 192 bit AES encryption. Passphrase is hashed with SHA-384 by default.
+.IP \fBAES256\fP
-+Use 256 bit AES encryption. Password is hashed with SHA-512 by default.
++Use 256 bit AES encryption. Passphrase is hashed with SHA-512 by default.
+
+.IP "\fBtwofish128 twofish160 twofish192 twofish256\fP"
+.IP "\fBblowfish128 blowfish160 blowfish192 blowfish256\fP"
@@ -2594,9 +2620,9 @@
+.IP "\fB\-F\fP"
+Reads and uses mount options from /etc/fstab that match specified loop
+device, including offset= sizelimit= encryption= pseed= phash= loinit=
-+gpgkey= gpghome= itercountk= and looped to device/file name. loop= option in
-+/etc/fstab must match specified loop device name. Command line options take
-+precedence in case of conflict.
++gpgkey= gpghome= cleartextkey= itercountk= and looped to device/file name.
++loop= option in /etc/fstab must match specified loop device name. Command
++line options take precedence in case of conflict.
+.IP "\fB\-G \fIgpghome\fP"
+Set gpg home directory to \fIgpghome\fP, so that gpg uses public/private
+keys on \fIgpghome\fP directory. This is only used when gpgkey file needs to
@@ -2604,11 +2630,11 @@
+symmetric cipher only, public/private keys are not required and this option
+has no effect.
+.IP "\fB\-H \fIphash\fP"
-+Uses \fIphash\fP function to hash password. Available hash functions are
++Uses \fIphash\fP function to hash passphrase. Available hash functions are
+sha256, sha384, sha512 and rmd160. unhashed1, unhashed2 and unhashed3
+functions also exist for compatibility with some obsolete implementations.
+
-+Hash function random does not ask for password but sets up random keys and
++Hash function random does not ask for passphrase but sets up random keys and
+attempts to put loop to multi-key mode. When random/1777 hash type is used
+as mount option for mount program, mount program will create new file system
+on the loop device and construct initial permissions of file system root
@@ -2621,7 +2647,7 @@
+function. Cipher transfer functions are free to interpret value as they
+want.
+.IP "\fB\-K \fIgpgkey\fP"
-+Password is piped to gpg so that gpg can decrypt file \fIgpgkey\fP which
++Passphrase is piped to gpg so that gpg can decrypt file \fIgpgkey\fP which
+contains the real keys that are used to encrypt loop device. If decryption
+requires public/private keys and gpghome is not specified, all users use
+their own gpg public/private keys to decrypt \fIgpgkey\fP. Decrypted
@@ -2649,6 +2675,28 @@
+keys, then loop device is put to multi-key mode. If losetup encounters
+end-of-file before 64 keys are read, then only first key is used in
+single-key mode.
++
++echo SecretPassphraseHere | losetup -p0 -K foo.gpg -e AES128 ...
++
++In above example, losetup reads passphrase from file descriptor 0 (stdin).
++.IP "\fB\-P \fIcleartextkey\fP"
++Read the passphrase from file \fIcleartextkey\fP instead of the
++terminal. If -K option is not being used (no gpg key file), then losetup
++attempts to read 65 keys from \fIcleartextkey\fP, each key at least 20
++characters and separated by newline. If losetup successfully reads 64 or 65
++keys, then loop device is put to multi-key mode. If losetup encounters
++end-of-file before 64 keys are read, then only first key is used in
++single-key mode. If both -p and -P options are used, then -p option takes
++precedence. These are equivalent:
++
++losetup -p3 -K foo.gpg -e AES128 ... 3<someFileName
++
++losetup -P someFileName -K foo.gpg -e AES128 ...
++
++In first line of above example, in addition to normal open file descriptors
++(0==stdin 1==stdout 2==stderr), shell opens the file and passes open file
++descriptor to started losetup program. In second line of above example,
++losetup opens the file itself.
+.IP "\fB\-r\fP"
+Read-only mode.
+.IP "\fB\-R\fP"
@@ -2662,18 +2710,18 @@
+offset). This option may not be supported on some older kernels and/or loop
+drivers.
+.IP "\fB\-S \fIpseed\fP"
-+Sets encryption password seed \fIpseed\fP which is appended to user supplied
-+password before hashing. Using different seeds for different partitions
++Sets encryption passphrase seed \fIpseed\fP which is appended to user supplied
++passphrase before hashing. Using different seeds for different partitions
+makes dictionary attacks slower but does not prevent them if user supplied
-+password is guessable. Seed is not used in multi-key mode.
++passphrase is guessable. Seed is not used in multi-key mode.
+.IP "\fB\-T\fP"
-+Asks password twice.
++Asks passphrase twice.
+.IP "\fB\-v\fP"
+Verbose mode.
.SH RETURN VALUE
.B losetup
returns 0 on success, nonzero on failure. When
-@@ -94,43 +149,26 @@
+@@ -94,43 +171,26 @@
.SH FILES
.nf
@@ -2799,7 +2847,7 @@
+}
diff -urN util-linux-2.12r/mount/mount.8 util-linux-2.12r-AES/mount/mount.8
--- util-linux-2.12r/mount/mount.8 2004-12-20 00:30:14.000000000 +0200
-+++ util-linux-2.12r-AES/mount/mount.8 2005-09-24 14:48:53.000000000 +0300
++++ util-linux-2.12r-AES/mount/mount.8 2007-02-17 09:58:11.000000000 +0200
@@ -281,6 +281,16 @@
.B \-v
Verbose mode.
@@ -2830,14 +2878,14 @@
.B \-s
Tolerate sloppy mount options rather than failing. This will ignore
mount options not supported by a filesystem type. Not all filesystems
-@@ -1841,13 +1845,17 @@
+@@ -1841,13 +1845,19 @@
and then mount this device on
.IR /mnt .
-This type of mount knows about three options, namely
-.BR loop ", " offset " and " encryption ,
-+This type of mount knows about 10 options, namely
-+.BR loop ", " offset ", " sizelimit ", " encryption ", " pseed ", " phash ", " loinit ", " gpgkey ", " gpghome " and " itercountk
++This type of mount knows about 11 options, namely
++.BR loop ", " offset ", " sizelimit ", " encryption ", " pseed ", " phash ", " loinit ", " gpgkey ", " gpghome ", " cleartextkey " and " itercountk
that are really options to
.BR \%losetup (8).
(These options can be used in addition to those specific
@@ -2846,13 +2894,15 @@
+If the mount requires a passphrase, you will be prompted for one unless you
+specify a file descriptor to read from instead with the
+.BR \-p
-+option.
++command line option, or specify a file name with
++.BR cleartextkey
++mount option.
If no explicit loop device is mentioned
(but just an option `\fB\-o loop\fP' is given), then
.B mount
diff -urN util-linux-2.12r/mount/mount.c util-linux-2.12r-AES/mount/mount.c
--- util-linux-2.12r/mount/mount.c 2004-12-22 00:00:36.000000000 +0200
-+++ util-linux-2.12r-AES/mount/mount.c 2006-04-09 09:45:15.000000000 +0300
++++ util-linux-2.12r-AES/mount/mount.c 2007-02-17 09:58:11.000000000 +0200
@@ -11,6 +11,7 @@
#include <string.h>
#include <getopt.h>
@@ -2880,7 +2930,7 @@
*opt_speed, *opt_comment;
static struct string_opt_map {
-@@ -177,8 +175,15 @@
+@@ -177,8 +175,16 @@
} string_opt_map[] = {
{ "loop=", 0, &opt_loopdev },
{ "vfs=", 1, &opt_vfstype },
@@ -2891,6 +2941,7 @@
+ { "loinit=", 0, (const char **)&loInitValue },
+ { "gpgkey=", 0, (const char **)&gpgKeyFile },
+ { "gpghome=", 0, (const char **)&gpgHomeDir },
++ { "cleartextkey=", 0, (const char **)&clearTextKeyFile },
+ { "itercountk=", 1, (const char **)&passIterThousands },
+ { "offset=", 0, (const char **)&loopOffsetBytes },
+ { "sizelimit=", 0, (const char **)&loopSizeBytes },
@@ -2898,7 +2949,7 @@
{ "speed=", 0, &opt_speed },
{ "comment=", 1, &opt_comment },
{ NULL, 0, NULL }
-@@ -580,9 +585,8 @@
+@@ -580,9 +586,8 @@
static int
loop_check(const char **spec, const char **type, int *flags,
@@ -2909,7 +2960,7 @@
/*
* In the case of a loop mount, either type is of the form lo@/dev/loop5
-@@ -607,7 +611,7 @@
+@@ -607,7 +612,7 @@
*type = opt_vfstype;
}
@@ -2918,7 +2969,7 @@
*loopfile = *spec;
if (*loop) {
-@@ -615,6 +619,10 @@
+@@ -615,6 +620,10 @@
if (fake) {
if (verbose)
printf(_("mount: skipping the setup of a loop device\n"));
@@ -2929,7 +2980,7 @@
} else {
int loopro = (*flags & MS_RDONLY);
-@@ -624,9 +632,7 @@
+@@ -624,9 +633,7 @@
return EX_SYSERR; /* no more loop devices */
if (verbose)
printf(_("mount: going to use the loop device %s\n"), *loopdev);
@@ -2940,7 +2991,7 @@
if (verbose)
printf(_("mount: failed setting up loop device\n"));
return EX_FAIL;
-@@ -687,14 +693,6 @@
+@@ -687,14 +694,6 @@
}
static void
@@ -2955,7 +3006,7 @@
cdrom_setspeed(const char *spec) {
#define CDROM_SELECT_SPEED 0x5322 /* Set the CD-ROM speed */
if (opt_speed) {
-@@ -788,6 +786,7 @@
+@@ -788,6 +787,7 @@
const char *opts, *spec, *node, *types;
char *user = 0;
int loop = 0;
@@ -2963,7 +3014,7 @@
const char *loopdev = 0, *loopfile = 0;
struct stat statbuf;
int nfs_mount_version = 0; /* any version */
-@@ -820,7 +819,7 @@
+@@ -820,7 +820,7 @@
* stale assignments of files to loop devices. Nasty when used for
* encryption.
*/
@@ -2972,7 +3023,7 @@
if (res)
goto out;
}
-@@ -855,9 +854,20 @@
+@@ -855,9 +855,20 @@
block_signals (SIG_BLOCK);
@@ -2994,7 +3045,7 @@
if (fake || mnt5_res == 0) {
/* Mount succeeded, report this (if verbose) and write mtab entry. */
-@@ -1530,8 +1540,8 @@
+@@ -1530,8 +1541,8 @@
else
test_opts = xstrdup(optarg);
break;
@@ -4079,7 +4130,7 @@
.B swapon
diff -urN util-linux-2.12r/mount/swapon.c util-linux-2.12r-AES/mount/swapon.c
--- util-linux-2.12r/mount/swapon.c 2004-12-22 11:50:19.000000000 +0200
-+++ util-linux-2.12r-AES/mount/swapon.c 2005-09-24 14:48:54.000000000 +0300
++++ util-linux-2.12r-AES/mount/swapon.c 2006-07-21 20:33:56.000000000 +0300
@@ -1,22 +1,45 @@
/*
* A swapon(8)/swapoff(8) for Linux 0.99.
@@ -4126,13 +4177,14 @@
#define streq(s, t) (strcmp ((s), (t)) == 0)
-@@ -297,6 +320,260 @@
+@@ -297,6 +320,262 @@
}
static int
+prepare_encrypted_swap(const char *partition, char *loop, char *encryption)
+{
+ int x, y, fd, ffd;
++ int page_size;
+ sha512_context s;
+ unsigned char b[4096], multiKeyBits[65][32];
+ char *a[10], *apiName;
@@ -4176,7 +4228,8 @@
+ fprintf(stderr, _("swapon: unable to open swap device %s\n"), partition);
+ goto errout0;
+ }
-+ fseek(f, (long)PAGE_SIZE, SEEK_SET);
++ page_size = getpagesize();
++ fseek(f, (long)page_size, SEEK_SET);
+ sha512_init(&s);
+ for(x = 0; x < 10; x++) {
+ if(fread(&b[0], sizeof(b), 1, f) != 1) break;
@@ -4195,7 +4248,7 @@
+ unsigned char h[64];
+ int x,y,z;
+ } j;
-+ if(fseek(f, (long)PAGE_SIZE, SEEK_SET)) break;
++ if(fseek(f, (long)page_size, SEEK_SET)) break;
+ memcpy(&j.h[0], &s.sha_out[0], 64);
+ gettimeofday(&j.tv, NULL);
+ j.y = y;
@@ -4254,7 +4307,7 @@
+ memset(&multiKeyBits[0][0], 0, sizeof(multiKeyBits));
+ return 0;
+ }
-+ loopinfo.lo_offset = PAGE_SIZE;
++ loopinfo.lo_offset = page_size;
+ /* single-key hash */
+ sha512_hash_buffer(&b[0], 64+32, &loopinfo.lo_encrypt_key[0], sizeof(loopinfo.lo_encrypt_key));
+ /* multi-key hash */
@@ -4387,7 +4440,7 @@
swapon_all(void) {
FILE *fp;
struct mntent *fstab;
-@@ -317,6 +594,8 @@
+@@ -317,6 +596,8 @@
const char *special;
int skip = 0;
int pri = priority;
@@ -4396,7 +4449,7 @@
if (!streq(fstab->mnt_type, MNTTYPE_SWAP))
continue;
-@@ -325,23 +604,39 @@
+@@ -325,23 +606,39 @@
if (!special)
continue;
@@ -4450,7 +4503,7 @@
return status;
}
-@@ -504,11 +799,49 @@
+@@ -504,11 +801,49 @@
exit(2);
}
while ((fstab = getmntent(fp)) != NULL) {
Modified: trunk/loop-aes-utils/debian/patches/30nfs4.dpatch
URL: http://svn.debian.org/wsvn/pkg-loop-aes/trunk/loop-aes-utils/debian/patches/30nfs4.dpatch?rev=1394&op=diff
==============================================================================
--- trunk/loop-aes-utils/debian/patches/30nfs4.dpatch (original)
+++ trunk/loop-aes-utils/debian/patches/30nfs4.dpatch Sun Apr 22 17:26:49 2007
@@ -7,8 +7,8 @@
@DPATCH@
diff -urNad trunk~/mount/Makefile trunk/mount/Makefile
---- trunk~/mount/Makefile 2007-04-22 17:45:58.000000000 +0200
-+++ trunk/mount/Makefile 2007-04-22 17:48:03.000000000 +0200
+--- trunk~/mount/Makefile 2007-04-22 18:20:19.000000000 +0200
++++ trunk/mount/Makefile 2007-04-22 18:20:20.000000000 +0200
@@ -29,7 +29,7 @@
MAYBE = pivot_root swapoff
@@ -28,8 +28,8 @@
swapon: swapon.o version.o xmalloc.o \
diff -urNad trunk~/mount/mount.8 trunk/mount/mount.8
---- trunk~/mount/mount.8 2007-04-22 17:45:58.000000000 +0200
-+++ trunk/mount/mount.8 2007-04-22 17:47:05.000000000 +0200
+--- trunk~/mount/mount.8 2007-04-22 18:20:19.000000000 +0200
++++ trunk/mount/mount.8 2007-04-22 18:20:20.000000000 +0200
@@ -387,6 +387,7 @@
.IR msdos ,
.IR ncpfs ,
@@ -135,9 +135,9 @@
.TP
.BI iocharset= name
diff -urNad trunk~/mount/mount.c trunk/mount/mount.c
---- trunk~/mount/mount.c 2007-04-22 17:45:58.000000000 +0200
-+++ trunk/mount/mount.c 2007-04-22 17:47:05.000000000 +0200
-@@ -859,8 +859,23 @@
+--- trunk~/mount/mount.c 2007-04-22 18:20:19.000000000 +0200
++++ trunk/mount/mount.c 2007-04-22 18:20:20.000000000 +0200
+@@ -860,8 +860,23 @@
"without support for the type `nfs'"));
#endif
}
@@ -162,8 +162,8 @@
if (!fake) {
mnt5_res = guess_fstype_and_mount (spec, node, &types, flags & ~MS_NOSYS,
diff -urNad trunk~/mount/nfs.5 trunk/mount/nfs.5
---- trunk~/mount/nfs.5 2007-04-21 21:56:32.000000000 +0200
-+++ trunk/mount/nfs.5 2007-04-22 17:47:05.000000000 +0200
+--- trunk~/mount/nfs.5 2007-04-22 18:20:11.000000000 +0200
++++ trunk/mount/nfs.5 2007-04-22 18:20:20.000000000 +0200
@@ -3,7 +3,7 @@
.\" patches. "
.TH NFS 5 "20 November 1993" "Linux 0.99" "Linux Programmer's Manual"
@@ -433,7 +433,7 @@
.SH "SEE ALSO"
diff -urNad trunk~/mount/nfs4_mount.h trunk/mount/nfs4_mount.h
--- trunk~/mount/nfs4_mount.h 1970-01-01 01:00:00.000000000 +0100
-+++ trunk/mount/nfs4_mount.h 2007-04-22 17:47:05.000000000 +0200
++++ trunk/mount/nfs4_mount.h 2007-04-22 18:20:20.000000000 +0200
@@ -0,0 +1,82 @@
+#ifndef _LINUX_NFS4_MOUNT_H
+#define _LINUX_NFS4_MOUNT_H
@@ -519,7 +519,7 @@
+#endif
diff -urNad trunk~/mount/nfs4mount.c trunk/mount/nfs4mount.c
--- trunk~/mount/nfs4mount.c 1970-01-01 01:00:00.000000000 +0100
-+++ trunk/mount/nfs4mount.c 2007-04-22 17:47:05.000000000 +0200
++++ trunk/mount/nfs4mount.c 2007-04-22 18:20:20.000000000 +0200
@@ -0,0 +1,433 @@
+/*
+ * nfs4mount.c -- Linux NFS mount
@@ -955,8 +955,8 @@
+ return retval;
+}
diff -urNad trunk~/mount/nfs_mount4.h trunk/mount/nfs_mount4.h
---- trunk~/mount/nfs_mount4.h 2007-04-21 21:56:31.000000000 +0200
-+++ trunk/mount/nfs_mount4.h 2007-04-22 17:47:05.000000000 +0200
+--- trunk~/mount/nfs_mount4.h 2007-04-22 18:20:11.000000000 +0200
++++ trunk/mount/nfs_mount4.h 2007-04-22 18:20:20.000000000 +0200
@@ -8,7 +8,9 @@
* so it is easiest to ignore the kernel altogether (at compile time).
*/
@@ -999,8 +999,8 @@
+#endif
diff -urNad trunk~/mount/nfsmount.c trunk/mount/nfsmount.c
---- trunk~/mount/nfsmount.c 2007-04-21 21:56:31.000000000 +0200
-+++ trunk/mount/nfsmount.c 2007-04-22 17:47:05.000000000 +0200
+--- trunk~/mount/nfsmount.c 2007-04-22 18:20:11.000000000 +0200
++++ trunk/mount/nfsmount.c 2007-04-22 18:20:20.000000000 +0200
@@ -34,6 +34,7 @@
#include "../defines.h" /* for HAVE_rpcsvc_nfs_prot_h and HAVE_inet_aton */
@@ -2565,8 +2565,8 @@
/*
* We need to translate between nfs status return values and
diff -urNad trunk~/mount/sundries.h trunk/mount/sundries.h
---- trunk~/mount/sundries.h 2007-04-21 21:56:31.000000000 +0200
-+++ trunk/mount/sundries.h 2007-04-22 17:47:05.000000000 +0200
+--- trunk~/mount/sundries.h 2007-04-22 18:20:11.000000000 +0200
++++ trunk/mount/sundries.h 2007-04-22 18:20:20.000000000 +0200
@@ -37,6 +37,9 @@
#ifdef HAVE_NFS
int nfsmount (const char *spec, const char *node, int *flags,
@@ -2578,8 +2578,8 @@
/* exit status - bits below are ORed */
diff -urNad trunk~/mount/umount.c trunk/mount/umount.c
---- trunk~/mount/umount.c 2007-04-22 17:45:58.000000000 +0200
-+++ trunk/mount/umount.c 2007-04-22 17:47:05.000000000 +0200
+--- trunk~/mount/umount.c 2007-04-22 18:20:19.000000000 +0200
++++ trunk/mount/umount.c 2007-04-22 18:20:20.000000000 +0200
@@ -90,6 +90,11 @@
/* True if ruid != euid. */
int suid = 0;
More information about the Pkg-loop-aes-commits
mailing list