-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 20 Jul 2019 23:18:18 +0200
Source: libblockdev
Architecture: source
Version: 2.20-7+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Michael Biebl <biebl@debian.org>
Closes: 928893
Changes:
 libblockdev (2.20-7+deb10u1) buster; urgency=medium
 .
   [ intrigeri ]
   * Use existing cryptsetup API for changing keyslot passphrase.
     Cherry-pick upstream fix to use existing cryptsetup API for atomically
     changing a keyslot passphrase, instead of deleting the old keyslot
     before adding the new one. This avoids data loss when attempting to
     change the passphrase of a LUKS2 device via udisks2, e.g. from GNOME
     Disks.
     Deleting a keyslot and then adding one is risky: if anything goes wrong
     before the new keyslot is successfully added, no usable keyslot is left
     and the device cannot be unlocked anymore. There's little chances this
     causes actual problems with LUKS1, but LUKS2 defaults to the memory-hard
     Argon2 key derivation algorithm, which is implemented in cryptsetup with
     the assumption that it runs as root with no MEMLOCK ulimit; this
     assumption is wrong when run by udisks2.service under
     LimitMEMLOCK=65536, which breaks adding the new keyslot, and makes us
     hit the problematic situation (user data loss) every time.
     With this change, changing a LUKS2 passphrase via udisks2 will still
     fail in some cases, until the MEMLOCK ulimit problem is solved in
     cryptsetup or workaround'ed in udisks2. But at least, if it fails, it
     will fail _atomically_ and the original passphrase will still work.
     (Closes: #928893)
Checksums-Sha1:
 abcae3dc4fc1657fa12a39243c2e8878294ebb70 5272 libblockdev_2.20-7+deb10u1.dsc
 cc489f865e551e041eb56e5d533ed55981bec59f 12856 libblockdev_2.20-7+deb10u1.debian.tar.xz
 0bbc390da128acef689302307e2734f38bdf5c13 9334 libblockdev_2.20-7+deb10u1_source.buildinfo
Checksums-Sha256:
 84dc2b491db463b76bb4988d6af60ab8d0c3cc2eca18d03f8eb39264d910eb58 5272 libblockdev_2.20-7+deb10u1.dsc
 758afa7d6eff828ed8cce003b78f837a00627133fa454e12696db889066ee7df 12856 libblockdev_2.20-7+deb10u1.debian.tar.xz
 9e7be20c1d325039555225b0734c3efcca578b1e9e6b126feb2b03280d911e06 9334 libblockdev_2.20-7+deb10u1_source.buildinfo
Files:
 942d745f73bd614a684c5040dab2bd8a 5272 libs optional libblockdev_2.20-7+deb10u1.dsc
 94c00a865753f97ad80627168259efa1 12856 libs optional libblockdev_2.20-7+deb10u1.debian.tar.xz
 5c0a7df91ebad04c347e9a28d3210fb0 9334 libs optional libblockdev_2.20-7+deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAl0zq9gACgkQauHfDWCP
ItySSw/+MZKAomTm/fOLcys04rEKeDzy8+UkyiALF0hCQyHfnk12Ov9HEQpWvnwQ
dQ91VpKF8IdTLGCBXK0S3K2UOBJpA2JGv0qw5/8v+vrN0xAU4eimHNsPWl2ID+uP
5V1dpmOsmJIwx+aCGJEzQ3qnhgtd4sH9uC5zizU42Zox3UuUsBWTpc0Qv/C5N2xv
HVac69FR2FIs5lmUwXaAZ94+hJYzAYb9G/W96+z8NzG/5Xc6N2hM9bAIPyFJ0TXx
fAYiWNWzKIMo4OSK0lwieXTberKDfRVA517MFGJ347fmORie/Qoic14hucQ/yJpU
VRnjTd5F+LgPBgHjq7BctKXcF9ZeZNgz7Q4F9ChhOGe7TclaIG3Br3B1xo9IW/eU
gCmvGEj9rKO3XrBL02xedBFDz2SxCqQRZdPpAt5HFN1xeaB6cHdJcZMAiDz4mFdR
B247lQCmvEYt7gxvOteIH5sFetCfYgtAKwOwr8rs1CNGHDJM0CiGGUjtEnSDtBF1
+900Oi7rPa/btZVelFtaof/7sJW/J92XilNpe4W6EbztcMZ2yMG540A2eewHC8iq
cNIOPho3nnTfBrKTZ2lEiVCNINWUnc3VhS0fNyh1Vr07qBSJO7W3BnZ7tHxDwEYV
UpkiTni184L3bzzvvHz5R1nIpUdTOxsEnrdSMP34QrlhOOqTTJY=
=p9vc
-----END PGP SIGNATURE-----