Ubuntu
cryptsetup package

Merge ~mwhudson/ubuntu/+source/cryptsetup:merge into ubuntu/+source/cryptsetup:debian/sid

Proposed by Michael Hudson-Doyle on 2020-11-09

Status:

Needs review

Proposed branch:

~mwhudson/ubuntu/+source/cryptsetup:merge

Merge into:

ubuntu/+source/cryptsetup:debian/sid

Diff against target:

2287 lines (+1775/-33)

11 files modified

debian/changelog (+1603/-0)
debian/control (+4/-3)
debian/cryptsetup-initramfs.install (+1/-0)
debian/functions (+11/-1)
debian/initramfs/cryptroot-unlock (+12/-6)
debian/initramfs/hooks/cryptroot (+5/-3)
debian/initramfs/scripts/local-block/cryptroot (+4/-0)
debian/initramfs/scripts/local-bottom/cryptroot (+23/-0)
debian/initramfs/scripts/local-top/cryptroot (+56/-20)
debian/patches/decrease_memlock_ulimit.patch (+55/-0)
debian/patches/series (+1/-0)

Related bugs:

Bug #1830110: patch for finding zfs, solves: cryptsetup: WARNING: Couldn't determine root device	Medium	Fix Released
Bug #1879980: Fail to boot with LUKS on top of RAID1 if the array is broken/degraded	Medium	Fix Released
Bug #1891473: cryptsetup ftbfs in focal	High	Fix Released

Link a bug report

Reviewer	Date Requested	Status
Guilherme G. Piccoli (community)		Approve on 2020-11-10
git-ubuntu developers	2020-11-09	Pending
Review via email: mp+393521@code.launchpad.net

Revision history for this message

Michael Hudson-Doyle (mwhudson) wrote on 2020-11-09:

diff of debian dir against current ubuntu is https://paste.ubuntu.com/p/QXFm3Q8SBt/

Revision history for this message

Guilherme G. Piccoli (gpiccoli) wrote on 2020-11-10:

Thanks Michael, I've reviewed the MD/retry logic and the FTBFS fix, it's all fine / correctly backported!

Cheers,

Guilherme

review: Approve

Unmerged commits

730d330... by Michael Hudson-Doyle on 2020-11-09: update-maintainer
540f02c... by Michael Hudson-Doyle on 2020-11-09: reconstruct-changelog
434ed6d... by Michael Hudson-Doyle on 2020-11-09: merge-changelogs
71abcb1... by Michael Hudson-Doyle on 2020-11-09:       - debian/rules:
        - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even
          without systemd knows how to ship cryptsetup.conf
5adf727... by Michael Hudson-Doyle on 2020-11-09:     - included in Debian:
      - debian/cryptsetup-bin.install:
        - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where
          it was installed from ./scripts/crypsetup.conf.
df18e43... by Michael Hudson-Doyle on 2020-11-09:   * Dropped changes:
    - Included in new upstream version:
      - SECURITY UPDATE: Out-of-bounds write
        - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of
          heap space in lib/luks2/luks2_json_metadata.c.
        - CVE-2020-14382
f307b13... by Michael Hudson-Doyle on 2020-11-09:     - Introduce retry logic for external invocations after mdadm (LP: #1879980)
      - Currently, if an encrypted rootfs is configured on top of a MD RAID1
        array and such array gets degraded (e.g., a member is removed/failed)
        the cryptsetup scripts cannot mount the rootfs, and the boot fails.
        We fix that issue here by allowing the cryptroot script to be re-run
        by initramfs-tools/local-block stage, as mdadm can activate degraded
        arrays at that stage.
        There is an initramfs-tools counter-part for this fix, but alone the
        cryptsetup portion is harmless.
      - d/cryptsetup-initramfs.install: ship the new local-bottom script.
      - d/functions: declare variables for local-top|block|bottom scripts
        (flag that local-block is running and external invocation counter.)
      - d/i/s/local-block/cryptroot: set flag that local-block is running.
      - d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
      - d/i/s/local-top/cryptroot: change the logic from just waiting 180
        seconds to waiting 5 seconds first, then allowing initramfs-tools
        to run mdadm (to activate degraded arrays) and call back at least
        30 times/seconds more.
951dc07... by Michael Hudson-Doyle on 2020-11-09:     - debian/patches/decrease_memlock_ulimit.patch
      Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473)
      tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
      - Thanks Guilherme G. Piccoli.
8a58330... by Michael Hudson-Doyle on 2020-11-09:     - Fix warning and error when running on ZFS on root: (LP: #1830110)
      - d/functions: Return an empty devno for ZFS devices as they don't have
        major:minor device numbers.
      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when
        devices don't have a devno.
      Submitted to debian upstream as bug #902449.
3adacbd... by Michael Hudson-Doyle on 2020-11-09: - Fix cryptroot-unlock for busybox compatibility.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Michael Hudson-Doyle

git-ubuntu developers

Ubuntu
cryptsetup package

Merge ~mwhudson/ubuntu/+source/cryptsetup:merge into ubuntu/+source/cryptsetup:debian/sid

Commit message

Description of the change

Unmerged commits

Preview Diff

Subscribers

 diff --git a/debian/changelog b/debian/changelog
 index 96d015b..0a4dfba 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,54 @@
++cryptsetup (2:2.3.4-1ubuntu1) hirsute; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Fix cryptroot-unlock for busybox compatibility.
++    - Fix warning and error when running on ZFS on root: (LP #1830110)
++      - d/functions: Return an empty devno for ZFS devices as they don't have
++        major:minor device numbers.
++      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when
++        devices don't have a devno.
++      Submitted to debian upstream as bug #902449.
++    - debian/patches/decrease_memlock_ulimit.patch
++      Fixed FTBFS due a restrict environment in the new Bionic Builder (LP #1891473)
++      tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
++      - Thanks Guilherme G. Piccoli.
++    - Introduce retry logic for external invocations after mdadm (LP #1879980)
++      - Currently, if an encrypted rootfs is configured on top of a MD RAID1
++        array and such array gets degraded (e.g., a member is removed/failed)
++        the cryptsetup scripts cannot mount the rootfs, and the boot fails.
++        We fix that issue here by allowing the cryptroot script to be re-run
++        by initramfs-tools/local-block stage, as mdadm can activate degraded
++        arrays at that stage.
++        There is an initramfs-tools counter-part for this fix, but alone the
++        cryptsetup portion is harmless.
++      - d/cryptsetup-initramfs.install: ship the new local-bottom script.
++      - d/functions: declare variables for local-top|block|bottom scripts
++        (flag that local-block is running and external invocation counter.)
++      - d/i/s/local-block/cryptroot: set flag that local-block is running.
++      - d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
++      - d/i/s/local-top/cryptroot: change the logic from just waiting 180
++        seconds to waiting 5 seconds first, then allowing initramfs-tools
++        to run mdadm (to activate degraded arrays) and call back at least
++        30 times/seconds more.
++  * Dropped changes:
++    - Included in new upstream version:
++      - SECURITY UPDATE: Out-of-bounds write
++        - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of
++          heap space in lib/luks2/luks2_json_metadata.c.
++        - CVE-2020-14382
++    - included in Debian:
++      - debian/cryptsetup-bin.install:
++        - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where
++          it was installed from ./scripts/crypsetup.conf.
++      - debian/rules:
++        - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even
++          without systemd knows how to ship cryptsetup.conf
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Tue, 10 Nov 2020 10:37:25 +1300
++
  cryptsetup (2:2.3.4-1) unstable; urgency=high
    * New upstream bugfix release, including fix for CVE-2020-14382:
@@ -21,6 +72,80 @@ cryptsetup (2:2.3.3-2) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Wed, 12 Aug 2020 00:22:59 +0200
++cryptsetup (2:2.3.3-1ubuntu6) groovy; urgency=medium
++
++  * Introduce retry logic for external invocations after mdadm (LP: #1879980)
++    - Currently, if an encrypted rootfs is configured on top of a MD RAID1
++      array and such array gets degraded (e.g., a member is removed/failed)
++      the cryptsetup scripts cannot mount the rootfs, and the boot fails.
++      We fix that issue here by allowing the cryptroot script to be re-run
++      by initramfs-tools/local-block stage, as mdadm can activate degraded
++      arrays at that stage.
++      There is an initramfs-tools counter-part for this fix, but alone the
++      cryptsetup portion is harmless.
++    - d/cryptsetup-initramfs.install: ship the new local-bottom script.
++    - d/functions: declare variables for local-top|block|bottom scripts
++      (flag that local-block is running and external invocation counter.)
++    - d/i/s/local-block/cryptroot: set flag that local-block is running.
++    - d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
++    - d/i/s/local-top/cryptroot: change the logic from just waiting 180
++      seconds to waiting 5 seconds first, then allowing initramfs-tools
++      to run mdadm (to activate degraded arrays) and call back at least
++      30 times/seconds more.
++
++ -- Guilherme G. Piccoli <gpiccoli@canonical.com>  Wed, 16 Sep 2020 17:35:59 -0300
++
++cryptsetup (2:2.3.3-1ubuntu5) groovy; urgency=medium
++
++  * SECURITY UPDATE: Out-of-bounds write
++    - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of
++      heap space in lib/luks2/luks2_json_metadata.c.
++    - CVE-2020-14382
++  * debian/patches/decrease_memlock_ulimit.patch
++    Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473)
++    tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
++    - Thanks Guilherme G. Piccoli.
++
++ -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Wed, 09 Sep 2020 09:29:17 -0300
++
++cryptsetup (2:2.3.3-1ubuntu4) groovy; urgency=medium
++
++  * No change rebuild against new json-c ABI.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 28 Jul 2020 17:42:50 +0100
++
++cryptsetup (2:2.3.3-1ubuntu3) groovy; urgency=medium
++
++  * debian/rules:
++    - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even
++      without systemd knows how to ship cryptsetup.conf
++
++ -- Didier Roche <didrocks@ubuntu.com>  Thu, 18 Jun 2020 11:44:50 +0200
++
++cryptsetup (2:2.3.3-1ubuntu2) groovy; urgency=medium
++
++  * debian/cryptsetup-bin.install:
++    - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where
++      it was installed from ./scripts/crypsetup.conf.
++  * Fix warning and error when running on ZFS on root: (LP: #1830110)
++    -  d/functions: Return an empty devno for ZFS devices as they don't have
++       major:minor device numbers.
++    - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when
++       devices don't have a devno.
++    Submitted to debian upstream as bug #902449.
++
++ -- Didier Roche <didrocks@ubuntu.com>  Thu, 18 Jun 2020 10:12:10 +0200
++
++cryptsetup (2:2.3.3-1ubuntu1) groovy; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Fix cryptroot-unlock for busybox compatibility.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 09 Jun 2020 10:40:32 -0700
++
  cryptsetup (2:2.3.3-1) unstable; urgency=medium
    [ Guilhem Moulin ]
@@ -49,6 +174,16 @@ cryptsetup (2:2.3.2-1) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Wed, 06 May 2020 16:22:01 +0200
++cryptsetup (2:2.3.1-1ubuntu1) groovy; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Fix cryptroot-unlock for busybox compatibility.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 01 May 2020 07:07:58 -0700
++
  cryptsetup (2:2.3.1-1) unstable; urgency=medium
    * New upstream release.
@@ -84,6 +219,23 @@ cryptsetup (2:2.3.0-1) unstable; urgency=low
   -- Guilhem Moulin <guilhem@debian.org>  Wed, 04 Mar 2020 00:48:19 +0100
++cryptsetup (2:2.2.2-3ubuntu2) focal; urgency=medium
++
++  * Depend on cryptsetup from cryptsetup-initramfs instead of the dummy
++    cryptsetup-run package.  LP: #1864360.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 27 Feb 2020 00:16:14 -0600
++
++cryptsetup (2:2.2.2-3ubuntu1) focal; urgency=medium
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Fix cryptroot-unlock for busybox compatibility.
++
++ -- Matthias Klose <doko@ubuntu.com>  Mon, 10 Feb 2020 09:20:12 +0100
++
  cryptsetup (2:2.2.2-3) unstable; urgency=high
    * initramfs hook: Workaround fix for the libgcc_s's source location.
@@ -92,6 +244,16 @@ cryptsetup (2:2.2.2-3) unstable; urgency=high
   -- Guilhem Moulin <guilhem@debian.org>  Tue, 04 Feb 2020 14:11:12 +0100
++cryptsetup (2:2.2.2-2ubuntu1) focal; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Fix cryptroot-unlock for busybox compatibility.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Sat, 01 Feb 2020 22:11:22 -0800
++
  cryptsetup (2:2.2.2-2) unstable; urgency=medium
    [ Guilhem Moulin ]
@@ -109,6 +271,16 @@ cryptsetup (2:2.2.2-2) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Sat, 18 Jan 2020 20:53:19 +0100
++cryptsetup (2:2.2.2-1ubuntu1) focal; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Fix cryptroot-unlock for busybox compatibility.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 11 Nov 2019 22:07:44 -0800
++
  cryptsetup (2:2.2.2-1) unstable; urgency=medium
    * New upstream bugfix release.
@@ -119,6 +291,16 @@ cryptsetup (2:2.2.2-1) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Fri, 01 Nov 2019 19:32:36 +0100
++cryptsetup (2:2.2.1-1ubuntu1) focal; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Fix cryptroot-unlock for busybox compatibility.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 18 Oct 2019 15:14:29 -0700
++
  cryptsetup (2:2.2.1-1) unstable; urgency=medium
    * New upstream bugfix release.
@@ -126,6 +308,16 @@ cryptsetup (2:2.2.1-1) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Fri, 06 Sep 2019 13:28:55 +0200
++cryptsetup (2:2.2.0-3ubuntu1) eoan; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Fix cryptroot-unlock for busybox compatibility.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 28 Aug 2019 16:13:22 -0700
++
  cryptsetup (2:2.2.0-3) unstable; urgency=medium
    * Cherry pick upstream commit 8f8f0b32: Fix mapped segments overflow on
@@ -133,6 +325,16 @@ cryptsetup (2:2.2.0-3) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Mon, 26 Aug 2019 12:53:45 +0200
++cryptsetup (2:2.2.0-2ubuntu1) eoan; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Fix cryptroot-unlock for busybox compatibility.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Sun, 25 Aug 2019 12:25:55 -0700
++
  cryptsetup (2:2.2.0-2) unstable; urgency=medium
    * debian/control: Add 'Multi-Arch: foreign' tag to the transitional dummy
@@ -144,6 +346,25 @@ cryptsetup (2:2.2.0-2) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Wed, 21 Aug 2019 22:45:12 +0200
++cryptsetup (2:2.2.0-1ubuntu2) eoan; urgency=medium
++
++  * debian/initramfs/cryptroot-unlock: canonicalize executable paths.
++    Thanks to Paride Legovini <paride.legovini@canonical.com> for the patch.
++    LP: #1840752.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 20 Aug 2019 15:34:10 -0700
++
++cryptsetup (2:2.2.0-1ubuntu1) eoan; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
++      compatibility.
++
++ -- Gianfranco Costamagna <locutusofborg@debian.org>  Tue, 20 Aug 2019 14:21:34 +0200
++
  cryptsetup (2:2.2.0-1) unstable; urgency=medium
    * New upstream release 2.2.0.  Highlights include:
@@ -221,6 +442,23 @@ cryptsetup (2:2.1.0-6) unstable; urgency=low
   -- Guilhem Moulin <guilhem@debian.org>  Sat, 20 Jul 2019 22:15:04 -0300
++cryptsetup (2:2.1.0-5ubuntu2) eoan; urgency=medium
++
++  * Rebuild against new libjson-c4.
++
++ -- Gianfranco Costamagna <locutusofborg@debian.org>  Sat, 29 Jun 2019 13:48:37 +0200
++
++cryptsetup (2:2.1.0-5ubuntu1) eoan; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
++      compatibility.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 14 Jun 2019 14:09:31 -0700
++
  cryptsetup (2:2.1.0-5) unstable; urgency=medium
    [ Jonas Meurer ]
@@ -233,6 +471,17 @@ cryptsetup (2:2.1.0-5) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Mon, 10 Jun 2019 14:51:15 +0200
++cryptsetup (2:2.1.0-4ubuntu1) eoan; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
++      compatibility.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 28 May 2019 18:32:08 -0700
++
  cryptsetup (2:2.1.0-4) unstable; urgency=medium
    [Guilhem Moulin]
@@ -252,6 +501,26 @@ cryptsetup (2:2.1.0-4) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Tue, 28 May 2019 17:04:16 +0200
++cryptsetup (2:2.1.0-3ubuntu2) eoan; urgency=medium
++
++  * Depend on busybox-initramfs, which is the implementation we actually use
++    for the initramfs and is guaranteed to always be present, instead of
++    busybox-static.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 09 May 2019 14:47:04 -0700
++
++cryptsetup (2:2.1.0-3ubuntu1) eoan; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Invert the "busybox | busybox-static" Recommends, as the latter
++        is the one we ship in main as part of the ubuntu-standard task.
++    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
++      compatibility. LP: #1651818
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 03 May 2019 16:22:03 -0700
++
  cryptsetup (2:2.1.0-3) unstable; urgency=medium
    * d/scripts/decrypt_opensc: Fix standard output poisoning.  Thanks to Nils
@@ -275,6 +544,19 @@ cryptsetup (2:2.1.0-2) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Thu, 28 Feb 2019 22:32:43 +0100
++cryptsetup (2:2.1.0-1ubuntu1) disco; urgency=medium
++
++  * Merge from Debian unstable. LP: #1815484
++  * Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Invert the "busybox | busybox-static" Recommends, as the latter
++        is the one we ship in main as part of the ubuntu-standard task.
++    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
++      compatibility. LP: #1651818
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 13 Feb 2019 21:28:23 +0000
++
  cryptsetup (2:2.1.0-1) unstable; urgency=medium
    * New upstream release.  Highlights include:
@@ -317,6 +599,20 @@ cryptsetup (2:2.1.0-1) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Sat, 09 Feb 2019 00:40:17 +0100
++cryptsetup (2:2.0.6-1ubuntu1) disco; urgency=medium
++
++  * Merge from Debian unstable.
++  * Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Invert the "busybox | busybox-static" Recommends, as the latter
++        is the one we ship in main as part of the ubuntu-standard task.
++    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
++      compatibility. LP: #1651818
++  * Dropped delta sector_size support, merged in Debian.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 05 Feb 2019 13:43:25 +0000
++
  cryptsetup (2:2.0.6-1) unstable; urgency=medium
    * New upstream bugfix release.  Highlights include:
@@ -381,6 +677,27 @@ cryptsetup (2:2.0.4-3) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Mon, 22 Oct 2018 17:45:35 +0200
++cryptsetup (2:2.0.4-2ubuntu2) cosmic; urgency=medium
++
++  * Implement support for --sector-size cryptsetup plain mode option in
++    crypttab. Matching support is also proposed to systemd-cryptsetup as
++    well. LP: #1776626
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Fri, 31 Aug 2018 17:00:07 +0100
++
++cryptsetup (2:2.0.4-2ubuntu1) cosmic; urgency=low
++
++  * Merge from Debian unstable.  LP: #1785610.
++  * Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Invert the "busybox | busybox-static" Recommends, as the latter
++        is the one we ship in main as part of the ubuntu-standard task.
++    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
++      compatibility. LP: #1651818
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 22 Aug 2018 22:51:47 +0100
++
  cryptsetup (2:2.0.4-2) unstable; urgency=medium
    * debian/cryptsetup-initramfs.preinst: Don't try to overwrite
@@ -413,6 +730,28 @@ cryptsetup (2:2.0.3-7) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Mon, 30 Jul 2018 16:32:07 +0800
++cryptsetup (2:2.0.3-6ubuntu1) cosmic; urgency=low
++
++  * Merge from Debian unstable.  LP: #1781912.
++  * Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Invert the "busybox | busybox-static" Recommends, as the latter
++        is the one we ship in main as part of the ubuntu-standard task.
++    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
++      compatibility. LP: #1651818
++  * Dropped changes, included in Debian:
++    - Drop explicit libgcrypt20 dependency from libcryptsetup4.
++    - Drop the CRYPTSETUP variable warning from the initramfs hook, as
++      overlayroot package ships a dropin in conf-hooks.d triggering false
++      warnings.
++    - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
++    - Drop c99 std, as the default is now higher than that
++  * Dropped changes, no longer needed:
++    - Add maintscript to drop removed upstart system jobs.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 16 Jul 2018 08:27:58 -0400
++
  cryptsetup (2:2.0.3-6) unstable; urgency=medium
    * debian/TODO.md: Remove mention of parent device detection for mdadm
@@ -697,6 +1036,45 @@ cryptsetup (2:2.0.3-1) unstable; urgency=medium
   -- Jonas Meurer <jonas@freesources.org>  Fri, 15 Jun 2018 15:32:16 +0200
++cryptsetup (2:2.0.2-1ubuntu3) cosmic; urgency=medium
++
++  * No-change rebuild against libargon2-1
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 10 Jul 2018 17:01:23 +0000
++
++cryptsetup (2:2.0.2-1ubuntu2) cosmic; urgency=medium
++
++  * Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
++    compatibility. LP: #1651818
++
++ -- Dimitri John Ledkov 🌈 <xnox@ubuntu.com>  Thu, 21 Jun 2018 16:38:31 +0100
++
++cryptsetup (2:2.0.2-1ubuntu1) bionic; urgency=low
++
++  * Merge from Debian unstable.
++    - bugfix upstream release, which solves problems with luks2 format
++      disks not unlocking.  LP: #1755322.
++  * Remaining changes:
++    - debian/control:
++      + Depend on plymouth.
++      + Invert the "busybox | busybox-static" Recommends, as the latter
++        is the one we ship in main as part of the ubuntu-standard task.
++      + Drop explicit libgcrypt20 dependency from libcryptsetup4.
++    - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
++    - Drop c99 std, as the default is now higher than that
++    - Drop upstart system jobs.
++    - Add maintscript to drop removed upstart system jobs.
++      - debian has its own now, but we have different version numbers.
++        this delta can be dropped after 18.04 release.
++    - Drop the CRYPTSETUP variable warning from the initramfs hook, as
++      overlayroot package ships a dropin in conf-hooks.d triggering false
++      warnings.
++  * Dropped changes:
++    - debian/cryptdisks{,-udev}.maintscript: drop, there is no package named
++      'cryptdisks' or 'cryptdisks-udev'.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 06 Apr 2018 10:23:53 -0700
++
  cryptsetup (2:2.0.2-1) unstable; urgency=low
    * New upstream release 2.0.2
@@ -726,6 +1104,40 @@ cryptsetup (2:2.0.1-1) unstable; urgency=low
   -- Guilhem Moulin <guilhem@debian.org>  Sun, 11 Feb 2018 00:02:05 +0100
++cryptsetup (2:2.0.1-0ubuntu2) bionic; urgency=medium
++
++  * Drop the CRYPTSETUP variable warning from the initramfs hook, as
++    overlayroot package ships a dropin in conf-hooks.d triggering false
++    warnings.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Thu, 22 Feb 2018 14:49:16 +0000
++
++cryptsetup (2:2.0.1-0ubuntu1) bionic; urgency=medium
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Depend on plymouth.
++      + Invert the "busybox | busybox-static" Recommends, as the latter
++        is the one we ship in main as part of the ubuntu-standard task.
++      + Drop explicit libgcrypt20 dependency from libcryptsetup4.
++    - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
++    - Drop c99 std, as the default is now higher than that
++    - Drop upstart system jobs.
++    - Add maintscript to drop removed upstart system jobs.
++      - debian has its own now, but we have different version numbers
++  * New upstream release
++  * Cherry-pick Guilhem Moulin's changes below from Debian git
++
++  [ Guilhem Moulin ]
++   * New upstream release 2.0.1:
++     - Use /run/cryptsetup as default for cryptsetup locking dir.
++     - Add missing symbols for new functions to debian/libcryptsetup12.symbols.
++  * debian/copyright: update copyright years.
++  * debian/patches: backport upstream's 8728ba08 to fix opening of loop-AES
++    devices using --key-file=-.  (Closes: #888162.)
++
++ -- Julian Andres Klode <juliank@ubuntu.com>  Mon, 29 Jan 2018 13:48:55 +0100
++
  cryptsetup (2:2.0.0-1) unstable; urgency=low
    [ Guilhem Moulin ]
@@ -775,6 +1187,26 @@ cryptsetup (2:2.0.0~rc0-1) experimental; urgency=low
   -- Guilhem Moulin <guilhem@debian.org>  Tue, 03 Oct 2017 03:37:36 +0200
++cryptsetup (2:1.7.5-1ubuntu1) bionic; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Depend on plymouth.
++      + Invert the "busybox | busybox-static" Recommends, as the latter
++        is the one we ship in main as part of the ubuntu-standard task.
++      + Drop explicit libgcrypt20 dependency from libcryptsetup4.
++    - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
++    - Drop c99 std, as the default is now higher than that
++    - Drop upstart system jobs.
++    - Add maintscript to drop removed upstart system jobs.
++  * Merged upstream:
++    - d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat
++      with recent FIPS enabled kernels.
++  * Merged in Debian:
++    - Use DEB_VERSION from dpkg/default.mk for pod2man release variable
++
++ -- Julian Andres Klode <juliank@ubuntu.com>  Wed, 17 Jan 2018 21:39:10 +0100
++
  cryptsetup (2:1.7.5-1) unstable; urgency=low
    * New upstream release 1.7.5.
@@ -797,6 +1229,25 @@ cryptsetup (2:1.7.5-1) unstable; urgency=low
   -- Guilhem Moulin <guilhem@debian.org>  Thu, 14 Sep 2017 13:00:23 +0200
++cryptsetup (2:1.7.3-4ubuntu1) artful; urgency=low
++
++  * New upstream release, merge from Debian unstable. Remaining
++    Ubuntu changes:
++    - debian/control:
++      + Depend on plymouth.
++      + Invert the "busybox | busybox-static" Recommends, as the latter
++        is the one we ship in main as part of the ubuntu-standard task.
++      + Drop explicit libgcrypt20 dependency from libcryptsetup4.
++  * d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat
++    with recent FIPS enabled kernels.
++  * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
++  * Drop c99 std, as the default is now higher than that
++  * Use DEB_VERSION from dpkg/default.mk for pod2man release variable
++  * Drop upstart system jobs.
++  * Add maintscript to drop removed upstart system jobs.
++
++ -- Andy Whitcroft <apw@ubuntu.com>  Thu, 10 Aug 2017 14:07:29 +0100
++
  cryptsetup (2:1.7.3-4) unstable; urgency=high
    [ Guilhem Moulin ]
@@ -1009,6 +1460,40 @@ cryptsetup (2:1.7.2-1) unstable; urgency=medium
   -- Jonas Meurer <mejo@debian.org>  Wed, 05 Oct 2016 20:53:09 +0200
++cryptsetup (2:1.7.2-0ubuntu4) artful; urgency=medium
++
++  * Add maintscript to drop removed upstart system jobs.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Mon, 21 Aug 2017 11:36:04 +0100
++
++cryptsetup (2:1.7.2-0ubuntu3) artful; urgency=medium
++
++  * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCe
++  * Drop c99 std, as the default is now higher than that
++  * Use DEB_VERSION from dpkg/default.mk for pod2man release variable
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Sat, 19 Aug 2017 21:46:19 +0100
++
++cryptsetup (2:1.7.2-0ubuntu2) artful; urgency=medium
++
++  * Drop upstart system jobs.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Sat, 19 Aug 2017 20:57:17 +0100
++
++cryptsetup (2:1.7.2-0ubuntu1) yakkety; urgency=medium
++
++  * New upstream release, merge from Debian unstable (LP: #1548137). Remaining
++    Ubuntu changes:
++    - debian/control:
++      + Bump initramfs-tools Suggests to Depends: so system is not
++        potentially rendered unbootable.
++      + Depend on plymouth.
++      + Invert the "busybox | busybox-static" Recommends, as the latter
++        is the one we ship in main as part of the ubuntu-standard task.
++      + Drop explicit libgcrypt20 dependency from libcryptsetup4.
++
++ -- Unit 193 <unit193@ubuntu.com>  Wed, 22 Jun 2016 16:30:01 -0400
++
  cryptsetup (2:1.7.0-2) unstable; urgency=medium
    [ Guilhem Moulin ]
@@ -1083,6 +1568,35 @@ cryptsetup (2:1.7.0-1) unstable; urgency=medium
   -- Jonas Meurer <mejo@debian.org>  Thu, 07 Jan 2016 02:22:33 +0100
++cryptsetup (2:1.6.6-5ubuntu2) wily; urgency=medium
++
++  * Fix stupid typo in Recommends "busybox | busybox-static" inversion.
++    Fixes binary moves for busybox into main.
++
++ -- Andy Whitcroft <apw@ubuntu.com>  Fri, 21 Aug 2015 08:56:34 +0100
++
++cryptsetup (2:1.6.6-5ubuntu1) wily; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Bump initramfs-tools Suggests to Depends: so system is not
++        potentially rendered unbootable.
++      + Depend on plymouth.
++      + Invert the "busybox | busybox-static" Recommends, as the latter
++        is the one we ship in main as part of the ubuntu-standard task.
++      + Drop explicit libgcrypt11 dependency from libcryptsetup4.
++  * Dropped changes, now in Debian:
++    - Remove hardcoded paths to udevadm.
++    - debian/initramfs/cryptroot-hook:
++      + Do not unconditionally include cryptsetup utils in the initramfs.
++      + Do not include any modules or utils in the initramfs, unless
++        rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
++        the initramfs.conf configuration file.
++    - debian/cryptsetup.maintscripts:
++      + Migrate upstart jobs to new names.
++
++ -- Andy Whitcroft <apw@ubuntu.com>  Tue, 07 Jul 2015 16:58:45 +0100
++
  cryptsetup (2:1.6.6-5) unstable; urgency=high
    * debian/cryptdisks.functions: fix the precheck for ubuntu+upstart
@@ -1235,6 +1749,71 @@ cryptsetup (2:1.6.4-1) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Fri, 28 Jun 2013 12:14:55 +0200
++cryptsetup (2:1.6.1-1ubuntu7) vivid; urgency=medium
++
++  * Drop explicit libgcrypt11 dependency from libcryptsetup4.
++
++ -- Adam Conrad <adconrad@ubuntu.com>  Fri, 27 Mar 2015 18:24:38 -0600
++
++cryptsetup (2:1.6.1-1ubuntu6) vivid; urgency=medium
++
++  * No-change rebuild for the libgcrypt20 transition.
++
++ -- Adam Conrad <adconrad@ubuntu.com>  Fri, 27 Mar 2015 06:16:08 -0600
++
++cryptsetup (2:1.6.1-1ubuntu5) vivid; urgency=medium
++
++  * ./debian/scripts/luksformat: Drop luksFormat -s and --ciper options. They
++    aren't necessary any more, and aes-cbc-essiv:sha256 is obsolete. This will
++    now use aes-xts-plain64 by default. (LP: #1414719)
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Fri, 27 Feb 2015 09:37:05 +0100
++
++cryptsetup (2:1.6.1-1ubuntu4) vivid; urgency=medium
++
++  * No change rebuild to get debug symbols for all architectures.
++
++ -- Brian Murray <brian@ubuntu.com>  Wed, 03 Dec 2014 08:03:31 -0800
++
++cryptsetup (2:1.6.1-1ubuntu3) utopic; urgency=high
++
++  * No change rebuild against new dh_installinit, to call update-rc.d at
++    postinst.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 28 May 2014 10:39:30 +0100
++
++cryptsetup (2:1.6.1-1ubuntu2) utopic; urgency=medium
++
++  * debian/askpass.c:
++    - Fix bug (LP: #1301086) where askpass fails to restore terminal
++      settings.
++
++ -- Robert Barabas <dc@0xdc.org>  Fri, 18 Apr 2014 14:08:51 -0400
++
++cryptsetup (2:1.6.1-1ubuntu1) trusty; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/control:
++      + Bump initramfs-tools Suggests to Depends: so system is not
++        potentially rendered unbootable.
++      + Depend on plymouth.
++
++    - Invert the "busybox | busybox-static" Recommends, as the latter is
++      the one we ship in main as part of the ubuntu-standard task.
++
++    - Remove hardcoded paths to udevadm (LP: #1184066).
++
++    - debian/initramfs/cryptroot-hook:
++      + Do not unconditionally include cryptsetup utils in the initramfs.
++      + Do not include any modules or utils in the initramfs, unless
++        rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
++        the initramfs.conf configuration file.
++
++    - debian/cryptsetup.maintscripts:
++      + Migrate upstart jobs to new names.
++
++ -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com>  Fri, 01 Nov 2013 16:48:57 +0000
++
  cryptsetup (2:1.6.1-1) unstable; urgency=low
    [ Milan Broz ]
@@ -1276,6 +1855,50 @@ cryptsetup (2:1.6.1-1) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Fri, 28 Jun 2013 12:10:41 +0200
++cryptsetup (2:1.4.3-4ubuntu4) saucy; urgency=low
++
++  * debian/initramfs/cryptroot-hook:
++    - Do not unconditionally include cryptsetup utils in the initramfs.
++    - Do not include any modules or utils in the initramfs, unless
++      rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
++      the initramfs.conf configuration file.
++
++ -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com>  Mon, 10 Jun 2013 16:25:46 +0100
++
++cryptsetup (2:1.4.3-4ubuntu3) saucy; urgency=low
++
++  * Remove hardcoded paths to udevadm (LP: #1184066).
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Tue, 28 May 2013 11:27:27 +0100
++
++cryptsetup (2:1.4.3-4ubuntu2) raring; urgency=low
++
++  * Invert the "busybox | busybox-static" Recommends, as the latter
++    is the one we ship in main as part of the ubuntu-standard task.
++
++ -- Adam Conrad <adconrad@ubuntu.com>  Fri, 16 Nov 2012 01:14:35 -0700
++
++cryptsetup (2:1.4.3-4ubuntu1) raring; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/control:
++      + Bump initramfs-tools Suggests to Depends: so system is not
++        potentially rendered unbootable.
++      + Depend on plymouth.
++
++    - init/upstart jobs:
++      + Rename cryptddisks{,-early}.upstart jobs to
++        cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs
++        for now.
++      + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
++        script a no-op, this should be handled entirely by the upstart job;
++      	and fix the LSB header to not declare this should be started in
++      	runlevel 'S'.
++      + Do not install start symlinks for init scripts
++      + NB! shutdown is still handled by the SystemV init scripts
++
++ -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com>  Tue, 13 Nov 2012 11:17:57 +0000
++
  cryptsetup (2:1.4.3-4) unstable; urgency=medium
    * change recommends for busybox to busybox | busybox-static. Thanks to
@@ -1308,6 +1931,50 @@ cryptsetup (2:1.4.3-3) unstable; urgency=medium
   -- Jonas Meurer <mejo@debian.org>  Thu, 01 Nov 2012 15:34:09 +0100
++cryptsetup (2:1.4.3-2ubuntu1) quantal; urgency=low
++
++  * Merge from debian unstable (LP: #1015753), remaining changes:
++    - debian/control:
++      + Bump initramfs-tools Suggests to Depends: so system is not
++        potentially rendered unbootable.
++      + Depend on plymouth.
++
++    - init/upstart jobs:
++      + Add debian/cryptdisks-{enable,udev}.upstart for bootup.
++      + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
++        script a no-op, this should be handled entirely by the upstart job;
++      	and fix the LSB header to not declare this should be started in
++      	runlevel 'S'.
++      + Do not install start symlinks for init scripts
++      + NB! shutdown is still handled by the SystemV init scripts
++
++  * Rename cryptddisks{,-early}.upstart jobs back to
++    cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs
++    for now.
++
++  * Dropped Changes, included in Debian:
++    - debian/control:
++      + Split up package in cryptsetup and cryptsetup-bin. (LP: #343363).
++
++    - debian/cryptdisks.functions:
++      + Do not overwrite existing filesystems when creating swap (LP: #474258).
++      + Add aesni module when we have hardware encryption.
++      + Call 'udevadm settle' before 'dmsetup rename' http://pad.lv/874774
++      + Suppress "Starting init crypto disks" message in "init" phase, to
++        avoid writing over fsck progress text.
++      + new function, crypttab_start_one_disk, to look for the named source
++        device in /etc/crypttab (by device name, UUID, or label) and start it
++        if configured to do so
++      + handle the case where crypttab contains a name for the source
++        device that is not the kernel's preferred name for it (as is the case
++        for LVs).
++
++    - debian/initramfs/cryptroot-hook:
++      + Quiet warnings from find on arches that don't have all the
++        kernel/{arch,crypto} bits we're testing for.
++
++ -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com>  Tue, 21 Aug 2012 11:57:28 +0100
++
  cryptsetup (2:1.4.3-2) unstable; urgency=medium
    * fix the shared library symbols magic: so far, the symbols file for
@@ -1383,6 +2050,64 @@ cryptsetup (2:1.4.1-3) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Wed, 11 Apr 2012 23:55:35 +0200
++cryptsetup (2:1.4.1-2ubuntu4) precise; urgency=low
++
++  * Our swap creation can trigger udev change events, which means udev may be
++    holding the device open at the time we try to call 'dmsetup rename' and
++    cause the /subsequent/ events to be missed because of dmsetup creating
++    device nodes by hand.  So call 'udevadm settle' before 'dmsetup rename',
++    to ensure blkid is out of the way first.  This should ensure swap
++    partitions are found by mountall in a non-racy manner.  LP: #874774.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 13 Apr 2012 20:23:21 -0700
++
++cryptsetup (2:1.4.1-2ubuntu3) precise; urgency=low
++
++  * Start cryptdisks-enable upstart job on 'or container', to let us
++    simplify the udevtrigger job.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 04 Apr 2012 17:02:00 -0700
++
++cryptsetup (2:1.4.1-2ubuntu2) precise; urgency=low
++
++  * Split up package in cryptsetup and cryptsetup-bin. (LP: #343363).
++  * Do not overwrite existing filesystems when creating swap (LP: #474258).
++  * Add aesni module when we have hardware encryption.
++
++ -- Jean-Louis Dupond <jean-louis@dupond.be>  Mon, 12 Mar 2012 10:14:30 +0100
++
++cryptsetup (2:1.4.1-2ubuntu1) precise; urgency=low
++
++  [ Jean-Louis Dupond ]
++  * Merge from debian unstable (LP: #776264), remaining changes:
++    - debian/cryptdisks.functions: Suppress "Starting init crypto disks" message
++      in "init" phase, to avoid writing over fsck progress text.
++    - debian/cryptroot-hook: Quiet warnings from find on arches that
++      don't have all the kernel/{arch,crypto} bits we're testing for.
++    - debian/control:
++      + Bump initramfs-tools Suggests to Depends: so system is not
++        potentially rendered unbootable.
++      + Depend on plymouth.
++    - Add debian/cryptdisks-{enable,udev}.upstart.
++    - debian/cryptdisks.functions:
++      + new function, crypttab_start_one_disk, to look for the named source
++        device in /etc/crypttab (by device name, UUID, or label) and start it
++        if configured to do so
++    - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
++      script a no-op, this should be handled entirely by the upstart job;
++      and fix the LSB header to not declare this should be started in
++      runlevel 'S'
++    - debian/rules:
++      + Do not install start symlinks for init scripts, and
++        install debian/cryptdisks-{enable,udev}.upstart scripts.
++
++  [ Steve Langasek ]
++  * debian/cryptdisks.functions: handle the case where crypttab contains a
++    name for the source device that is not the kernel's preferred name for
++    it (as is the case for LVs).
++
++ -- Jean-Louis Dupond <jean-louis@dupond.be>  Thu, 08 Mar 2012 07:32:40 +0100
++
  cryptsetup (2:1.4.1-2) unstable; urgency=low
    * acknowledge NMU. Thanks to Michael Biebl. (closes: #659182)
@@ -1592,6 +2317,56 @@ cryptsetup (2:1.2.0-1) experimental; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Sun, 16 Jan 2011 01:01:03 +0100
++cryptsetup (2:1.1.3-4ubuntu3) precise; urgency=low
++
++  [ Pali Rohar ]
++  * debian/cryptdisks.functions: Suppress "Starting init crypto disks" message
++    in "init" phase, to avoid writing over fsck progress text.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 26 Oct 2011 09:16:15 +0200
++
++cryptsetup (2:1.1.3-4ubuntu2) oneiric; urgency=low
++
++  * debian/cryptroot-hook: Quiet warnings from find on arches that
++    don't have all the kernel/{arch,crypto} bits we're testing for.
++
++ -- Adam Conrad <adconrad@ubuntu.com>  Sat, 01 Oct 2011 00:33:00 -0600
++
++cryptsetup (2:1.1.3-4ubuntu1) natty; urgency=low
++
++  * Merge from debian unstable (LP: #682177), remaining changes:
++    - debian/control:
++      + Bump initramfs-tools Suggests to Depends: so system is not
++        potentially rendered unbootable.
++      + Depend on plymouth.
++    - Add debian/cryptdisks-{enable,udev}.upstart.
++    - debian/cryptdisks.functions:
++      + new function, crypttab_start_one_disk, to look for the named source
++        device in /etc/crypttab (by device name, UUID, or label) and start it
++        if configured to do so
++      + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
++        we only ever have one of these running at a time; otherwise multiple
++        invocations could steal each other's input and/or write over each
++        other's output
++      + when called by cryptdisks-enable, check that we don't already have a
++        corresponding cryptdisks-udev job running (probably waiting for a
++        passphrase); if there is, wait until it's finished before continuing.
++    - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
++      script a no-op, this should be handled entirely by the upstart job;
++      and fix the LSB header to not declare this should be started in
++      runlevel 'S'
++    - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
++      upgrade.
++    - debian/rules:
++      + Do not install start symlinks for init scripts, and
++        install debian/cryptdisks-{enable,udev}.upstart scripts.
++      + link dynamically against libgcrypt and libgpg-error.
++    - Add debian/cryptsetup.apport: Apport package hook. Install in
++      debian/rules and create dir in debian/cryptsetup.dirs.
++    - debian/cryptsetup.postrm: call update-initramfs on package removal.
++
++ -- Lorenzo De Liso <blackz@ubuntu.com>  Sat, 27 Nov 2010 17:37:43 +0100
++
  cryptsetup (2:1.1.3-4) unstable; urgency=high
    * bump standards-version to 3.9.1, no changes required
@@ -1697,6 +2472,69 @@ cryptsetup (2:1.1.3-1) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Sat, 10 Jul 2010 14:32:40 +0200
++cryptsetup (2:1.1.2-1ubuntu1) maverick; urgency=low
++
++  * Merge from Debian unstable (LP: #594365).  Remaining changes:
++    - debian/control:
++      + Bump initramfs-tools Suggests to Depends: so system is not
++        potentially rendered unbootable.
++      + Depend on plymouth.
++    - Add debian/cryptdisks-{enable,udev}.upstart.
++    - debian/cryptdisks.functions:
++      + new function, crypttab_start_one_disk, to look for the named source
++        device in /etc/crypttab (by device name, UUID, or label) and start it
++        if configured to do so
++      + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
++        we only ever have one of these running at a time; otherwise multiple
++        invocations could steal each other's input and/or write over each
++        other's output
++      + initially create the device under a temporary name and rename it only
++        at the end using 'dmsetup rename', to ensure that upstart/mountall
++        doesn't see our device before it's ready to go.
++      + do_tmp should mount under /var/run/cryptsetup for changing the
++        permissions of the filesystem root, not directly on /tmp, since
++        mounting on /tmp a) is racy, b) confuses mountall something fierce.
++      + when called by cryptdisks-enable, check that we don't already have a
++        corresponding cryptdisks-udev job running (probably waiting for a
++        passphrase); if there is, wait until it's finished before continuing.
++    - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
++      script a no-op, this should be handled entirely by the upstart job;
++      and fix the LSB header to not declare this should be started in
++      runlevel 'S'
++    - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
++      upgrade.
++    - debian/rules: Do not install start symlinks for init scripts, and
++      install debian/cryptdisks-{enable,udev}.upstart scripts.
++    - Add debian/cryptsetup.apport: Apport package hook. Install in
++      debian/rules and create dir in debian/cryptsetup.dirs.
++    - debian/rules: link dynamically against libgcrypt and libgpg-error.
++    - debian/cryptsetup.postrm: call update-initramfs on package removal.
++  * Dropped changes, merged/superseded in Debian:
++    - Add ext4 support to passdev.
++    - cryptroot-hook: don't call copy_modules_dir with empty arguments when
++      archcrypto isn't found
++    - Set USPLASH=y and FRAMEBUFFER=y in the hook config to pull plymouth into
++      the initramfs.
++    - change interaction to use plymouth directly if present, and if not, to
++      fall back to /lib/cryptsetup/askpass as before
++    - cryptdisks.functions: replace 'echo -e' bashism with 'printf'.
++    - debian/initramfs/cryptroot-script: if plymouth is present in the
++      initramfs, use this directly, bypassing the cryptsetup askpass script
++    - debian/initramfs/cryptroot-hook: Properly anchor our regexps when
++      grepping /etc/crypttab so that we don't incorrectly match device names
++      that are substrings of one another.
++    - debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
++      file descriptor to subprocesses.
++    - Fix grammar error in debian/initramfs/cryptroot-script
++      ("setup" -> "set up")
++    - debian/initramfs/cryptroot-script: Fix this to work with current
++      initramfs-tools:
++      + Source /scripts/functions after checking for prerequisites.
++      + prereqs(): Do not assume we are running within initramfs, and
++        calculate relative path correctly.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 14 Jun 2010 21:47:28 -0700
++
  cryptsetup (2:1.1.2-1) unstable; urgency=low
    * new upstream release, changes include:
@@ -1814,6 +2652,171 @@ cryptsetup (2:1.1.0-1) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Mon, 08 Mar 2010 14:15:35 +0100
++cryptsetup (2:1.1.0~rc2-1ubuntu14) maverick; urgency=low
++
++  [ David Stansby ]
++  * Fix grammar error in debian/initramfs/cryptroot-script
++    ("setup" -> "set up") (LP: #578896)
++
++ -- James Westby <james.westby@ubuntu.com>  Mon, 17 May 2010 13:33:40 +0100
++
++cryptsetup (2:1.1.0~rc2-1ubuntu13) lucid; urgency=low
++
++  * debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
++    file descriptor to subprocesses.
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Mon, 29 Mar 2010 22:18:36 +0100
++
++cryptsetup (2:1.1.0~rc2-1ubuntu12) lucid; urgency=low
++
++  * debian/initramfs/cryptroot-hook: Properly anchor our regexps when
++    grepping /etc/crypttab so that we don't incorrectly match device names
++    that are substrings of one another.
++  * debian/cryptdisks-{enable,udev}.conf, debian/control: drop
++    'console output' and add a hard dependency on plymouth instead of
++    watershed, to avoid spitting extra messages to the console.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 18 Feb 2010 06:19:19 -0800
++
++cryptsetup (2:1.1.0~rc2-1ubuntu11) lucid; urgency=low
++
++  * Set FRAMEBUFFER=y in the file that we actually ship.
++  * debian/cryptsetup.postrm: call update-initramfs on package removal.
++    LP: #468228.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 25 Jan 2010 03:07:52 -0800
++
++cryptsetup (2:1.1.0~rc2-1ubuntu10) lucid; urgency=low
++
++  * cryptdisks.functions: replace 'echo -e' bashism with 'printf'.
++  * cryptdisks.functions: when called by cryptdisks-enable, check that we
++    don't already have a corresponding cryptdisks-udev job running (probably
++    waiting for a passphrase); if there is, wait until it's finished before
++    continuing.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 21 Jan 2010 14:57:21 +0000
++
++cryptsetup (2:1.1.0~rc2-1ubuntu9) lucid; urgency=low
++
++  * Set FRAMEBUFFER=y in the hook config as well, to pull plymouth into the
++    initramfs.
++  * cryptdisks.functions, debian/initramfs/cryptroot-script: fix the
++    invocation of plymouth, so that we actually get proper passphrase prompts
++    (once bug #496765 is fixed).
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Sat, 16 Jan 2010 02:32:41 -0800
++
++cryptsetup (2:1.1.0~rc2-1ubuntu8) lucid; urgency=low
++
++  * cryptdisks.functions: do_tmp should mount under /var/run/cryptsetup for
++    changing the permissions of the filesystem root, not directly on /tmp,
++    since mounting on /tmp a) is racy, b) confuses mountall something fierce.
++    LP: #475936.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 22 Dec 2009 20:24:28 +0000
++
++cryptsetup (2:1.1.0~rc2-1ubuntu7) lucid; urgency=low
++
++  * Depend on watershed.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 22 Dec 2009 01:37:36 +0000
++
++cryptsetup (2:1.1.0~rc2-1ubuntu6) lucid; urgency=low
++
++  [ Steve Langasek ]
++  * Fix the LSB header in the init scripts, now that we don't install to
++    rcS.d.
++
++  [ Martin Pitt ]
++  * debian/initramfs/cryptroot-script: Fix this to work with current
++    initramfs-tools:
++    - Source /scripts/functions after checking for prerequisites.
++    - prereqs(): Do not assume we are running within initramfs, and calculate
++      relative path correctly.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Fri, 18 Dec 2009 17:07:07 +0100
++
++cryptsetup (2:1.1.0~rc2-1ubuntu5) lucid; urgency=low
++
++  * Rename the upstart job introduced in the previous upload to
++    cryptdisks-udev and restore the previous version of the job as
++    cryptdisks-enable, to run at the end of udev coldplugging as before;
++    this isn't entirely race-free, but should nevertheless give us the
++    two passes needed to cover devices that are decrypted using keys stored
++    on other encrypted disks.  LP: #443980.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 16 Dec 2009 06:41:30 +0000
++
++cryptsetup (2:1.1.0~rc2-1ubuntu4) lucid; urgency=low
++
++  [ Steve Langasek ]
++  * debian/initramfs/cryptroot-script: if plymouth is present in the
++    initramfs, use this directly, bypassing the cryptsetup askpass script;
++    but keep support for these other frontends around on a transitional
++    basis.
++  * debian/cryptdisks.functions:
++    - change interaction to use plymouth directly if present, and if not, to
++      fall back to /lib/cryptsetup/askpass as before
++    - wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
++      we only ever have one of these running at a time; otherwise multiple
++      invocations could steal each other's input and/or write over each
++      other's output
++    - new function, crypttab_start_one_disk, to look for the named source
++      device in /etc/crypttab (by device name, UUID, or label) and start it
++      if configured to do so
++  * debian/cryptdisks-enable.upstart: run the upstart job once for each block
++    device, using the new crypttab_start_one_disk function, triggered by udev;
++    this doesn't eliminate the possibility of a race with gdm when the
++    decrypted volume isn't a 'bootwait' mount point (since gdm kills
++    plymouth), but it does eliminate the race between udev and cryptsetup.
++    LP: #454898.
++  * debian/cryptdisks-enable.upstart: check that the package is installed
++    and exit gracefully if it's not.  LP: #435814
++  * debian/cryptdisk.functions: initially create the device under a temporary
++    name and rename it only at the end using 'dmsetup rename', to ensure that
++    upstart/mountall doesn't see our device before it's ready to go.
++    LP: #475936.
++
++  [ Colin Watson ]
++  * Add ext4 support to passdev.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 15 Dec 2009 18:05:45 -0800
++
++cryptsetup (2:1.1.0~rc2-1ubuntu3) lucid; urgency=low
++
++  * cryptroot-hook: Use if [ -n … ] instead of if ! test -z ….
++
++ -- Loïc Minier <loic.minier@ubuntu.com>  Sat, 12 Dec 2009 11:32:52 +0100
++
++cryptsetup (2:1.1.0~rc2-1ubuntu2) lucid; urgency=low
++
++  * cryptroot-hook: dont call copy_modules_dir with empty arguments when
++    archcrypto isnt found (LP: #495161)
++
++ -- Oliver Grawert <ogra@ubuntu.com>  Fri, 11 Dec 2009 14:39:00 +0100
++
++cryptsetup (2:1.1.0~rc2-1ubuntu1) lucid; urgency=low
++
++  * Merge with Debian testing. Remaining Ubuntu changes:
++    - debian/rules: cryptsetup is linked dynamically against libgcrypt and
++      libgpg-error.
++    - Upstart migration:
++      + Add debian/cryptdisks-enable.upstart.
++      + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
++        script a no-op, this should be handled entirely by the upstart job.
++        (LP #473615)
++      + debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
++        upgrade.
++      + debian/rules: Do not install start symlinks for those two, and install
++        debian/cryptdisks-enable.upstart scripts.
++    - Add debian/cryptsetup.apport: Apport package hook. Install in
++      debian/rules, and create dir in debian/cryptsetup.dirs.
++    - Start usplash in initramfs, since we need it for fancy passphrase input:
++      + debian/initramfs/cryptroot-conf, debian/initramfs-conf.d: USPLASH=y
++      + debian/control: Bump initramfs-tools Suggests to Depends:.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 11 Nov 2009 15:04:27 +0100
++
  cryptsetup (2:1.1.0~rc2-1) unstable; urgency=low
    * new upstream release candidate (1.1.0-rc2), highlights include:
@@ -1987,6 +2990,80 @@ cryptsetup (2:1.0.7~rc1-1) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Sat, 04 Jul 2009 15:52:06 +0200
++cryptsetup (2:1.0.6+20090405.svn49-1ubuntu8) lucid; urgency=low
++
++  [ Steve Langasek ]
++  * Make the 'start' action of the init script a no-op, this should be
++    handled entirely by the upstart job now; and remove any symlinks from
++    /etc/rcS.d on upgrade.  LP: #473615.
++
++  [ Reinhard Tartler ]
++  * Add an apport hook
++  * import the blkid and un_blkid from debian, LP: #446517
++  * also use this script by default (setting in /etc/default/cryptdisks)
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 04 Nov 2009 12:06:47 +0000
++
++cryptsetup (2:1.0.6+20090405.svn49-1ubuntu7) karmic; urgency=low
++
++  * Reupload previous version, siretart had left changes in bzr which
++    weren't documented in the changelog and caused FTBFS.
++
++ -- Scott James Remnant <scott@ubuntu.com>  Wed, 14 Oct 2009 13:57:59 +0100
++
++cryptsetup (2:1.0.6+20090405.svn49-1ubuntu6) karmic; urgency=low
++
++  [ Steve Langasek ]
++  * Move the Debian Vcs- fields aside.
++
++  [ Scott James Remnant ]
++  * debian/cryptdisks-enable.upstart: Don't overcompensate for my idiocy,
++    cryptsetup should not need a controlling terminal, just a terminal
++    is fine.  May fix LP: #439138.
++
++ -- Scott James Remnant <scott@ubuntu.com>  Wed, 14 Oct 2009 04:52:16 +0100
++
++cryptsetup (2:1.0.6+20090405.svn49-1ubuntu4) karmic; urgency=low
++
++  * debian/cryptdisks-enable.upstart: Things that often help include
++    not setting stdin/out to /dev/null, so you can actually type the
++    passphrase.  I am an idiot.  LP: #430496.
++
++ -- Scott James Remnant <scott@ubuntu.com>  Thu, 17 Sep 2009 17:58:01 +0100
++
++cryptsetup (2:1.0.6+20090405.svn49-1ubuntu3) karmic; urgency=low
++
++  * debian/cryptdisks-enable.upstart: add upstart job to enable encrypted
++    disks once we've finished probing for udev devices, so that mountall
++    can use them.  LP: #430496.
++
++ -- Scott James Remnant <scott@ubuntu.com>  Thu, 17 Sep 2009 00:04:00 +0100
++
++cryptsetup (2:1.0.6+20090405.svn49-1ubuntu2) karmic; urgency=low
++
++  * debian/initramfs/cryptroot-conf: declare that we want usplash included
++    in the initramfs whenever this package is installed.  LP: #427356.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 15 Sep 2009 08:43:15 -0700
++
++cryptsetup (2:1.0.6+20090405.svn49-1ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - Ubuntu specific:
++      + debian/rules: link dynamically for better security supportability and
++        smaller packages.
++      + debian/control: Depend on initramfs-tools so system is not potentially
++        rendered unbootable.
++    - debian/initramfs/cryptroot-script wait for encrypted device to appear,
++      report with log_*_msg (debian bug 488271).
++    - debian/initramfs/cryptroot-hook: fix support for UUID and LABEL
++      correlation between fstab and crypttab (debian bug 522041).
++    - debian/askpass.c, debian/initramfs/cryptroot-script: using newline
++      escape in passphrase prompt to avoid line-wrapping (debian bug 528133).
++  * Drop 04_fix_udevsettle_call.patch: fixed upstream differently.
++
++ -- Kees Cook <kees@ubuntu.com>  Sun, 10 May 2009 17:29:32 -0700
++
  cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low
    * New upstream svn snapshot. Highlights include:
@@ -2028,6 +3105,67 @@ cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Mon, 06 Apr 2009 08:49:14 +0200
++cryptsetup (2:1.0.6-7ubuntu7) jaunty; urgency=low
++
++  * debian/control: Depend on initramfs-tools so system is not potentially
++    rendered unbootable (LP: #358654).
++
++ -- Kees Cook <kees@ubuntu.com>  Thu, 09 Apr 2009 12:29:31 -0700
++
++cryptsetup (2:1.0.6-7ubuntu6) jaunty; urgency=low
++
++  * debian/initramfs/cryptroot-script: we don't require vol_id to understand
++    the encrypted device, but we should check the device is fully up first
++    before continuing by calling udevadm settle.  LP: #291752.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Sat, 07 Mar 2009 21:39:14 -0800
++
++cryptsetup (2:1.0.6-7ubuntu5) jaunty; urgency=low
++
++  * debian/initramfs/cryptroot-hook: fix support for UUID and LABEL correlation
++    between fstab and crypttab (LP: #287879).
++
++ -- TJ <ubuntu@tjworld.net>  Mon, 16 Feb 2009 23:00:00 +0000
++
++cryptsetup (2:1.0.6-7ubuntu4) jaunty; urgency=low
++
++  * debian/askpass.c: also handle newline escape code in console prompt.
++
++ -- Kees Cook <kees@ubuntu.com>  Sun, 15 Feb 2009 08:57:05 -0800
++
++cryptsetup (2:1.0.6-7ubuntu3) jaunty; urgency=low
++
++  [ https://launchpad.net/~svenkata ]
++  * debian/checks/un_vol_id: dynamically build the "unknown volume type"
++    string, to allow for encrypted swap, LP: #316607
++
++ -- Dustin Kirkland <kirkland@ubuntu.com>  Thu, 12 Feb 2009 16:57:30 -0600
++
++cryptsetup (2:1.0.6-7ubuntu2) jaunty; urgency=low
++
++  * debian/askpass.c: handle newline escape code in password prompt.
++  * debian/initramfs/cryptroot-script: add newline to split cryptroot
++    password prompt onto two lines for readability (LP: #326900).
++
++ -- Kees Cook <kees@ubuntu.com>  Sun, 08 Feb 2009 07:26:01 -0800
++
++cryptsetup (2:1.0.6-7ubuntu1) jaunty; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/initramfs/cryptroot-script:
++      - must source /scripts/functions to get the log_*_msg() functions.
++      - wait for encrypted device to show up (LP 164044, 291752).
++      - disable error message 'failed to setup lvm device' (LP 151532).
++    - debian/rules:
++      - fix location of ltmain.sh (Ubuntu-specific until libtool 2.2.x is
++        in Debian unstable).
++      - link dynamically (LP 62751).
++    - add 04_fix_udevsettle_call.patch: fix path to binary for udevsettle.
++  * Revert versioned build-depency on libdevmapper-dev, since Ubuntu's
++    version is higher now.
++
++ -- Kees Cook <kees@ubuntu.com>  Tue, 06 Jan 2009 13:00:16 -0800
++
  cryptsetup (2:1.0.6-7) unstable; urgency=medium
    * Add patches/01_gettext_package.patch: Remove -luks from GETTEXT_PACKAGE
@@ -2072,6 +3210,38 @@ cryptsetup (2:1.0.6-7) unstable; urgency=medium
   -- Jonas Meurer <mejo@debian.org>  Wed, 17 Dec 2008 21:25:45 +0100
++cryptsetup (2:1.0.6-6ubuntu2.1) intrepid-proposed; urgency=low
++
++  * debian/initramfs/cryptroot-script: do not require that vol_id
++    can parse the encrypted device as valid (LP: #291752).
++
++ -- Kees Cook <kees@ubuntu.com>  Fri, 31 Oct 2008 13:10:06 -0700
++
++cryptsetup (2:1.0.6-6ubuntu2) intrepid; urgency=low
++
++  * Fixes for (LP: #272301)
++  * debian/initramfs/cryptroot-script: must source /scripts/functions to get
++    the log_*_msg() functions
++  * 04_fix_udevsettle_call.patch: fix path to binary for udevsettle
++
++ -- Dustin Kirkland <kirkland@ubuntu.com>  Fri, 19 Sep 2008 18:03:28 -0500
++
++cryptsetup (2:1.0.6-6ubuntu1) intrepid; urgency=low
++
++  * drop almost all ubuntu specific changes from the cryptsetup package,
++    because they have been merged in debian. Thanks a lot!
++  * merge from debian, remaining changes:
++    - remove versioned build-depency on libdevmapper-dev, we are using a
++      rather sophisticated loop for making sure the root filesystem appears.
++  * debian/rules: fix location of ltmain.sh
++  * don't exit usplash anymore in the init script. LP: #110970, #139363
++  * Disable error message 'failed to setup lvm device'. It is harmless, and
++    caused by the fact that the udev rules provided by lvm2 are setting up
++    the lvm on their own. In debian the scripts here are responsible for this
++    but obviously fail in ubuntu. LP: #151532
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sat, 30 Aug 2008 17:52:16 +0200
++
  cryptsetup (2:1.0.6-6) unstable; urgency=high
    * Don't cat keyfile into pipe for do_noluks(). cryptsetup handles
@@ -2173,6 +3343,79 @@ cryptsetup (2:1.0.6-3) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Mon, 07 Jul 2008 00:30:07 +0200
++cryptsetup (2:1.0.6-2ubuntu7) intrepid; urgency=low
++
++  * reintroduce changes from 2:1.0.6-2ubuntu5 that have been accidentally
++    dropped in version 2:1.0.6-2ubuntu6.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Fri, 20 Jun 2008 15:15:54 +0200
++
++cryptsetup (2:1.0.6-2ubuntu6) intrepid; urgency=low
++
++  [ Kjell Braden ]
++  * load scripts/functions for log_{begin,end}_msg
++  * debian/initramfs/cryptroot-script: wait for the cryptsource, not the resulting mapped root device
++  * debian/initramfs/cryptroot-hook: copy binaries to the right directory
++
++  [ Reinhard Tartler ]
++  * remove versioned build-depency on libdevmapper-dev, we are using a
++    rather sophisticated loop for making sure the root filesystem appears.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Wed, 18 Jun 2008 00:26:43 +0200
++
++cryptsetup (2:1.0.6-2ubuntu5) intrepid; urgency=low
++
++  * Okay, I give up. include preprocessed manpages and adapt
++    debian/rules to easily produce those.
++    ATTENTION: on subsequent uploads, make sure that the manpages are
++    available and up-to-date.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sun, 15 Jun 2008 13:33:07 +0200
++
++cryptsetup (2:1.0.6-2ubuntu4) intrepid; urgency=low
++
++  * also use local dtd in debian/doc/variables.xml.in.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sun, 15 Jun 2008 12:55:42 +0200
++
++cryptsetup (2:1.0.6-2ubuntu3) intrepid; urgency=low
++
++  * try harder to fix FTBFS.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sun, 15 Jun 2008 11:42:54 +0200
++
++cryptsetup (2:1.0.6-2ubuntu2) intrepid; urgency=low
++
++  * build docbook documentation using local dtds instead of trying to
++    download them at buildtime. Fixes FTBFS.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sun, 15 Jun 2008 11:12:28 +0200
++
++cryptsetup (2:1.0.6-2ubuntu1) intrepid; urgency=low
++
++  * Merge new debian version. Remaining changes:
++    - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
++      bzr on launchpad.
++    - debian/rules: cryptsetup is linked dynamically against libgcrypt and
++      libgpg-error.
++    - cryptdisks.functions: stop usplash on user input. LP #62751
++    - Parse comments in lines not starting with '#', LP #185380
++    - If the encrypted source device hasn't shown up yet, give it a
++      little while to deal with removable devices. LP #164044
++  * Depend on race-free version of libdevmapper, thus making udevsettle
++    call from cryptsetup binary unnecessary. Dropping patch
++    debian/patches/06_run_udevsettle.patch
++  * remove patch from LP #73862, loading optimized modules has been solved
++    in debian in another way.
++  * cryptdisk.functions: remove spurious call to load_optimized_module.
++    LP: #239946
++  * bugfix: make regex work if keyfile has extended attributes. LP: #231339.
++  * remove patch in cryptdisks.functions for rexecing the script itself for
++    ensuring that a tty is always available. (See LP #58794.) According to
++    Scott, this is not necessary anymore.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sat, 14 Jun 2008 23:28:51 +0200
++
  cryptsetup (2:1.0.6-2) unstable; urgency=low
    [ Jonas Meurer ]
@@ -2198,6 +3441,54 @@ cryptsetup (2:1.0.6-2) unstable; urgency=low
   -- David Härdeman <david@hardeman.nu>  Mon, 26 May 2008 08:12:32 +0200
++cryptsetup (2:1.0.6-1ubuntu4) intrepid; urgency=low
++
++  [ Kjell Braden ]
++  * Fix configuration parsing (LP: #239808)
++
++  [ Reinhard Tartler ]
++  * cryptroot-script: use 'echo' instead of 'log_begin_msg' (LP: #237723)
++
++ -- Reinhard Tartler <siretart@tauware.de>  Fri, 13 Jun 2008 21:26:17 +0200
++
++cryptsetup (2:1.0.6-1ubuntu3) intrepid; urgency=low
++
++  * Parse comments in lines not starting with '#', LP: #185380
++  * in cryptroot hook, don't rely on 'udevadm settle' to wait long enough
++    for the cryptdevice to appear. Reimplement the busy waiting loop found
++    while waiting for the root file system. Patch based on work by Swâmi
++    Petaramesh. LP: #164044
++  * debian/crypdisks.functions: call 'env' with full path. LP: #178829.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Mon, 26 May 2008 22:12:32 +0200
++
++cryptsetup (2:1.0.6-1ubuntu2) intrepid; urgency=low
++
++  * Simplify the patch in debian/cryptdisks.functions that stops usplash
++    before asking for a passphrase.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Mon, 26 May 2008 20:18:14 +0200
++
++cryptsetup (2:1.0.6-1ubuntu1) intrepid; urgency=low
++
++  * Merge new debian version. Remaining changes:
++    - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
++    - stop usplash on user input. LP #62751
++    - debian/cryptdisks.functions: Always output and read from the console.
++      LP #58794.
++    - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
++      bzr on launchpad.
++    - debian/initramfs/cryptroot-hook: LP #73862
++      Added patch to install aes optimized cypher module
++    - try to load optimized cypher module in cryptsetup.functions as well,
++      because cryptroot-hook is only executed when we really have a
++      cryptoroot.
++  * other ubuntu changes have been merged into debian. Please report bugs
++    if you believe some patches have been dropped.
++  * removed 07_typos_fix.patch, has been reviewed and applied upstream.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sun, 25 May 2008 22:52:30 +0200
++
  cryptsetup (2:1.0.6-1) unstable; urgency=low
    [ Jonas Meurer ]
@@ -2329,6 +3620,138 @@ cryptsetup (2:1.0.6~pre1-1) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Thu, 06 Dec 2007 15:56:05 +0100
++cryptsetup (2:1.0.5-2ubuntu12) hardy; urgency=low
++
++  * added debian/patches/07_typos_fix.dpatch: fixed typos in man pages. (LP: #164181)
++
++ -- Bruno Barrera Yever <bbyever@gmail.com>  Mon, 07 Apr 2008 18:43:05 -0500
++
++cryptsetup (2:1.0.5-2ubuntu11) hardy; urgency=low
++
++  * debian/initramfs/cryptroot-script: Do show the disk name after all, since
++    some people use multiple encrypted partitions as LVM PVs. (LP: #201413)
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Sun, 06 Apr 2008 11:54:41 -0600
++
++cryptsetup (2:1.0.5-2ubuntu10) hardy; urgency=low
++
++  * debian/initramfs/cryptroot-script: Do not mention the name of the
++    encrypted device. It is just technobabble anyway (sda4_crypt), and there
++    is just one root partition ever, so it is not needed to tell apart
++    different partitions. From a security POV, someone who can change your
++    initramfs to boot a different root partition can just as well change the
++    strings, too. (LP: #201413)
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 02 Apr 2008 15:51:53 +0200
++
++cryptsetup (2:1.0.5-2ubuntu9) hardy; urgency=low
++
++  * debian/scripts/luksformat: Use 256 bit key size by default.
++    (LP: #78508)
++  * debian/patches/02_manpage.dpatch: Clarify default key sizes (128 for
++    luksFormat and 256 for create) in cryptsetup.8. (side-note in LP #78508)
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 27 Feb 2008 17:43:46 +0100
++
++cryptsetup (2:1.0.5-2ubuntu8) hardy; urgency=low
++
++  * Fix -x calls and access() call.
++
++ -- Scott James Remnant <scott@ubuntu.com>  Fri, 14 Dec 2007 16:54:53 +0000
++
++cryptsetup (2:1.0.5-2ubuntu7) hardy; urgency=low
++
++  * debian/initramfs/cryptroot-script: call udevadm instead of udevsettle
++  * debian/patches/06_call_udevsettle.dpatch: likewise
++
++ -- Scott James Remnant <scott@ubuntu.com>  Fri, 14 Dec 2007 16:11:36 +0000
++
++cryptsetup (2:1.0.5-2ubuntu6) hardy; urgency=low
++
++  * Make cryptsetup understand devices specified by UUID=... or LABEL=
++    in crypttab. (LP: #153597)
++
++ -- Andrea Colangelo <warp10@libero.it>  Mon, 29 Oct 2007 18:22:51 +0100
++
++cryptsetup (2:1.0.5-2ubuntu5) hardy; urgency=low
++
++  * reenable additional udevsettle calls in cryptroot hook from
++    https://launchpad.net/bugs/85640, LP: #132373.
++  * change maintainer to ubuntu-core-dev.
++  * use Vcs-Bzr instead of XSCB-Vcs-Bzr header in debian/control.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Thu, 08 Nov 2007 23:52:19 +0100
++
++cryptsetup (2:1.0.5-2ubuntu4) hardy; urgency=low
++
++  * reapply changes from version 2:1.0.5-2ubuntu2, got dropped with last
++    upload. Sorry, pitti.
++  * convert patch to lib/libdevmapper.c to a dpatch.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sun, 04 Nov 2007 21:42:43 +0100
++
++cryptsetup (2:1.0.5-2ubuntu3) hardy; urgency=low
++
++  * RELIABILY FIX: lib/libdevmapper.c: Ensure that pending device creation
++    events are being processed by calling /sbin/udevsettle. Patch based on
++    OpenSUSE bug #285478, LP: #132373.
++  * Based on the change above, the patch from LP #85640 is no longer needed.
++    dropping the relevant parts.
++  * Fix debian/rules to not fail to build if autom4te.cache is left behind
++    from a previous incomplete build.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Fri, 02 Nov 2007 20:53:31 +0100
++
++cryptsetup (2:1.0.5-2ubuntu2) gutsy; urgency=low
++
++  * debian/initramfs/cryptroot-script:
++    - If the supplied password worked, remove the prompt from usplash again,
++      so that the user has some visual feedback that everything is alright.
++      (LP: #151305)
++    - Do not show the UUID device node of the outer physical device. It is
++      scary ("/dev/disk/by-uuid/1234yadayada") and displaying it does not
++      improve security at all: If attackers can tamper with your initramfs,
++      they can also change the prompt, and if the UUID of the physical device
++      changes, then booting will not even get that far. Now it is a much more
++      friendly "Enter passphrase for sda5_crypt:" which is still technical,
++      but it's necessary to point out which device will be unlocked in case
++      there are several.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Thu, 11 Oct 2007 19:51:58 +0200
++
++cryptsetup (2:1.0.5-2ubuntu1) gutsy; urgency=low
++
++  * Merge new debian version. Remaining changes:
++    - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
++      This will break systems where /usr is a separate encrypted filesystem
++      but not have other bad consequences (in particular, systems with
++      encrypted root are still fine).  The upsides include better
++      security supportability and smaller packages.
++    - libcryptsetup.so et al removed from the binary packages.  They have
++      no stable ABI and are not suitable for use by other packages, and
++      were in violation of library policies etc.  They're not needed since
++      the cryptsetup executable statically contains the relevant parts of
++      libcryptsetup.
++    - cryptdisks.functions: remove #!/bin/bash as it isn't a script
++      by itself; it's only sourced by other scripts.  This gets rid
++      of the lintian warning `script-not-executable' for this file.
++    - stop usplash on user input. LP #62751
++    - Always output and read from the console. LP #58794.
++    - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
++      bzr on launchpad.
++    - Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate
++      libnsl linkage;
++    - debian/initramfs/cryptroot-hook: (LP: #73862)
++      Added patch to install aes optimized cypher module
++    - try to load optimized cypher module in cryptsetup.functions as well,
++      because cryptroot-hook is only executed when we really have a
++      cryptoroot.
++    - apply patch from pitti for allowing UUIDs in /etc/crypttab.
++      This allowes crypted PVs! LP: #144390.
++    - remove README.ubuntu, since it contains old and obsolete information.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Tue, 02 Oct 2007 21:31:28 +0200
++
  cryptsetup (2:1.0.5-2) unstable; urgency=low
    [ Jonas Meurer ]
@@ -2377,6 +3800,68 @@ cryptsetup (2:1.0.5-2) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Mon, 24 Sep 2007 15:42:06 +0200
++cryptsetup (2:1.0.5-1ubuntu5) UNRELEASED; urgency=low
++
++  * apply patch from pitti for allowing UUIDs in /etc/crypttab.
++    This allowes crypted PVs! LP: #144390.
++  * remove README.ubuntu, since it contains old and obsolete information.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Tue, 02 Oct 2007 19:59:24 +0200
++
++cryptsetup (2:1.0.5-1ubuntu4) gutsy; urgency=low
++
++  [ Stephan Hermann ]
++  * debian/initramfs/cryptroot-hook: (LP: #73862)
++    - Added patch to install aes optimized cypher module
++
++  [ Reinhard Tartler ]
++  * re-applying old patch to new package version
++  * try to load optimized cypher module in cryptsetup.functions as well,
++    because cryptroot-hook is only executed when we really have a
++    cryptoroot.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Thu, 27 Sep 2007 19:38:48 +0200
++
++cryptsetup (2:1.0.5-1ubuntu3) gutsy; urgency=low
++
++  * Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate
++    libnsl linkage; should finally produce a usable cryptsetup binary for
++    the udeb.
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Wed, 19 Sep 2007 15:28:52 +0100
++
++cryptsetup (2:1.0.5-1ubuntu2) gutsy; urgency=low
++
++  * Bump libgcrypt11 build-dependency to 1.2.4-2ubuntu1 and rebuild for
++    proper udeb dependencies.
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Wed, 19 Sep 2007 01:37:02 +0100
++
++cryptsetup (2:1.0.5-1ubuntu1) gutsy; urgency=low
++
++  * Merge new debian version. Remaining changes:
++    - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
++      This will break systems where /usr is a separate encrypted filesystem
++      but not have other bad consequences (in particular, systems with
++      encrypted root are still fine).  The upsides include better
++      security supportability and smaller packages.
++    - libcryptsetup.so et al removed from the binary packages.  They have
++      no stable ABI and are not suitable for use by other packages, and
++      were in violation of library policies etc.  They're not needed since
++      the cryptsetup executable statically contains the relevant parts of
++      libcryptsetup.
++    - cryptdisks.functions: remove #!/bin/bash as it isn't a script
++      by itself; it's only sourced by other scripts.  This gets rid
++      of the lintian warning `script-not-executable' for this file.
++    - stop usplash on user input. LP #62751
++    - Always output and read from the console. LP #58794.
++  * Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
++    bzr on launchpad.
++  * UVF exception request granted by Scott Kitterman and Chuck Short
++    LP: #138295
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sat, 08 Sep 2007 19:04:54 +0200
++
  cryptsetup (2:1.0.5-1) unstable; urgency=low
    [ Jonas Meurer ]
@@ -2397,6 +3882,66 @@ cryptsetup (2:1.0.5-1) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Fri, 27 Jul 2007 04:59:33 +0200
++cryptsetup (2:1.0.4+svn29-1ubuntu6) gutsy; urgency=low
++
++  * Add notes by Ilkka Tuohela in a new file debian/README.ubuntu
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sat, 08 Sep 2007 18:43:56 +0200
++
++cryptsetup (2:1.0.4+svn29-1ubuntu5) gutsy; urgency=low
++
++  * cryptsetup is linked dynamically against libgcrypt and libgpg-error.
++    This will break systems where /usr is a separate encrypted filesystem
++    but not have other bad consequences (in particular, systems with
++    encrypted root are still fine).  The upsides include better
++    security supportability and smaller packages.
++  * libcryptsetup.so et al removed from the binary packages.  They have
++    no stable ABI and are not suitable for use by other packages, and
++    were in violation of library policies etc.  They're not needed since
++    the cryptsetup executable statically contains the relevant parts of
++    libcryptsetup.
++  * cryptdisks.functions: remove #!/bin/bash as it isn't a script
++    by itself; it's only sourced by other scripts.  This gets rid
++    of the lintian warning `script-not-executable' for this file.
++
++ -- Ian Jackson <iwj@ubuntu.com>  Fri, 31 Aug 2007 12:05:33 +0100
++
++cryptsetup (2:1.0.4+svn29-1ubuntu4) gutsy; urgency=low
++
++  * s/$CRYPTCMD/cryptsetup/ in debian/cryptdisks.functions
++    (LP: #115617)
++
++ -- Reinhard Tartler <siretart@ubuntu.com>  Tue, 29 May 2007 17:04:05 +0200
++
++cryptsetup (2:1.0.4+svn29-1ubuntu3) gutsy; urgency=low
++
++  * make luksformat check if filesystem is already mounted to prevent a
++    strange error message. thanks to mvo for the patch (LP: #116633)
++  * remove file debian/initramfs-cryptroot-script from source. it is not
++    installed anywhere, and a leftover from the last merge.
++  * add missing hunk of cryptsetup.functions compared to debian package.
++  * reapply http://librarian.launchpad.net/7329604/bug85640.debdiff to
++    debian/initramfs/cryptroot-script, since stgraber's patch has been
++    lost in the last merge. (LP: #85640)
++
++ -- Reinhard Tartler <siretart@ubuntu.com>  Tue, 29 May 2007 15:02:57 +0200
++
++cryptsetup (2:1.0.4+svn29-1ubuntu2) gutsy; urgency=low
++
++  * modprobe dm-mod from cryptsetup.functions. (LP: #64625, #91405)
++
++ -- Reinhard Tartler <siretart@ubuntu.com>  Tue, 29 May 2007 13:31:39 +0200
++
++cryptsetup (2:1.0.4+svn29-1ubuntu1) gutsy; urgency=low
++
++  * Merge from Debian unstable. Remaining Ubuntu changes:
++    - stop usplash on user input. Ubuntu: #62751
++    - Always output and read from the console.  Ubuntu: #58794.
++    - Wait for Udev to be ready to avoid partition non-detection. (LP: #85640)
++  * Modify Maintainer value to match Debian-Maintainer-Field Spec
++
++ -- Andrea Veri <bluekuja@ubuntu.com>  Sun,  6 May 2007 22:33:25 +0200
++
  cryptsetup (2:1.0.4+svn29-1) unstable; urgency=low
    * New upstream svn snapshot with several bugfixes
@@ -2449,6 +3994,20 @@ cryptsetup (2:1.0.4+svn26-2) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Sat, 28 Apr 2007 20:45:50 +0200
++cryptsetup (2:1.0.4+svn26-1ubuntu2) feisty; urgency=low
++
++  * Wait for Udev to be ready to avoid partition non-detection. (LP: #85640)
++
++ -- Stéphane Graber <stgraber@ubuntu.com>  Thu,  14 Apr 2007 10:03:41 +0200
++
++cryptsetup (2:1.0.4+svn26-1ubuntu1) feisty; urgency=low
++
++  * merge debian changes. Remaining ubuntu changes:
++    - stop usplash on user input. Ubuntu: #62751
++    - Always output and read from the console.  Ubuntu: #58794.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sat,  3 Feb 2007 21:30:03 +0100
++
  cryptsetup (2:1.0.4+svn26-1) unstable; urgency=high
    [ Jonas Meurer ]
@@ -2498,6 +4057,28 @@ cryptsetup (2:1.0.4+svn16-1) unstable; urgency=medium
   -- Jonas Meurer <mejo@debian.org>  Tue, 28 Nov 2006 18:17:12 +0100
++cryptsetup (2:1.0.4-8ubuntu2) feisty; urgency=low
++
++  * fix and improve initramfs hook: terminate usplash if running, since
++    adequate secure text input is not possible with usplash ATM
++  * usplash support: Terminate usplash before asking a password.
++    Closes https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/62751
++
++ -- Reinhard Tartler <siretart@tauware.de>  Wed, 24 Jan 2007 22:43:28 +0100
++
++cryptsetup (2:1.0.4-8ubuntu1) feisty; urgency=low
++
++  * merge debian changes, remaining patches:
++    - Always output and read from the console.  Ubuntu: #58794.
++  * other changes have been merged or do noy apply anymore
++  * read password via usplash if available in initramfs for rootfs. based on a patch from
++    Swen Thümmler (Thanks for that!)  Ubuntu #62751
++  * read password from initscript via usplash if running. should fix the
++    rest of Ubuntu #62751. Only problem with that patch: It asks only once
++    for the password! improvements welcome!
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sun, 19 Nov 2006 20:04:19 +0100
++
  cryptsetup (2:1.0.4-8) unstable; urgency=high
    [ Jonas Meurer ]
@@ -2655,6 +4236,27 @@ cryptsetup (2:1.0.4~rc2-1) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Mon,  4 Sep 2006 03:55:35 +0200
++cryptsetup (2:1.0.3-3ubuntu3) edgy; urgency=low
++
++  * Always output and read from the console.  Ubuntu: #58794.
++
++ -- Scott James Remnant <scott@ubuntu.com>  Thu, 21 Sep 2006 03:05:18 +0100
++
++cryptsetup (2:1.0.3-3ubuntu2) edgy; urgency=low
++
++  * Load the dm-crypt module on startup.  Ubuntu: #53475.
++
++ -- Scott James Remnant <scott@ubuntu.com>  Wed, 23 Aug 2006 11:53:49 +0200
++
++cryptsetup (2:1.0.3-3ubuntu1) edgy; urgency=low
++
++  * Sync with Debian:
++    Remaining Ubuntu Changes
++    + debian/cryptdisks.functions:
++      - Tell usplash to quit if we ask for a passphrase
++
++ -- Sebastian Dröge <slomo@ubuntu.com>  Tue, 11 Jul 2006 20:03:27 +0200
++
  cryptsetup (2:1.0.3-3) unstable; urgency=low
    [ Jonas Meurer ]
@@ -3074,3 +4676,4 @@ cryptsetup-luks (0.992-1) unstable; urgency=low
    * "integrated LUKS" support (very messy hack)
   -- Michael Gebetsroither <michael.geb@gmx.at>  Thu, 10 Feb 2005 18:16:21 +0100
++
 diff --git a/debian/control b/debian/control
 index 3ea0be1..7d73f5f 100644
 --- a/debian/control
 +++ b/debian/control
@@ -1,7 +1,8 @@
  Source: cryptsetup
  Section: admin
  Priority: optional
--Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>
++Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
++XSBC-Original-Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>
  Uploaders: Jonas Meurer <jonas@freesources.org>,
             Guilhem Moulin <guilhem@debian.org>
  Rules-Requires-Root: no
@@ -76,11 +77,11 @@ Description: disk encryption support - command line tools
  Package: cryptsetup-initramfs
  Architecture: all
--Depends: busybox | busybox-static,
++Depends: busybox-initramfs,
           cryptsetup (>= ${source:Version}),
           initramfs-tools (>= 0.129) | linux-initramfs-tool,
           ${misc:Depends}
--Recommends: console-setup, kbd
++Recommends: console-setup, kbd, plymouth
  Breaks: cryptsetup (<< 2:2.0.3-1)
  Replaces: cryptsetup (<< 2:2.0.3-1)
  Description: disk encryption support - initramfs integration
 diff --git a/debian/cryptsetup-initramfs.install b/debian/cryptsetup-initramfs.install
 index 026ea37..6780893 100644
 --- a/debian/cryptsetup-initramfs.install
 +++ b/debian/cryptsetup-initramfs.install
@@ -5,5 +5,6 @@ debian/initramfs/hooks/*                            /usr/share/initramfs-tools/h
  debian/initramfs/scripts/local-block/cryptroot      /usr/share/initramfs-tools/scripts/local-block/
  debian/initramfs/scripts/local-bottom/cryptgnupg-sc /usr/share/initramfs-tools/scripts/local-bottom/
  debian/initramfs/scripts/local-bottom/cryptopensc   /usr/share/initramfs-tools/scripts/local-bottom/
++debian/initramfs/scripts/local-bottom/cryptroot     /usr/share/initramfs-tools/scripts/local-bottom/
  debian/initramfs/scripts/local-top/cryptopensc      /usr/share/initramfs-tools/scripts/local-top/
  debian/initramfs/scripts/local-top/cryptroot        /usr/share/initramfs-tools/scripts/local-top/
 diff --git a/debian/functions b/debian/functions
 index 3eaf1a4..3189939 100644
 --- a/debian/functions
 +++ b/debian/functions
@@ -9,6 +9,8 @@ else
      TABFILE="${TABFILE-/etc/crypttab}"
  fi
  export DM_DEFAULT_NAME_MANGLING_MODE=hex # for dmsetup(8)
++export CRYPTR_LOCAL_BLOCK="/run/cryptroot.local-block"
++export CRYPTR_CNT_FILE="/run/cryptroot.initrd.cnt"
  # Logging helpers. Send the argument list to plymouth(1), or fold it
  # and print it to the standard error.
@@ -587,6 +589,7 @@ _resolve_device() {
  #   Print the major:minor device ID(s) holding the file system currently
  #   mounted currenty mounted on $mountpoint.
  #   Return 0 on success, 1 on error (if $mountpoint is not a mountpoint).
++#   devno will be empty if the filesystem must be excluded.
  get_mnt_devno() {
      local wantmount="$1" devnos="" uuid dev IFS
      local spec mountpoint fstype _ DEV MAJ MIN
@@ -600,8 +603,15 @@ get_mnt_devno() {
              # take the last mountpoint if used several times (shadowed)
              unset -v devnos
              spec="$(printf '%b' "$spec")"
--            _resolve_device "$spec" || continue # _resolve_device() already warns on error
              fstype="$(printf '%b' "$fstype")"
++            if [ "$fstype" = "zfs" ]; then
++                # Ignore ZFS entries as they don't have a major/minor and won't
++                # be imported when local-top cryptroot script will ran.
++                # Returns success with empty devno
++                printf ''
++                return 0
++            fi
++            _resolve_device "$spec" || continue # _resolve_device() already warns on error
              if [ "$fstype" = "btrfs" ]; then
                  # btrfs can span over multiple devices
                  if uuid="$(_device_uuid "$DEV")"; then
 diff --git a/debian/initramfs/cryptroot-unlock b/debian/initramfs/cryptroot-unlock
 index d31b6f4..960e3a8 100644
 --- a/debian/initramfs/cryptroot-unlock
 +++ b/debian/initramfs/cryptroot-unlock
@@ -40,8 +40,14 @@ fi
  pgrep_exe() {
  	local exe pid
  	exe="$(readlink -f -- "$1" 2>/dev/null)" && [ -f "$exe" ] || return 0
--	ps -eo pid= | while read pid; do
--		[ "$(readlink -f "/proc/$pid/exe")" != "$exe" ] || printf '%d\n' "$pid"
++	ps | awk '{print $1, $5}' | while read LINE; do
++		set $LINE
++		local pid=$1
++		local cmd=$(readlink -f -- "$2")
++		if [ "$cmd" == "$exe" ]; then
++			echo $pid
++			break
++		fi
  	done
+ }
@@ -101,7 +107,7 @@ wait_for_prompt() {
  			break
  		fi
--		usleep 100000
++		sleep 0.1
  		timer=$(( $timer - 1 ))
  		if [ $timer -le 0 ]; then
  			echo "Error: Timeout reached while waiting for askpass." >&2
@@ -112,7 +118,7 @@ wait_for_prompt() {
  	# find the cryptsetup process with same $CRYPTTAB_NAME
  	local o v
  	for o in NAME TRIED OPTION_tries; do
--		if v="$(grep -z -m1 "^CRYPTTAB_$o=" "/proc/$pid/environ")"; then
++		if v="$(tr '\0' '\n' < "/proc/$pid/environ" | grep -m1 "^CRYPTTAB_$o=")"; then
  			eval "CRYPTTAB_$o"="\${v#CRYPTTAB_$o=}"
  		else
  			eval unset -v "CRYPTTAB_$o"
@@ -128,7 +134,7 @@ wait_for_prompt() {
  	fi
  	for pid in $(pgrep_exe "/sbin/cryptsetup"); do
--		if grep -Fxqz "CRYPTTAB_NAME=$CRYPTTAB_NAME" "/proc/$pid/environ"; then
++		if tr '\0' '\n' < "/proc/$pid/environ" | grep -Fxq "CRYPTTAB_NAME=$CRYPTTAB_NAME"; then
  			PID=$pid
  			BIRTH=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) || break
  			return 0
@@ -148,7 +154,7 @@ wait_for_prompt() {
  wait_for_answer() {
  	local timer=$(( 10 * $TIMEOUT )) b
  	while [ -d "/proc/$PID" ] && b=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) && [ $b -le $BIRTH ]; do
--		usleep 100000
++		sleep 0.1
  		timer=$(( $timer - 1 ))
  		if [ $timer -le 0 ]; then
  			echo "Error: Timeout reached while waiting for PID $PID." >&2
 diff --git a/debian/initramfs/hooks/cryptroot b/debian/initramfs/hooks/cryptroot
 index 7d88148..67dc6dd 100644
 --- a/debian/initramfs/hooks/cryptroot
 +++ b/debian/initramfs/hooks/cryptroot
@@ -179,16 +179,18 @@ generate_initrd_crypttab() {
+     {
          if devnos="$(get_mnt_devno /)"; then
--            usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos
++            if [ -n "$devnos" ]; then
++                usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos
++            fi
          else
              cryptsetup_message "WARNING: Couldn't determine root device"
          fi
--        if devnos="$(get_resume_devno)"; then
++        if devnos="$(get_resume_devno)" && [ -n "$devnos" ]; then
              usage=resume foreach_cryptdev crypttab_find_and_print_entry $devnos
          fi
--        if devnos="$(get_mnt_devno /usr)"; then
++        if devnos="$(get_mnt_devno /usr)" && [ -n "$devnos" ]; then
              usage="" foreach_cryptdev crypttab_find_and_print_entry $devnos
          fi
 diff --git a/debian/initramfs/scripts/local-block/cryptroot b/debian/initramfs/scripts/local-block/cryptroot
 index 8a9b4c0..8719fb6 100644
 --- a/debian/initramfs/scripts/local-block/cryptroot
 +++ b/debian/initramfs/scripts/local-block/cryptroot
@@ -15,6 +15,10 @@ prereqs)
  	;;
  esac
++[ -f /lib/cryptsetup/functions ] || return 0
++. /lib/cryptsetup/functions
++
  if [ -x /scripts/local-top/cryptroot ]; then
++	touch ${CRYPTR_LOCAL_BLOCK}
  	exec /scripts/local-top/cryptroot
  fi
 diff --git a/debian/initramfs/scripts/local-bottom/cryptroot b/debian/initramfs/scripts/local-bottom/cryptroot
 new file mode 100644
 index 0000000..4f44d38
 --- /dev/null
 +++ b/debian/initramfs/scripts/local-bottom/cryptroot
@@ -0,0 +1,23 @@
++#!/bin/sh
++set +x
++PREREQ=""
++
++prereqs()
++{
++	echo "$PREREQ"
++}
++
++case $1 in
++prereqs)
++	prereqs
++	exit 0
++	;;
++esac
++
++# If we reached this stage, we do have a rootfs mounted
++# so let's clean-up cryptroot setup mess...
++[ -f /lib/cryptsetup/functions ] || return 0
++. /lib/cryptsetup/functions
++
++rm -f ${CRYPTR_LOCAL_BLOCK}
++rm -f ${CRYPTR_CNT_FILE}
 diff --git a/debian/initramfs/scripts/local-top/cryptroot b/debian/initramfs/scripts/local-top/cryptroot
 index 4f36259..5a9ea60 100644
 --- a/debian/initramfs/scripts/local-top/cryptroot
 +++ b/debian/initramfs/scripts/local-top/cryptroot
@@ -31,8 +31,8 @@ esac
  # wait_for_source()
--#   Wait for encrypted $CRYPTTAB_SOURCE for up to 180s.  Set
--#   $CRYPTTAB_SOURCE to its normalized device name when it shows up;
++#   Wait for encrypted $CRYPTTAB_SOURCE . Set $CRYPTTAB_SOURCE
++#   to its normalized device name when it shows up;
  #   return 1 if timeout.
  wait_for_source() {
      wait_for_udev 10
@@ -42,17 +42,27 @@ wait_for_source() {
          return 0
      fi
--    # The lines below has been taken from
--    # /usr/share/initramfs-tools/scripts/local's local_device_setup(),
--    # as suggested per https://launchpad.net/bugs/164044
--
      # If the source device hasn't shown up yet, give it a little while
      # to allow for asynchronous device discovery (e.g. USB).
++    #
++    # We also need to take into account RAID or other devices that may
++    # only be available on local-block stage. So, wait 5 seconds upfront,
++    # in local-top; if that fails, end execution relying on local-block
++    # invocations. Allow $ROOTDELAY/3 invocations with 1s sleep times (with
++    # a minimum of 30 invocations), and if after that we still fail, then it's
++    # really time to give-up. Variable $initrd_cnt tracks the re-invocations.
++    #
++    # Part of the lines below has been taken from initramfs-tools
++    # scripts/local's local_device_setup(), as suggested per
++    # https://launchpad.net/bugs/164044 .
++
++    local slumber=1
++    if [ ! -f "${CRYPTR_LOCAL_BLOCK}" ]; then # we are running on local-top
++         slumber=5
++    fi
      cryptsetup_message "Waiting for encrypted source device $CRYPTTAB_SOURCE..."
--    # Default delay is 180s, cf. initramfs-tools(8)
--    local slumber="${ROOTDELAY:-180}"
      while [ $slumber -gt 0 ]; do
          sleep 1
@@ -75,7 +85,23 @@ wait_for_source() {
  #   Set up a crypttab(5) mapping defined by $CRYPTTAB_NAME,
  #   $CRYPTTAB_SOURCE, $CRYPTTAB_KEY, $CRYPTTAB_OPTIONS.
  setup_mapping() {
--    local dev
++    local dev initrd_cnt
++
++    # We control here the number of re-invocations of this script from
++    # local-block - the heuristic is $ROOTDELAY/3, with a minimum of 30.
++    # This number is somewhat dictated by mdadm, we want to run more times
++    # than that script, to allow decrypting volumes on top of arrays.
++
++    if [ -f "${CRYPTR_CNT_FILE}" ]; then
++	initrd_cnt=$(cat ${CRYPTR_CNT_FILE})
++    else
++	initrd_cnt=${ROOTDELAY:-90}
++	initrd_cnt=$((initrd_cnt/3))
++	if [ "${initrd_cnt}" -lt 30 ]; then
++		initrd_cnt=30
++	fi
++	echo ${initrd_cnt} > "${CRYPTR_CNT_FILE}"
++    fi
      # The same target can be specified multiple times
      # e.g. root and resume lvs-on-lvm-on-crypto
@@ -86,17 +112,23 @@ setup_mapping() {
      crypttab_parse_options --export --missing-path=fail || return 1
      if ! wait_for_source; then
--        # we've given up
--        if [ -n "$panic" ]; then
--            panic "ALERT! encrypted source device $CRYPTTAB_SOURCE does not exist, can't unlock $CRYPTTAB_NAME."
--        else
--            # let the user fix matters if they can
--            echo "	ALERT! encrypted source device $CRYPTTAB_SOURCE does not exist, can't unlock $CRYPTTAB_NAME."
--            echo "	Check cryptopts=source= bootarg: cat /proc/cmdline"
--            echo "	or missing modules, devices: cat /proc/modules; ls /dev"
--            panic "Dropping to a shell."
--        fi
--        return 1 # can't continue because environment is lost
++	if [ ${initrd_cnt} -le 0 ]; then
++		# we've given up
++		if [ -n "$panic" ]; then
++			panic "ALERT! encrypted source device $CRYPTTAB_SOURCE does not exist, can't unlock $CRYPTTAB_NAME."
++		else
++			# let the user fix matters if they can
++			echo "	ALERT! encrypted source device $CRYPTTAB_SOURCE does not exist, can't unlock $CRYPTTAB_NAME."
++			echo "	Check cryptopts=source= bootarg: cat /proc/cmdline"
++			echo "	or missing modules, devices: cat /proc/modules; ls /dev"
++			panic "Dropping to a shell."
++		fi
++		return 1 # can't continue because environment is lost
++	else
++		initrd_cnt=$((initrd_cnt - 1))
++		echo ${initrd_cnt} > "${CRYPTR_CNT_FILE}"
++		return 0 # allow some attempts on local-block stage
++	fi
      fi
      # our `cryptroot-unlock` script searches for cryptsetup processes
@@ -169,6 +201,10 @@ setup_mapping() {
      done
      cryptsetup_message "ERROR: $CRYPTTAB_NAME: maximum number of tries exceeded"
++
++    if [ -f "${CRYPTR_CNT_FILE}" ]; then
++	    echo 0 > "${CRYPTR_CNT_FILE}"
++    fi
      exit 1
+ }
 diff --git a/debian/patches/decrease_memlock_ulimit.patch b/debian/patches/decrease_memlock_ulimit.patch
 new file mode 100644
 index 0000000..be9b6ab
 --- /dev/null
 +++ b/debian/patches/decrease_memlock_ulimit.patch
@@ -0,0 +1,55 @@
++Description: Decrease memlock limit to mimic Xenial builder behavior.
++ This approach prevents cryptsetup to FTBFS, since the PPA builders were
++ upgraded to Bionic, which has a bigger memlock limit (but not enough).
++ With this quirk, cryptsetup won't mlock() its memory allocationss, hence
++ it behaves exactly as the Xenial builders. Meanwhile, we pursue the
++ proper fix (systemd patch to bump memlock to a higher limit on Bionic).
++Author: Guilherme G. Piccoli <gpiccoli@canonical.com>
++Bug-Ubuntu: https://bugs.launchpad.net/bugs/1891473
++Last-Update: 2020-09-09
++
++Index: cryptsetup-2.3.3/tests/compat-test
++===================================================================
++--- cryptsetup-2.3.3.orig/tests/compat-test
+++++ cryptsetup-2.3.3/tests/compat-test
++@@ -45,6 +45,10 @@ TEST_UUID="12345678-1234-1234-1234-12345
++ LOOPDEV=$(losetup -f 2>/dev/null)
++ [ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
++
+++# Circumvent test failure due to Bionic builder; we need to decrease
+++# the memlock limit here to mimic Xenial builder (see LP #1891473).
+++ulimit -l 0
+++
++ function remove_mapping()
++ {
++ 	[ -b /dev/mapper/$DEV_NAME3 ] && dmsetup remove --retry $DEV_NAME3 >/dev/null 2>&1
++Index: cryptsetup-2.3.3/tests/luks2-validation-test
++===================================================================
++--- cryptsetup-2.3.3.orig/tests/luks2-validation-test
+++++ cryptsetup-2.3.3/tests/luks2-validation-test
++@@ -21,6 +21,10 @@ FAILS=0
++
++ [ -z "$srcdir" ] && srcdir="."
++
+++# Circumvent test failure due to Bionic builder; we need to decrease
+++# the memlock limit here to mimic Xenial builder (see LP #1891473).
+++ulimit -l 0
+++
++ function remove_mapping()
++ {
++ 	rm -rf $IMG $TST_IMGS >/dev/null 2>&1
++Index: cryptsetup-2.3.3/tests/tcrypt-compat-test
++===================================================================
++--- cryptsetup-2.3.3.orig/tests/tcrypt-compat-test
+++++ cryptsetup-2.3.3/tests/tcrypt-compat-test
++@@ -13,6 +13,10 @@ PIM=1234
++
++ [ -z "$srcdir" ] && srcdir="."
++
+++# Circumvent test failure due to Bionic builder; we need to decrease
+++# the memlock limit here to mimic Xenial builder (see LP #1891473).
+++ulimit -l 0
+++
++ function remove_mapping()
++ {
++ 	[ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP
 diff --git a/debian/patches/series b/debian/patches/series
 new file mode 100644
 index 0000000..270d874
 --- /dev/null
 +++ b/debian/patches/series
@@ -0,0 +1 @@
++decrease_memlock_ulimit.patch

Ubuntucryptsetup package

Merge ~mwhudson/ubuntu/+source/cryptsetup:merge into ubuntu/+source/cryptsetup:debian/sid

Commit message

Description of the change

Unmerged commits

Preview Diff

Subscribers

Ubuntu
cryptsetup package