6 files changed, 362 insertions, 31 deletions

diff --git a/debian/changelog b/debian/changelog
index 6be09d0..2eafd1c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,18 @@
+cryptsetup (2:2.7.2-1) unstable; urgency=medium
+
+  * New bugfix upstream release.
+    + Fix various issues with OPAL devices.
+  * Use OpenSSL's own argon2 implementation rather than libargon2.  This drops
+    libargon2 from (Build-)Depends and bumps the minimum required OpenSSL
+    version to 3.2.
+  * d/control: cryptsetup Depends: Bump minimum cryptsetup-bin version to
+    2:2.7.2-1 as the wrapper no longer contain workarounds for libargon2 and
+    libgcc_s.
+  * d/copyright: Update licensing information to reflect upstream's
+    relicensing of its FAQ and an older miscellaneous script.
+
+ -- Guilhem Moulin <guilhem@debian.org>  Tue, 09 Apr 2024 15:18:49 +0200
+
 cryptsetup (2:2.7.1-1~progress7.99u1) graograman-backports; urgency=medium
 
   * Uploading to graograman-updates, remaining changes:
diff --git a/debian/control b/debian/control
index 68c6fe6..40ecd0c 100644
--- a/debian/control
+++ b/debian/control
@@ -18,7 +18,6 @@ Build-Depends: asciidoctor <!nodoc>,
                docbook-xsl <!nodoc>,
                gettext,
                jq <!nocheck>,
-               libargon2-dev,
                libblkid-dev,
                libdevmapper-dev,
                libjson-c-dev,
@@ -26,7 +25,7 @@ Build-Depends: asciidoctor <!nodoc>,
                libselinux1-dev,
                libsepol-dev,
                libssh-dev,
-               libssl-dev,
+               libssl-dev (>> 3.2~),
                libtool,
                pkgconf,
                po-debconf,
@@ -44,7 +43,7 @@ XSBC-Original-Vcs-Git: https://salsa.debian.org/cryptsetup-team/cryptsetup.git -
 Package: cryptsetup
 Architecture: linux-any
 Multi-Arch: foreign
-Depends: cryptsetup-bin (>= 2:1.6.0),
+Depends: cryptsetup-bin (>= 2:2.7.2-1),
          dmsetup,
          keyutils,
          ${misc:Depends},
@@ -156,8 +155,7 @@ Architecture: linux-any
 Multi-Arch: same
 # XXX [#1025065] ideal we would have "Depends: libcryptsetup12
 # (= ${binary:Version}), ${misc:Depends}, ${pkgconf:Depends}"
-Depends: libargon2-dev,
-         libblkid-dev,
+Depends: libblkid-dev,
          libcryptsetup12 (= ${binary:Version}),
          libdevmapper-dev,
          libjson-c-dev,
diff --git a/debian/copyright b/debian/copyright
index 5e9553d..2334d87 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -138,6 +138,15 @@ License: public-domain
  No copyright is claimed.  This code is in the public domain; do with it
  what you wish.
 
+Files: misc/luks-header-from-active
+Copyright: © 2011-2024 Milan Broz <gmazyland@gmail.com>
+License: LGPL-2.1+
+
+Files: FAQ.md
+Copyright: © Arno Wagner <arno@wagner.name>
+           © Milan Broz <gmazyland@gmail.com>
+License: CC-BY-SA-4.0
+
 License: GPL-2+
  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@@ -278,3 +287,335 @@ License: Apache-2.0
  .
  On Debian systems, the complete text of the Apache version 2.0 license
  can be found in "/usr/share/common-licenses/Apache-2.0".
+
+License: CC-BY-SA-4.0
+ THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS
+ CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS
+ PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE
+ WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS
+ PROHIBITED.
+ .
+ BY EXERCISING THE LICENSED RIGHTS (DEFINED BELOW), YOU ACCEPT AND AGREE
+ TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS CREATIVE COMMONS
+ ATTRIBUTION-SHAREALIKE 4.0 INTERNATIONAL PUBLIC LICENSE ("PUBLIC
+ LICENSE"). TO THE EXTENT THIS PUBLIC LICENSE MAY BE INTERPRETED AS A
+ CONTRACT, YOU ARE GRANTED THE LICENSED RIGHTS IN CONSIDERATION OF YOUR
+ ACCEPTANCE OF THESE TERMS AND CONDITIONS, AND THE LICENSOR GRANTS YOU
+ SUCH RIGHTS IN CONSIDERATION OF BENEFITS THE LICENSOR RECEIVES FROM
+ MAKING THE LICENSED MATERIAL AVAILABLE UNDER THESE TERMS AND
+ CONDITIONS.
+ .
+ Section 1 — Definitions
+ .
+  a. "Adapted Material" means material subject to Copyright and Similar
+  Rights that is derived from or based upon the Licensed Material and in
+  which the Licensed Material is translated, altered, arranged,
+  transformed, or otherwise modified in a manner requiring permission
+  under the Copyright and Similar Rights held by the Licensor. For
+  purposes of this Public License, where the Licensed Material is a
+  musical work, performance, or sound recording, Adapted Material is
+  always produced where the Licensed Material is synched in timed
+  relation with a moving image.
+ .
+  b. "Adapter's License" means the license You apply to Your Copyright
+  and Similar Rights in Your contributions to Adapted Material in
+  accordance with the terms and conditions of this Public License.
+ .
+  c. "BY-SA Compatible License" means a license listed at
+  creativecommons.org/compatiblelicenses , approved by Creative Commons
+  as essentially the equivalent of this Public License.
+ .
+  d. "Copyright and Similar Rights" means copyright and/or similar
+  rights closely related to copyright including, without limitation,
+  performance, broadcast, sound recording, and Sui Generis Database
+  Rights, without regard to how the rights are labeled or categorized.
+  For purposes of this Public License, the rights specified in Section
+  2(b)(1)-(2) are not Copyright and Similar Rights.
+ .
+  e. "Effective Technological Measures" means those measures that, in
+  the absence of proper authority, may not be circumvented under laws
+  fulfilling obligations under Article 11 of the WIPO Copyright Treaty
+  adopted on December 20, 1996, and/or similar international agreements.
+ .
+  f. "Exceptions and Limitations" means fair use, fair dealing, and/or
+  any other exception or limitation to Copyright and Similar Rights that
+  applies to Your use of the Licensed Material.
+ .
+  g. "License Elements" means the license attributes listed in the name
+  of a Creative Commons Public License. The License Elements of this
+  Public License are Attribution and ShareAlike.
+ .
+  h. "Licensed Material" means the artistic or literary work, database,
+  or other material to which the Licensor applied this Public License.
+ .
+  i. "Licensed Rights" means the rights granted to You subject to the
+  terms and conditions of this Public License, which are limited to all
+  Copyright and Similar Rights that apply to Your use of the Licensed
+  Material and that the Licensor has authority to license.
+ .
+  j. "Licensor" means the individual(s) or entity(ies) granting rights
+  under this Public License.
+ .
+  k. "Share" means to provide material to the public by any means or
+  process that requires permission under the Licensed Rights, such as
+  reproduction, public display, public performance, distribution,
+  dissemination, communication, or importation, and to make material
+  available to the public including in ways that members of the public
+  may access the material from a place and at a time individually chosen
+  by them.
+ .
+  l. "Sui Generis Database Rights" means rights other than copyright
+  resulting from Directive 96/9/EC of the European Parliament and of the
+  Council of 11 March 1996 on the legal protection of databases, as
+  amended and/or succeeded, as well as other essentially equivalent
+  rights anywhere in the world.
+ .
+  m. "You" means the individual or entity exercising the Licensed Rights
+  under this Public License. "Your" has a corresponding meaning.
+ .
+ Section 2 — Scope.
+ .
+  a. License grant.
+ .
+   1. Subject to the terms and conditions of this Public License, the
+   Licensor hereby grants You a worldwide, royalty-free,
+   non-sublicensable, non-exclusive, irrevocable license to exercise the
+   Licensed Rights in the Licensed Material to:
+ .
+    A. reproduce and Share the Licensed Material, in whole or in part;
+    and
+ .
+    B. produce, reproduce, and Share Adapted Material.
+ .
+   2. Exceptions and Limitations. For the avoidance of doubt, where
+   Exceptions and Limitations apply to Your use, this Public License
+   does not apply, and You do not need to comply with its terms and
+   conditions.
+ .
+   3. Term. The term of this Public License is specified in Section 6(a).
+ .
+   4. Media and formats; technical modifications allowed. The Licensor
+   authorizes You to exercise the Licensed Rights in all media and
+   formats whether now known or hereafter created, and to make technical
+   modifications necessary to do so. The Licensor waives and/or agrees
+   not to assert any right or authority to forbid You from making
+   technical modifications necessary to exercise the Licensed Rights,
+   including technical modifications necessary to circumvent Effective
+   Technological Measures. For purposes of this Public License, simply
+   making modifications authorized by this Section 2(a)(4) never
+   produces Adapted Material.
+ .
+   5. Downstream recipients.
+ .
+    A. Offer from the Licensor – Licensed Material. Every recipient of
+    the Licensed Material automatically receives an offer from the
+    Licensor to exercise the Licensed Rights under the terms and
+    conditions of this Public License.
+ .
+    B. Additional offer from the Licensor – Adapted Material. Every
+    recipient of Adapted Material from You automatically receives an
+    offer from the Licensor to exercise the Licensed Rights in the
+    Adapted Material under the conditions of the Adapter’s License You
+    apply.
+ .
+    C. No downstream restrictions. You may not offer or impose any
+    additional or different terms or conditions on, or apply any
+    Effective Technological Measures to, the Licensed Material if doing
+    so restricts exercise of the Licensed Rights by any recipient of the
+    Licensed Material.
+ .
+    D. No endorsement. Nothing in this Public License constitutes or may
+    be construed as permission to assert or imply that You are, or that
+    Your use of the Licensed Material is, connected with, or sponsored,
+    endorsed, or granted official status by, the Licensor or others
+    designated to receive attribution as provided in Section
+    3(a)(1)(A)(i) .
+ .
+  b. Other rights.
+ .
+   1. Moral rights, such as the right of integrity, are not licensed
+   under this Public License, nor are publicity, privacy, and/or other
+   similar personality rights; however, to the extent possible, the
+   Licensor waives and/or agrees not to assert any such rights held by
+   the Licensor to the limited extent necessary to allow You to exercise
+   the Licensed Rights, but not otherwise.
+ .
+   2. Patent and trademark rights are not licensed under this Public
+   License.
+ .
+   3. To the extent possible, the Licensor waives any right to collect
+   royalties from You for the exercise of the Licensed Rights, whether
+   directly or through a collecting society under any voluntary or
+   waivable statutory or compulsory licensing scheme. In all other cases
+   the Licensor expressly reserves any right to collect such royalties.
+ .
+ Section 3 — License Conditions.
+ .
+ Your exercise of the Licensed Rights is expressly made subject to the
+ following conditions.
+ .
+  a. Attribution.
+ .
+   1. If You Share the Licensed Material (including in modified form),
+   You must:
+ .
+    A. retain the following if it is supplied by the Licensor with the
+    Licensed Material:
+ .
+     i. identification of the creator(s) of the Licensed Material and
+     any others designated to receive attribution, in any reasonable
+     manner requested by the Licensor (including by pseudonym if
+     designated);
+ .
+     ii. a copyright notice;
+ .
+     iii. a notice that refers to this Public License;
+ .
+     iv. a notice that refers to the disclaimer of warranties;
+ .
+     v. a URI or hyperlink to the Licensed Material to the extent
+     reasonably practicable;
+ .
+    B. indicate if You modified the Licensed Material and retain an
+    indication of any previous modifications; and
+ .
+    C. indicate the Licensed Material is licensed under this Public
+    License, and include the text of, or the URI or hyperlink to, this
+    Public License.
+ .
+   2. You may satisfy the conditions in Section 3(a)(1) in any
+   reasonable manner based on the medium, means, and context in which
+   You Share the Licensed Material. For example, it may be reasonable to
+   satisfy the conditions by providing a URI or hyperlink to a resource
+   that includes the required information.
+ .
+   3. If requested by the Licensor, You must remove any of the
+   information required by Section 3(a)(1)(A) to the extent reasonably
+   practicable.
+ .
+  b. ShareAlike.
+ .
+  In addition to the conditions in Section 3(a) , if You Share Adapted
+  Material You produce, the following conditions also apply.
+ .
+   1. The Adapter’s License You apply must be a Creative Commons license
+   with the same License Elements, this version or later, or a BY-SA
+   Compatible License.
+ .
+   2. You must include the text of, or the URI or hyperlink to, the
+   Adapter's License You apply. You may satisfy this condition in any
+   reasonable manner based on the medium, means, and context in which
+   You Share Adapted Material.
+ .
+   3. You may not offer or impose any additional or different terms or
+   conditions on, or apply any Effective Technological Measures to,
+   Adapted Material that restrict exercise of the rights granted under
+   the Adapter's License You apply.
+ .
+ Section 4 — Sui Generis Database Rights.
+ .
+ Where the Licensed Rights include Sui Generis Database Rights that
+ apply to Your use of the Licensed Material:
+ .
+  a. for the avoidance of doubt, Section 2(a)(1) grants You the right to
+  extract, reuse, reproduce, and Share all or a substantial portion of
+  the contents of the database;
+ .
+  b. if You include all or a substantial portion of the database
+  contents in a database in which You have Sui Generis Database Rights,
+  then the database in which You have Sui Generis Database Rights (but
+  not its individual contents) is Adapted Material, including for
+  purposes of Section 3(b) ; and
+ .
+  c. You must comply with the conditions in Section 3(a) if You Share
+  all or a substantial portion of the contents of the database.
+ .
+ For the avoidance of doubt, this Section 4 supplements and does not
+ replace Your obligations under this Public License where the Licensed
+ Rights include other Copyright and Similar Rights.
+ .
+ Section 5 — Disclaimer of Warranties and Limitation of Liability.
+ .
+  a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE
+  EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS AND
+  AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND
+  CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, IMPLIED, STATUTORY,
+  OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, WARRANTIES OF TITLE,
+  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT,
+  ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OR
+  ABSENCE OF ERRORS, WHETHER OR NOT KNOWN OR DISCOVERABLE. WHERE
+  DISCLAIMERS OF WARRANTIES ARE NOT ALLOWED IN FULL OR IN PART, THIS
+  DISCLAIMER MAY NOT APPLY TO YOU.
+ .
+  b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE TO
+  YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, NEGLIGENCE) OR
+  OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, INCIDENTAL,
+  CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, COSTS, EXPENSES,
+  OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR USE OF THE LICENSED
+  MATERIAL, EVEN IF THE LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF
+  SUCH LOSSES, COSTS, EXPENSES, OR DAMAGES. WHERE A LIMITATION OF
+  LIABILITY IS NOT ALLOWED IN FULL OR IN PART, THIS LIMITATION MAY NOT
+  APPLY TO YOU.
+ .
+  c. The disclaimer of warranties and limitation of liability provided
+  above shall be interpreted in a manner that, to the extent possible,
+  most closely approximates an absolute disclaimer and waiver of all
+  liability.
+ .
+ Section 6 — Term and Termination.
+ .
+  a. This Public License applies for the term of the Copyright and
+  Similar Rights licensed here. However, if You fail to comply with this
+  Public License, then Your rights under this Public License terminate
+  automatically.
+ .
+  b. Where Your right to use the Licensed Material has terminated under
+  Section 6(a), it reinstates:
+ .
+   1. automatically as of the date the violation is cured, provided it
+   is cured within 30 days of Your discovery of the violation; or
+ .
+   2. upon express reinstatement by the Licensor.
+ .
+   For the avoidance of doubt, this Section 6(b) does not affect any
+   right the Licensor may have to seek remedies for Your violations of
+   this Public License.
+ .
+  c. For the avoidance of doubt, the Licensor may also offer the
+  Licensed Material under separate terms or conditions or stop
+  distributing the Licensed Material at any time; however, doing so will
+  not terminate this Public License.
+ .
+  d. Sections 1 , 5 , 6 , 7 , and 8 survive termination of this Public License.
+ .
+ Section 7 — Other Terms and Conditions.
+ .
+  a. The Licensor shall not be bound by any additional or different
+  terms or conditions communicated by You unless expressly agreed.
+ .
+  b. Any arrangements, understandings, or agreements regarding the
+  Licensed Material not stated herein are separate from and independent
+  of the terms and conditions of this Public License.
+ .
+ Section 8 — Interpretation.
+ .
+  a. For the avoidance of doubt, this Public License does not, and shall
+  not be interpreted to, reduce, limit, restrict, or impose conditions
+  on any use of the Licensed Material that could lawfully be made
+  without permission under this Public License.
+ .
+  b. To the extent possible, if any provision of this Public License is
+  deemed unenforceable, it shall be automatically reformed to the
+  minimum extent necessary to make it enforceable. If the provision
+  cannot be reformed, it shall be severed from this Public License
+  without affecting the enforceability of the remaining terms and
+  conditions.
+ .
+  c. No term or condition of this Public License will be waived and no
+  failure to comply consented to unless expressly agreed to by the
+  Licensor.
+ .
+  d. Nothing in this Public License constitutes or may be interpreted as
+  a limitation upon, or waiver of, any privileges and immunities that
+  apply to the Licensor or You, including from the legal processes of
+  any jurisdiction or authority.
diff --git a/debian/initramfs/hooks/cryptroot b/debian/initramfs/hooks/cryptroot
index 83d29fd..dd5c798 100644
--- a/debian/initramfs/hooks/cryptroot
+++ b/debian/initramfs/hooks/cryptroot
@@ -313,27 +313,6 @@ copy_libssl_legacy_library() {
     fi
 }
 
-# See #1032221: newer libargon2 are built with glibc ≥2.34 hence no
-# longer links libpthread.  This in turns means that initramfs-tool's
-# copy_exec() is no longer able to detect pthread_*() need and thus
-# doesn't copy libgcc_s.so anymore.  So we need to do it manually
-# instead.
-copy_libgcc_argon2() {
-    local libdir rv=0
-    libdir="$(env --unset=LD_PRELOAD ldd /sbin/cryptsetup | sed -nr '/.*=>\s*(\S+)\/libargon2\.so\..*/ {s//\1/p;q}')"
-    copy_libgcc "$libdir" || rv=$?
-    if [ $rv -ne 0 ]; then
-        # merged-/usr mismatch, see #1032518
-        if [ "${libdir#/usr/}" != "$libdir" ]; then
-            libdir="${libdir#/usr}"
-        else
-            libdir="/usr/${libdir#/}"
-        fi
-        copy_libgcc "$libdir" && rv=0 || rv=$?
-    fi
-    return $rv
-}
-
 
 #######################################################################
 # Begin real processing
@@ -370,7 +349,6 @@ manual_add_modules dm_crypt
 
 copy_exec /sbin/cryptsetup
 copy_exec /sbin/dmsetup
-copy_libgcc_argon2
 
 [ "$ASKPASS" = n ] || copy_exec /lib/cryptsetup/askpass
 
diff --git a/debian/rules b/debian/rules
index 0398211..6c32fa1 100755
--- a/debian/rules
+++ b/debian/rules
@@ -25,7 +25,6 @@ endif
 override_dh_auto_configure:
 	dh_auto_configure -- $(CONFFLAGS) \
 		--with-tmpfilesdir=/usr/lib/tmpfiles.d \
-		--enable-libargon2 \
 		--enable-shared \
 		--enable-cryptsetup-reencrypt
 
diff --git a/debian/tests/crypto-backend b/debian/tests/crypto-backend
index 47dc5a8..f78efe9 100755
--- a/debian/tests/crypto-backend
+++ b/debian/tests/crypto-backend
@@ -42,7 +42,7 @@ sed -ri 's/^[^\[]*//' "$DEBUG"
 # " [cryptsetup libargon2]": bundled libargon2
 # " [external libargon2]": system libargon2
 # "][argon2]": crypto backend's own implementation
-if ! grep -qF " [external libargon2]" <"$DEBUG"; then
+if ! grep -qF "][argon2]" <"$DEBUG"; then
     echo "ERROR: Unexpected argon2 backend" >&2
     exit 1
 fi
@@ -55,8 +55,8 @@ fi
 
 assert_linked_argon2() {
     local path="$1"
-    if ! env --unset=LD_PRELOAD ldd "$path" | grep -qE '^\s*libargon2\.so(\.[0-9]+)*\s+=>\s'; then
-        echo "ERROR: $path does not link against libargon2" >&2
+    if env --unset=LD_PRELOAD ldd "$path" | grep -qE '^\s*libargon2\.so(\.[0-9]+)*\s+=>\s'; then
+        echo "ERROR: $path links against libargon2" >&2
         exit 1
     fi
     return 0