libcryptsetup4-hmac-32bit-1.6.4-7.5>t  DH`pY_Q/=„,[;|5{’AaYןlgv !WSȅIOYo§`OMo0gM%^E- @zJۈ &l¤[Go22 D#^Wc@i żZ$v7hmtjGI5BINgܰR^k4w+_$H,nة v(;m"]p!?2q.]d7613e97494c3c20b0462818ecc9e7b03fbcf9a4^:Y_Q/=„>m{Kӥ6+$uU&⧿wU&#F Wxi{u=6uͬGY']-WƨO,II60!:*IQ@WLIkqy9AU_?#( e[{"we33b mk??6LYM Xo9hI,Tjk'P~<cGʁN ^"^lLA +]1r{JDG'\˒ TpF\Tk0>9Y?Yd" & C +PV]lt x |    HX(8;9;:;>X GXHXIX$XX(YX0\XD]XL^XbXcY*dYeYfYlYuYvYwYxYClibcryptsetup4-hmac-32bit1.6.47.5Checksums for libcryptsetup4This package contains HMAC checksums for integrity checking of libcryptsetup4, used for FIPS.Y_Fcloud117openSUSE Leap 42.3openSUSESUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+http://bugs.opensuse.orgSystem/Basehttp://code.google.com/p/cryptsetup/linuxx86_64/sbin/ldconfigAAY_FY_Ff211d51d9676c6d422096545589d78b9f211d51d9676c6d422096545589d78b9rootrootrootrootcryptsetup-1.6.4-7.5.src.rpmlibcryptsetup4-hmac-32bitlibcryptsetup4-hmac-32bit(x86-32)   /bin/shrpmlib(CompressedFileNames)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsLzma)3.0.4-14.0-14.4.6-14.11.2Y@S@S~@SW@RQB@QQNPDP@PqPpPaP@OO#O[@O O N2NGN@N@Nu@Mߒ@M@M@M] MF@ME@L@Lr@L4l@L,@L%LKK8@KKhKTM@JTĴJ1@JJJ_@JjJ@JJ@Ju@J@J[!J8J0IԨI@Ivcizek@suse.commeissner@suse.commeissner@suse.comdmueller@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgjengelh@inai.delnussel@suse.delnussel@suse.delnussel@suse.desbrabec@suse.czfcrozat@suse.comlnussel@suse.decfarrell@suse.comlnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.dejengelh@medozas.delnussel@suse.dejeffm@suse.comcoolo@suse.comjengelh@medozas.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.dejengelh@medozas.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.decoolo@novell.comcoolo@novell.comlnussel@suse.delnussel@suse.delnussel@suse.de- don't use a zero-filled empty key, because in FIPS, XTS mode key parts mustn't be equivalent (bsc#1031998) * add cryptsetup-use_nonequal_xts_key_parts.patch- libcryptsetup4-hmac split off contain the hmac for FIPS certification- version 1.6.4 - new tarball / signature location * Implement new erase (with alias luksErase) command. * Add internal "whirlpool_gcryptbug hash" for accessing flawed Whirlpool hash in gcrypt (requires gcrypt 1.6.1 or above). * Allow to use --disable-gcrypt-pbkdf2 during configuration to force use internal PBKDF2 code. * Require gcrypt 1.6.1 for imported implementation of PBKDF2 (PBKDF2 in gcrypt 1.6.0 is too slow). * Add --keep-key to cryptsetup-reencrypt. * By default verify new passphrase in luksChangeKey and luksAddKey commands (if input is from terminal). * Fix memory leak in Nettle crypto backend. * Support --tries option even for TCRYPT devices in cryptsetup. * Support --allow-discards option even for TCRYPT devices. (Note that this could destroy hidden volume and it is not suggested by original TrueCrypt security model.) * Link against -lrt for clock_gettime to fix undefined reference to clock_gettime error (introduced in 1.6.2). * Fix misleading error message when some algorithms are not available. * Count system time in PBKDF2 benchmark if kernel returns no self usage info. - enable fips mode - build against fipscheck library - generate hmac of libcryptsetup.so.4 for fips- remove dependency on gpg-offline (source_validator already checks for gpg integrity)- version 1.6.3 * Fix cryptsetup reencryption tool to work properly with devices using 4kB sectors. * Rewrite cipher benchmark loop which was unreliable on very fast machines. * Support activation of old TrueCrypt containers (requires kernel 3.13) * Other bugfixes.- cryptsetup 1.6.2 * Print error and fail if more device arguments are present for isLuks command. * Fix cipher specification string parsing (found by gcc -fsanitize=address option). * Try to map TCRYPT system encryption through partitions * Workaround for some recent changes in automake- cryptsetup 1.6.1 * Fix loop-AES keyfile parsing. * Fix passphrase pool overflow for too long TCRYPT passphrase. * Fix deactivation of device when failed underlying node disappeared. - There is a bug in the released tarball, due to HAVE_BYTESWAP_H and HAVE_ENDIAN_H not properly handled by the buildsystem. A patch with permanent solution was sent and accepted upstream and will appear in the next release, for now an spec file workaround is in place, remove in the next update.- Remove excessive dependencies of libcryptsetup-devel (it does not require any of these)- version 1.6.0 * Change LUKS default cipher to to use XTS encryption mode, aes-xts-plain64 (i.e. using AES128-XTS). * license change to GPL-2.0+ from GPL-1.0 * new unified command open and close. * direct support for TCRYPT (TrueCrypt and compatible tc-play) on-disk format * new benchmark command- version 1.5.1: * Added keyslot checker * Add crypt_keyslot_area() API call. * Optimize seek to keyfile-offset (Issue #135, thx to dreisner). * Fix luksHeaderBackup for very old v1.0 unaligned LUKS headers. * Allocate loop device late (only when real block device needed). * Rework underlying device/file access functions. * Create hash image if doesn't exist in veritysetup format. * Provide better error message if running as non-root user (device-mapper, loop).- split off hashalot and boot.crypto - move to /usr- Verify GPG signature.- Remove crypttab manpage, it is now provided by systemd.- version 1.5.0: * Add --device-size option for reencryption tool. * Switch to use unit suffix for --reduce-device-size option. * Remove open device debugging feature (no longer needed). * Introduce cryptsetup-reencrypt - experimental offline LUKS reencryption tool. * Fix luks-header-from-active script (do not use LUKS header on-disk, add UUID). * Add --test-passphrase option for luksOpen (check passphrase only). * Introduce veritysetup for dm-verity target management. * Both data and header device can now be a file. * Loop is automatically allocated in crypt_set_data_device(). * Require only up to last keyslot area for header device (ignore data offset). * Fix header backup and restore to work on files with large data offset. * Fix readonly activation if underlying device is readonly (1.4.0). * Fix keyslot removal (wipe keyslot) for device with 4k hw block (1.4.0). * Allow empty cipher (cipher_null) for testing. * Fix loop mapping on readonly file. * Relax --shared test, allow mapping even for overlapping segments. * Support shared flag for LUKS devices (dangerous). * Switch on retry on device remove for libdevmapper. * Allow "private" activation (skip some udev global rules) flag.- license update: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+ cryptsetup developers use a special exception to link against openSSL- boot.crypto: * update man page to mention systemd and wiki article * sanitize dm target names (bnc#716240)- boot.crypto: * prefer physdev from crypttab * fix non-plymouth use- new version 1.4.2 * Fix header check to support old (cryptsetup 1.0.0) header alignment. (1.4.0) * Add --keyfile-offset and --new-keyfile-offset parameters to API and CLI. * Add repair command and crypt_repair() for known LUKS metadata problems repair. * Allow to specify --align-payload only for luksFormat. * Unify password verification option. * Support password verification with quiet flag if possible. (1.2.0) * Fix retry if entered passphrases (with verify option) do not match. * Support UUID= format for device specification. * Add --master-key-file option to luksOpen (open using volume key). * Fix use of empty keyfile. * Fix error message for luksClose and detached LUKS header. * Allow --header for status command to get full info with detached header.- boot.crypto: * avoid warning about module 'kernel' (bnc#741468) * incorporate plymouth support- Update to new upstream release 1.4.1 * support for trim/discard * The on-disk LUKS header can now be detached (e.g. placed on separate device or in file) * Support key-slot option for luksOpen (use only explicit keyslot) * API: Removal of deprecated API from libcryptsetup (all functions using struct crypt_options)- on update convert noauto to nofail and turn on fsck (bnc#724113)- cryptsetup-boot: Rescan LVM volumes after opening crypto (bnc#722916).- add libtool as buildrequire to make the spec file more reliable- Remove redundant tags/sections from specfile- boot.crypto: * don't hard require boot.device-mapper in boot.crypto- new version 1.3.1: * Fix keyfile=- processing in create command (regression in 1.3.0). * Simplify device path status check (use /sys and do not scan /dev). * Do not ignore device size argument for create command (regression in 1.2.0). * Fix error paths in blockwise code and lseek_write call.- new version 1.3.0: * userspace crypto backends support * Cryptsetup now automatically allocates loopback device if device argument is file and not plain device. * luksChangeKey command * loopaesOpen command for loop-AES compatibility- boot.crypto: * also fix exit code in boot.crypto.functions (bnc#671822)- boot.crypto: * don't fail if loop module is not loaded * adapt to new crypsetup exit codes (bnc#667931)- new version 1.2.0 * Add selection of random/urandom number generator for luksFormat (option --use-random and --use-urandom). * Fix luksRemoveKey to not ask for remaining keyslot passphrase, only for removed one. * No longer support luksDelKey (replaced with luksKillSlot). * if you want to remove particular passphrase, use luksKeyRemove * if you want to remove particular keyslot, use luksKillSlot Note that in batch mode luksKillSlot allows removing of any keyslot without question, in normal mode requires passphrase or keyfile from other keyslot. * Default alignment for device (if not overridden by topology info) is now (multiple of) *1MiB*. This reflects trends in storage technologies and aligns to the same defaults for partitions and volume management. * Allow explicit UUID setting in luksFormat and allow change it later in luksUUID (--uuid parameter). * All commands using key file now allows limited read from keyfile using - -keyfile-size and --new-keyfile-size parameters (in bytes). This change also disallows overloading of --key-size parameter which is now exclusively used for key size specification (in bits.) * luksFormat using pre-generated master key now properly allows using key file (only passphrase was allowed prior to this update). * Add --dump-master-key option for luksDump to perform volume (master) key dump. Note that printed information allows accessing device without passphrase so it must be stored encrypted. This operation is useful for simple Key Escrow function (volume key and encryption parameters printed on paper on safe place). This operation requires passphrase or key file. * The reload command is no longer supported. (Use dmsetup reload instead if needed. There is no real use for this function except explicit data corruption:-) * Cryptsetup now properly checks if underlying device is in use and disallows *luksFormat*, luksOpen and create commands on open (e.g. already mapped or mounted) device. * Option --non-exclusive (already deprecated) is removed. Libcryptsetup API additions: * new functions * crypt_get_type() - explicit query to crypt device context type * crypt_resize() - new resize command using context * crypt_keyslot_max() - helper to get number of supported keyslots * crypt_get_active_device() - get active device info * crypt_set/get_rng_type() - random/urandom RNG setting * crypt_set_uuid() - explicit UUID change of existing device * crypt_get_device_name() - get underlying device name * Fix optional password callback handling. * Allow to activate by internally cached volume key immediately after crypt_format() without active slot (for temporary devices with on-disk metadata) * libcryptsetup is binary compatible with 1.1.x release and still supports legacy API calls * cryptsetup binary now uses only new API calls. * Static compilation of both library (--enable-static) and cryptsetup binary (--enable-static-cryptsetup) is now properly implemented by common libtool logic. Prior to this it produced miscompiled dynamic cryptsetup binary with statically linked libcryptsetup. The static binary is compiled as src/cryptsetup.static in parallel with dynamic build if requested.- boot.crypto: * drop cryptotab support- boot.crypto: * add a few tweaks for systemd (bnc#652767)- new version 1.1.3 * Fix device alignment ioctl calls parameters. (Device alignment code was not working properly on some architectures like ppc64.) * Fix activate_by_* API calls to handle NULL device name as documented. (To enable check of passphrase/keyfile using libcryptsetup without activating the device.) * Fix udev support for old libdevmapper with not compatible definition. * Added Polish translation file.- skip temporary mappings in early stage as chmod needs to be called on the mounted file systems (bnc#591704)- Use %_smp_mflags- new version 1.1.2 fixes keyfile regression introduced by 1.1.1 * Fix luksFormat/luksOpen reading passphrase from stdin and "-" keyfile. * Support --key-file/-d option for luksFormat. * Fix description of --key-file and add --verbose and --debug options to man page. * Add verbose log level and move unlocking message there. * Remove device even if underlying device disappeared (remove, luksClose). * Fix (deprecated) reload device command to accept new device argument.- new version 1.1.1 * Detects and use device-mapper udev support if available. * Supports device topology detection for data alignment. * Fix luksOpen reading of passphrase on stdin (if "-" keyfile specified). * Fix isLuks to initialise crypto backend (blkid instead is suggested anyway). * Properly initialise crypto backend in header backup/restore commands. * Do not verify unlocking passphrase in luksAddKey command. * Allow no hash specification in plain device constructor - user can provide volume key directly. * Try to use pkgconfig for device mapper library in configuration script. * Add some compatibility checks and disable LUKS suspend/resume if not supported. * Rearrange tests, "make check" now run all available test for package. * Avoid class C++ keyword in library header.- boot.crypto: * turn off splash only if needed to avoid flicker- boot.crypto: * restore splash screen state after initrd prompt (bnc#559053) * use highlighted prompt in initrd too * fix adding volumes with initrd option (bnc#558891)- boot.crypto: * document the stages of the boot process * show status message in boot.cypto-early * don't perform some checks if the device is skipped anyways * seed random number generator (bnc#575139)- cryptsetup 1.1.0: * IMPORTANT: the default compiled-in cipher parameters changed plain mode: aes-cbc-essiv:sha256 (default is backward incompatible!). LUKS mode: aes-cbc-essiv:sha256 (only key size increased) In both modes is now default key size 256bits. * Default compiled-in parameters are now configurable through configure options: - -with-plain-* / --with-luks1-* (see configure --help) * If you need backward compatible defaults for distribution use configure --with-plain-mode=cbc-plain --with-luks1-keybits=128 Default compiled-in modes are printed in "cryptsetup --help" output. * Change in iterations count (LUKS): The slot and key digest iteration minimum count is now 1000. The key digest iteration count is calculated from iteration time (approx 1/8 of req. time). For more info about above items see discussion here: http://tinyurl.com/yaug97y * New libcryptsetup API (documented in libcryptsetup.h). The old API (using crypt_options struct) is still available but will remain frozen and not used for new functions. Soname of library changed to libcryptsetup.so.1.0.0. (But only recompilation should be needed for old programs.) The new API provides much more flexible operation over LUKS device for applications, it is preferred that new applications will use libcryptsetup and not wrapper around cryptsetup binary. * New luksHeaderBackup and luksHeaderRestore commands. These commands allows binary backup of LUKS header. Please read man page about possible security issues with backup files. * New luksSuspend (freeze device and wipe key) and luksResume (with provided passphrase). luksSuspend wipe encryption key in kernel memory and set device to suspend (blocking all IO) state. This option can be used for situations when you need temporary wipe encryption key (like suspend to RAM etc.) Please read man page for more information. * New --master-key-file option for luksFormat and luksAddKey. User can now specify pre-generated master key in file, which allows regenerating LUKS header or add key with only master key knowledge. * Uses libgcrypt and enables all gcrypt hash algorithms for LUKS through -h luksFormat option. Please note that using different hash for LUKS header make device incompatible with old cryptsetup releases. * Introduces --debug parameter. Use when reporting bugs (just run cryptsetup with --debug and attach output to issue report.) Sensitive data are never printed to this log. * Moves command successful messages to verbose level. * Requires device-mapper library and libgcrypt to build. * Uses dm-uuid for all crypt devices, contains device type and name now. * Removes support for dangerous non-exclusive option (it is ignored now, LUKS device must be always opened exclusive) - boot.crypto: * don't use dirty prompt override hack anymore * wait for volume groups if resume volume is on lvm (bnc#556895) * dynamically determine whether the cryptomgr module is neeeded- add luks script in volumemanager stage too, this way some side effects are avoided (bnc#547612)- boot.crypto: * /lib/udev/vol_id no longer exists, use blkid instead * add space at end of password prompt in initrd * fix autodetetection of root on LVM on LUKS (bnc#528474)- boot.crypto: more changes as agreed with the Debian maintainer: * rename keyscript variable CRYPTTAB_DEVICE to CRYPTTAB_SOURCE * export list of options in CRYPTTAB_OPTIONS- replace patch that quits on EOF with upstream version- actually hash=plain can be used to get raw keyscript output so remove keyscript_raw again- boot.crypto: * don't use hashalot if keyfile is specified * to comply with Debian, keyscripts must only output the password. In order to allow keyscript to use different methods to retrieve a key, add a keyscript_rawkey option. - cryptsetup: * When reading no single byte for the key abort.- boot.crypto: * fix test for keyfile (bnc#540363)- boot.crypto: * 2.6.31 requires the cryptomgr module in the initrd (bnc#535013)- boot.crypto: * uppercase variables exported to keyscript in anticipation of Debian adopting the implementation- boot.crypto: * fix setting options without parameter * infinite retries in initrd * tries=0 means infinite tries * implement retries in the script to make it work with keyscripts and non-luks volumes * keyscript support (fate#302628) * remove the option to fsck the fs as it actually never worked * fix initrd option parsing- new cryptsetup version 1.0.7 * Allow removal of last slot in luksRemoveKey and luksKillSlot. * Reject unsupported --offset and --skip options for luksFormat and update man page. * Various man page fixes. * Set UUID in device-mapper for LUKS devices. * Retain readahead of underlying device. * Display device name when asking for password. * Check device size when loading LUKS header. Remove misleading error message later. * Add error hint if dm-crypt mapping failed. * Use better error messages if device doesn't exist or is already used by other mapping. * Fix make distcheck. * Check if all slots are full during luksAddKey. * Fix segfault in set_error. * Code cleanups, remove precompiled pot files, remove unnecessary files from po directory * Fix uninitialized return value variable in setup.c. * Code cleanups. (thanks to Ivan Stankovic) * Fix wrong output for remaining key at key deletion. * Allow deletion of key slot while other keys have the same key information. * Add missing AM_PROG_CC_C_O to configure.in * Remove duplicate sentence in man page. * Wipe start of device (possible fs signature) before LUKS-formatting. * Do not process configure.in in hidden directories. * Return more descriptive error in case of IO or header format error. * Use remapping to error target instead of calling udevsettle for temporary crypt device. * Check device mapper communication and warn user if device-mapper support missing in kernel. * Fix signal handler to properly close device. * write_lseek_blockwise: declare innerCount outside the if block. * add -Wall to the default CFLAGS. fix some signedness issues. * Error handling improvement. * Add non-exclusive override to interface definition. * Refactor key slot selection into keyslot_from_option.- boot.crypto: * set infinite timeout during 2nd stage (bnc#456004)- boot.crypto: * wait for device before calling luksOpen (bnc#521446)- fix link order- fix compile with glibc 2.10- boot.crypto: * resolve symlinks when searching for loop devices (bnc#490170) * add extra man page tags to avoid FIXME output of docbook * don't pipe password if there's only one device to open * update copyright information * fix spelling and actually stop in pre_stop_hook * introduce initrd option in crypttab (bnc#465711)- boot.crypto: * print dm name instead of physdev (bnc#456664) * make prompt work with infinite timeout (bnc#466405) * implement pre-stop hook (bnc#481870) * remove hardcoded loop device number limit (bnc#481872) * Warn if using a non-absolute path for physdev in crypttab - hashalot: compute hash of empty passphrase if not interactive (bnc#475135)- fix boot.crypto doesn't care on tries flag in crypttab (bnc#480741) - mkinitrd scripts now included in boot.crypto git/bin/sh1.6.4-7.51.6.4-7.5.libcryptsetup.so.4.5.0.hmac.libcryptsetup.so.4.hmac/usr/lib/-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/openSUSE:Leap:42.3/standard/2b1cda1bc327cb2f0052f7458c07b7c2-cryptsetupcpiolzma5x86_64-suse-linuxASCII text?p] crv(vX0D O4x8_MnbR`PE' :]jާP>Q?b d̢<0gk`#sbqP"&x]FGq|nT腤6,.