From 50f600cbe830193115c93016403cfe49eceadbff Mon Sep 17 00:00:00 2001
From: Milan Broz <mbroz@redhat.com>
Date: Jan 14 2013 11:05:48 +0000
Subject: Update to cryptsetup 1.6.0.

Change default LUKS encryption mode to aes-xts-plain64 (AES128).
Force use of gcrypt PBKDF2 instead of internal implementation.

---

diff --git a/.gitignore b/.gitignore
index a2baff5..9293609 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-/cryptsetup-1.6.0-rc1.tar.bz2
+/cryptsetup-1.6.0.tar.bz2
diff --git a/cryptsetup-1.6.0.tar.bz2.asc b/cryptsetup-1.6.0.tar.bz2.asc
new file mode 100644
index 0000000..f407487
--- /dev/null
+++ b/cryptsetup-1.6.0.tar.bz2.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (GNU/Linux)
+
+iQIcBAABCAAGBQJQ8+GfAAoJENmwV3vZPpj86rgQAJUxpurjIPPY5Ak33lI+luWy
+3B0wskGl5ir9ua8fpWARBSdh90V2/fipxbOwhdzuvhyC/+1NcQ27mrmO9B5nRm+s
+Gkrqja0pKOBOJzFqKLL4EwY+m01ys5qMfVtUd22+gav4Ym3uucRrt5GsE9gsn+ww
+ozqibImdijikMYgnxUht+UX/bsBTsDuXNGpp5UrEXImhouOIDr8kCyfbNbcUuZME
+vgN+5krPXQcdgMlianeYq26IqqCQqkFNEW5NtyAPPu5aTgB5W1zvPPaoV+f9ScqY
+8yR66GulXkaFb80DnlOHArKTOYAN3Jah3un0yzqlxpijBSisaaKFviUPzc6TKmtW
+JvXlDWtzpjD/9Tp6wWW8zKRXAoBZbPfa2zH9edyRrDMvWANO/Y71gk65jUktQtAg
+d4VzBzxyStXnTrOxM7eqcPPTxzAqYRMHyGb1dmWhicLf7VrkJNTK9b3YaY94egUV
+nmU+pOD0z6adZAnj3uJuKxlkStwE6JBxSoB+8QSYyK+4KtEo11//BFuRjj8rZqI9
+QnK2h6H1dJLu9k7TpBYrI9T0kkt5iykAD1P65fBwz0wenRPafC3NOz1dQnbuS/r8
+3ydqSmJzAazajqXCuNsceymOV9mo+nwDFhWk/WZxcTe6tZTAC3BTXdDABb4BA9sy
+hRri57LAD9cwzGieICn+
+=qYQN
+-----END PGP SIGNATURE-----
diff --git a/cryptsetup.spec b/cryptsetup.spec
index fb95be9..899a92c 100644
--- a/cryptsetup.spec
+++ b/cryptsetup.spec
@@ -1,7 +1,7 @@
 Summary: A utility for setting up encrypted disks
 Name: cryptsetup
 Version: 1.6.0
-Release: 0.1%{?dist}
+Release: 1%{?dist}
 License: GPLv2+ and LGPLv2+
 Group: Applications/System
 URL: http://cryptsetup.googlecode.com/
@@ -15,9 +15,15 @@ Requires: cryptsetup-libs = %{version}-%{release}
 Requires: fipscheck-lib%{_isa} >= 1.3.0
 Requires: libpwquality >= 1.2.0
 
-%define upstream_version %{version}-rc1
+%define upstream_version %{version}
 Source0: http://cryptsetup.googlecode.com/files/cryptsetup-%{upstream_version}.tar.bz2
 
+%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
+%define configure_cipher --enable-gcrypt-pbkdf2
+%else
+%define configure_cipher --with-luks1-cipher=aes --with-luks1-mode=cbc-essiv:sha256 --with-luks1-keybits=256
+%endif
+
 %description
 The cryptsetup package contains a utility for setting up
 disk encryption using dm-crypt kernel module.
@@ -41,6 +47,10 @@ Summary: Cryptsetup shared library
 Provides: cryptsetup-luks-libs = %{version}-%{release}
 Obsoletes: cryptsetup-luks-libs < 1.4.0
 Requires: fipscheck-lib%{_isa} >= 1.3.0
+# Need support for empty password in gcrypt PBKDF2
+%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
+Requires: libgcrypt >= 1.5.0-9
+%endif
 
 %description libs
 This package contains the cryptsetup shared library, libcryptsetup.
@@ -80,7 +90,7 @@ chmod -x python/pycryptsetup-test.py
 chmod -x misc/dracut_90reencrypt/*
 
 %build
-%configure --enable-python --enable-fips --enable-cryptsetup-reencrypt --enable-pwquality
+%configure --enable-python --enable-fips --enable-cryptsetup-reencrypt --enable-pwquality %{?configure_cipher}
 # remove rpath
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
 sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
@@ -140,11 +150,19 @@ install -d %{buildroot}/%{_libdir}/fipscheck
 %clean
 
 %changelog
+* Mon Jan 14 2013 Milan Broz <mbroz@redhat.com> - 1.6.0-1
+- Update to cryptsetup 1.6.0.
+- Change default LUKS encryption mode to aes-xts-plain64 (AES128).
+- Force use of gcrypt PBKDF2 instead of internal implementation.
+
 * Sat Dec 29 2012 Milan Broz <mbroz@redhat.com> - 1.6.0-0.1
 - Update to cryptsetup 1.6.0-rc1.
 - Relax license to GPLv2+ according to new release.
 - Compile cryptsetup with libpwquality support.
 
+* Tue Oct 16 2012 Milan Broz <mbroz@redhat.com> - 1.5.1-1
+- Update to cryptsetup 1.5.1.
+
 * Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
 
@@ -255,7 +273,7 @@ install -d %{buildroot}/%{_libdir}/fipscheck
 - Update to cryptsetup 1.1.0-rc1
 - Add luksHeaderBackup and luksHeaderRestore commands.
 
-* Thu Sep 11 2009 Milan Broz <mbroz@redhat.com> - 1.1.0-0.1
+* Fri Sep 11 2009 Milan Broz <mbroz@redhat.com> - 1.1.0-0.1
 - Update to new upstream testing version with new API interface.
 - Add luksSuspend and luksResume commands.
 - Introduce pkgconfig.
@@ -369,7 +387,7 @@ install -d %{buildroot}/%{_libdir}/fipscheck
 * Fri Apr  7 2006 Bill Nottingham <notting@redhat.com> 1.0.3-1
 - update to final 1.0.3
 
-* Wed Feb 27 2006 Bill Nottingham <notting@redhat.com> 1.0.3-0.rc2
+* Mon Feb 27 2006 Bill Nottingham <notting@redhat.com> 1.0.3-0.rc2
 - update to 1.0.3rc2, fixes bug with HAL & encrypted devices (#182658)
 
 * Wed Feb 22 2006 Bill Nottingham <notting@redhat.com> 1.0.3-0.rc1
diff --git a/sources b/sources
index 4ac625f..6f71446 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-4e3b6c1b488ce256162198708472492d  cryptsetup-1.6.0-rc1.tar.bz2
+99002ac59a65ea371e7a98200943cb80  cryptsetup-1.6.0.tar.bz2