Bug#691517: marked as done (cryptsetup: reports insecure mode for key when it's a symlink to a file with proper permissions)

[Debian Bug Tracking System]

Your message dated Fri, 02 Nov 2012 11:17:33 +0000
with message-id <e1tuffl-0008bx...@franck.debian.org>
and subject line Bug#691517: fixed in cryptsetup 2:1.4.3-3
has caused the Debian Bug report #691517,
regarding cryptsetup: reports insecure mode for key when it's a symlink to a 
file with proper permissions
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
691517: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691517
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: cryptsetup
Version: 2:1.4.3-2
Severity: minor

I'm told:

$ sudo cryptdisks_start whatever_crypt
[....] Starting crypto disk...[....] whatever_crypt: INSECURE MODE FOR
/etc/keys/whatever, see /usr/share/doc/cr[warntup/README.Debian. ...
(warning).

... while /etc/keys/whatever is a symlink to a file that has 0600
permissions, and is owned by root:root.

This is a bit annoying, but does not prevent using this
encrypted volume.

--- End Message ---

--- Begin Message ---

Source: cryptsetup
Source-Version: 2:1.4.3-3

We believe that the bug you reported is fixed in the latest version of
cryptsetup, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 691...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonas Meurer <m...@debian.org> (supplier of updated cryptsetup package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 01 Nov 2012 15:34:09 +0100
Source: cryptsetup
Binary: cryptsetup cryptsetup-bin libcryptsetup4 libcryptsetup-dev 
cryptsetup-udeb libcryptsetup4-udeb
Architecture: source amd64
Version: 2:1.4.3-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Cryptsetup Team 
<pkg-cryptsetup-de...@lists.alioth.debian.org>
Changed-By: Jonas Meurer <m...@debian.org>
Description: 
 cryptsetup - disk encryption support - startup scripts
 cryptsetup-bin - disk encryption support - command line tools
 cryptsetup-udeb - disk encryption support - commandline tools (udeb) (udeb)
 libcryptsetup-dev - disk encryption support - development files
 libcryptsetup4 - disk encryption support - shared library
 libcryptsetup4-udeb - disk encryption support - shared library (udeb) (udeb)
Closes: 671037 684086 685762 688786 689722 690784 691517
Changes: 
 cryptsetup (2:1.4.3-3) unstable; urgency=medium
 .
   * add recommends for 'kbd, console-setup' to cryptsetup package. Both are
     necessary to support local keymap in initramfs. Thanks to Raphaël Hertzog
     for the bugreport. (closes: #689722)
   * move suggestion for 'initramfs-tools (>= 0.91) | linux-initramfs-tool,
     busybox' to recommends. Both are required for encrypted root fs.
   * remove suggestion for udev, most debian systems have it installed anyway.
   * mention option to use UUID=<luks_uuid> for source device in crypttab(5).
     Thanks to Felicitus for the bug report. (closes: #688786)
   * add a paragraph in README.initramfs: Describe, why renaming the target
     name is not supported for encrypted root devices. Thanks to Adam Lee for
     bugreport and proposed workaround for this limitation. (closes: #671037)
   * fix keyfile permission checks in cryptdisks init scripts to follow
     symlinks. Thanks to intrigeri for the bugreport. (closes: #691517)
   * fix owner group check for keyfile in cryptdisks init scripts to really
     check owner group.
   * update debconf translations:
     - brasilian portuguese, thanks to Adriano Rafael Gomes. (closes: #685762)
     - japanese, thanks to victory. (closes: #690784)
   * fix typo in manpages: s/passphase/passphrase. Thanks to Milan Broz for
     the bugreport. (closes: #684086)
Checksums-Sha1: 
 93575a06c93c548922e51d1f48a0873d4cb8ea0e 2539 cryptsetup_1.4.3-3.dsc
 89fbed733e369993c34a1d0900314f1d66361cc5 94764 cryptsetup_1.4.3-3.debian.tar.gz
 c763c4bcd8702c66c898b9c56366df8a0a678f3f 127596 cryptsetup_1.4.3-3_amd64.deb
 c403bcda1f4c44031b7930b53cb9ca2640aaf0c0 153274 
cryptsetup-bin_1.4.3-3_amd64.deb
 e0f6ed339d642104579140f0fbaf409e8eb0a11d 93916 libcryptsetup4_1.4.3-3_amd64.deb
 dab4a051b0238c3a091578e04b6b7bdcf9b6f5f7 52426 
libcryptsetup-dev_1.4.3-3_amd64.deb
 b0b1f7a2944054d49c1b8d165341d1f52f9b83dc 30628 
cryptsetup-udeb_1.4.3-3_amd64.udeb
 438bd28f2c5e6ebc8fa0efc77f32cddc6a1fe41a 42634 
libcryptsetup4-udeb_1.4.3-3_amd64.udeb
Checksums-Sha256: 
 a187b73c8e0868b2198ddca1d14d94e350905206ab288d67c6a9e0860ce4d26a 2539 
cryptsetup_1.4.3-3.dsc
 664d9670419c9895c95a1a1f76fc7e508dca78aa6ccec73a2262d50922b15ee4 94764 
cryptsetup_1.4.3-3.debian.tar.gz
 2c74aafaf13b7aa3e569b0d89d0c0e466af940f10b73c58e1386a6cc1a3655e1 127596 
cryptsetup_1.4.3-3_amd64.deb
 da3ca0e6d571824127c582d1eb8cd6c68b588ed867c4875e214e73d9f8357487 153274 
cryptsetup-bin_1.4.3-3_amd64.deb
 79df0924787253303dd9c3fe7bb863af8f6e52afdbee40dd1a9c43d652e58754 93916 
libcryptsetup4_1.4.3-3_amd64.deb
 94814deba27e329f5dee647cd16efbcda336e4262eeacedbcbd9c6bfab0bf95b 52426 
libcryptsetup-dev_1.4.3-3_amd64.deb
 1f919a69c433794c7ec99b3abb12b95c0929cc26a4f10385c70750b2a74d6cc3 30628 
cryptsetup-udeb_1.4.3-3_amd64.udeb
 2707f22ffa966f1f78748fcd9045cfa4b1acbda18104f067e965fab70ab9b8ac 42634 
libcryptsetup4-udeb_1.4.3-3_amd64.udeb
Files: 
 eee01b35ff4fa3f096098e36e701fb35 2539 admin optional cryptsetup_1.4.3-3.dsc
 d74acdbd31fcfab6cd4c9db483d6c72f 94764 admin optional 
cryptsetup_1.4.3-3.debian.tar.gz
 d14f6a69a1d31748c9993e4ce1ebeac8 127596 admin optional 
cryptsetup_1.4.3-3_amd64.deb
 252b26ca1b930ff9927a24b0bb92c453 153274 admin optional 
cryptsetup-bin_1.4.3-3_amd64.deb
 0114f968f66ead9d731bea3f49d00720 93916 libs optional 
libcryptsetup4_1.4.3-3_amd64.deb
 3565910234e675ef378de854599ebbdc 52426 libdevel optional 
libcryptsetup-dev_1.4.3-3_amd64.deb
 32e81d502aee4177fdcc1b7e7b6f89fa 30628 debian-installer optional 
cryptsetup-udeb_1.4.3-3_amd64.udeb
 82d4c78e917878ff2f054496f7cf93bd 42634 debian-installer optional 
libcryptsetup4-udeb_1.4.3-3_amd64.udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJQkoyNAAoJEFJi5/9JEEn+55AP/i23wtkeIKZgO3UhwG+4yV0O
BjzUD2Y2hsLyeE8WyaMVrLszlVeD1heuvK+W5Djk6OByZvKweHFIPMyBLSXYWGIl
xXTSXRGgnngq/fYVUDw3G5Q0Bn/eAHeOUd9NylYy98kBMR7EGZRzGijMhCTox3NA
D3VfnH41h+Nm6c8MEfK1uOHPeVwHlhSlfDeLzYyyV3t+T6MCC7D0PJeg14dkHU+2
0tQEl3m61Frt4BwP84GgRwvXZCz1I9s9GXjYH4U1c4BVavHeN7wvRhxbFTd5wSDZ
slpI3X8Ka2oSHaGR/bga3cPO6yeyJMn/q/8FnXaj7pzlb/Yt4WywiqXL5LzuDS5t
LWFN1RmLpOnOKEFOZaUbulxoVMB+yDjDzHYqT31R1SAvLTZ0D/liez+h2VjqWa+J
mRHcBV0Ph1PkMTpUKmv9YDCXag61zr1z02e7fTdCpcbqwyl99CHc78Oxl7ystJiz
Vkpt20WIwNRi+Y6BEliY+wr316Cbb07Ctw5Ml7Zbb6i6BJSILvHxwz4rLVkfGgrs
F2cSZ78YhriFEdff0F96a3k7GYrskGxDIPObbF2eWCkGepZZU0CARqgHrvW35XKw
kS/PzKpXY4koSPbXuDS5hYyHNdj0VUt0ozFsbdLmngf8uXoqakoJltXur46R80+w
KP7qjZ+b5WJrfRV5CQhB
=y0nU
-----END PGP SIGNATURE-----

--- End Message ---