Your message dated Mon, 22 Jul 2019 00:17:08 +0000 with message-id <[email protected]> and subject line Bug#928893: fixed in libblockdev 2.20-7+deb10u1 has caused the Debian Bug report #928893, regarding gnome-disk-utility: disk content permanently lost when changing LUKS password to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 928893: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928893 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: gnome-disk-utility Version: 3.30.2-3 Severity: important Dear Maintainer, * What led up to the situation? Install system using normal full disk encryption LUKS+Ext4. After install open gnome-disk-utility and change encryption password. It gives some error dialog and now you are royally screwed. It deleted the only LUKS keyslot. Cannot add new keyslots because of that. All data will be lost after reboot. Here is output of luksdump: udo cryptsetup luksDump /dev/sda5 LUKS header information Version: 2 Epoch: 4 Metadata area: 16384 [bytes] Keyslots area: 16744448 [bytes] UUID: 3c16ad4c-294c-4547-bf3e-bb8864ba5ea3 Label: (no label) Subsystem: (no subsystem) Flags: (no flags) Data segments: 0: crypt offset: 16777216 [bytes] length: (whole device) cipher: aes-xts-plain64 sector: 512 [bytes] Keyslots: Tokens: Digests: 0: pbkdf2 Hash: sha256 Iterations: 59904 Salt: XX XX XX XX XX .... Digest: XX XX XX XX XX ... ---------------------------------------- I changed salt and digest. No Keyslots are present!!! I tried this 2 times in a row with new install, exactly same result. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.0.8-xanmod5 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE=ru_RU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gnome-disk-utility depends on: ii dconf-gsettings-backend [gsettings-backend] 0.30.1-2 ii libatk1.0-0 2.30.0-2 ii libc6 2.28-10 ii libcairo2 1.16.0-4 ii libcanberra-gtk3-0 0.30-7 ii libdvdread4 6.0.1-1 ii libgdk-pixbuf2.0-0 2.38.1+dfsg-1 ii libglib2.0-0 2.58.3-1 ii libgtk-3-0 3.24.5-1 ii liblzma5 5.2.4-1 ii libnotify4 0.7.7-4 ii libpango-1.0-0 1.42.4-6 ii libpangocairo-1.0-0 1.42.4-6 ii libpwquality1 1.4.0-3 ii libsecret-1-0 0.18.7-1 ii libsystemd0 241-3 ii libudisks2-0 2.8.1-4 ii udisks2 2.8.1-4 gnome-disk-utility recommends no packages. gnome-disk-utility suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: libblockdev Source-Version: 2.20-7+deb10u1 We believe that the bug you reported is fixed in the latest version of libblockdev, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Biebl <[email protected]> (supplier of updated libblockdev package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 20 Jul 2019 23:18:18 +0200 Source: libblockdev Architecture: source Version: 2.20-7+deb10u1 Distribution: buster Urgency: medium Maintainer: Utopia Maintenance Team <[email protected]> Changed-By: Michael Biebl <[email protected]> Closes: 928893 Changes: libblockdev (2.20-7+deb10u1) buster; urgency=medium . [ intrigeri ] * Use existing cryptsetup API for changing keyslot passphrase. Cherry-pick upstream fix to use existing cryptsetup API for atomically changing a keyslot passphrase, instead of deleting the old keyslot before adding the new one. This avoids data loss when attempting to change the passphrase of a LUKS2 device via udisks2, e.g. from GNOME Disks. Deleting a keyslot and then adding one is risky: if anything goes wrong before the new keyslot is successfully added, no usable keyslot is left and the device cannot be unlocked anymore. There's little chances this causes actual problems with LUKS1, but LUKS2 defaults to the memory-hard Argon2 key derivation algorithm, which is implemented in cryptsetup with the assumption that it runs as root with no MEMLOCK ulimit; this assumption is wrong when run by udisks2.service under LimitMEMLOCK=65536, which breaks adding the new keyslot, and makes us hit the problematic situation (user data loss) every time. With this change, changing a LUKS2 passphrase via udisks2 will still fail in some cases, until the MEMLOCK ulimit problem is solved in cryptsetup or workaround'ed in udisks2. But at least, if it fails, it will fail _atomically_ and the original passphrase will still work. (Closes: #928893) Checksums-Sha1: abcae3dc4fc1657fa12a39243c2e8878294ebb70 5272 libblockdev_2.20-7+deb10u1.dsc cc489f865e551e041eb56e5d533ed55981bec59f 12856 libblockdev_2.20-7+deb10u1.debian.tar.xz 0bbc390da128acef689302307e2734f38bdf5c13 9334 libblockdev_2.20-7+deb10u1_source.buildinfo Checksums-Sha256: 84dc2b491db463b76bb4988d6af60ab8d0c3cc2eca18d03f8eb39264d910eb58 5272 libblockdev_2.20-7+deb10u1.dsc 758afa7d6eff828ed8cce003b78f837a00627133fa454e12696db889066ee7df 12856 libblockdev_2.20-7+deb10u1.debian.tar.xz 9e7be20c1d325039555225b0734c3efcca578b1e9e6b126feb2b03280d911e06 9334 libblockdev_2.20-7+deb10u1_source.buildinfo Files: 942d745f73bd614a684c5040dab2bd8a 5272 libs optional libblockdev_2.20-7+deb10u1.dsc 94c00a865753f97ad80627168259efa1 12856 libs optional libblockdev_2.20-7+deb10u1.debian.tar.xz 5c0a7df91ebad04c347e9a28d3210fb0 9334 libs optional libblockdev_2.20-7+deb10u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAl0zq9gACgkQauHfDWCP ItySSw/+MZKAomTm/fOLcys04rEKeDzy8+UkyiALF0hCQyHfnk12Ov9HEQpWvnwQ dQ91VpKF8IdTLGCBXK0S3K2UOBJpA2JGv0qw5/8v+vrN0xAU4eimHNsPWl2ID+uP 5V1dpmOsmJIwx+aCGJEzQ3qnhgtd4sH9uC5zizU42Zox3UuUsBWTpc0Qv/C5N2xv HVac69FR2FIs5lmUwXaAZ94+hJYzAYb9G/W96+z8NzG/5Xc6N2hM9bAIPyFJ0TXx fAYiWNWzKIMo4OSK0lwieXTberKDfRVA517MFGJ347fmORie/Qoic14hucQ/yJpU VRnjTd5F+LgPBgHjq7BctKXcF9ZeZNgz7Q4F9ChhOGe7TclaIG3Br3B1xo9IW/eU gCmvGEj9rKO3XrBL02xedBFDz2SxCqQRZdPpAt5HFN1xeaB6cHdJcZMAiDz4mFdR B247lQCmvEYt7gxvOteIH5sFetCfYgtAKwOwr8rs1CNGHDJM0CiGGUjtEnSDtBF1 +900Oi7rPa/btZVelFtaof/7sJW/J92XilNpe4W6EbztcMZ2yMG540A2eewHC8iq cNIOPho3nnTfBrKTZ2lEiVCNINWUnc3VhS0fNyh1Vr07qBSJO7W3BnZ7tHxDwEYV UpkiTni184L3bzzvvHz5R1nIpUdTOxsEnrdSMP34QrlhOOqTTJY= =p9vc -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Pkg-utopia-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers
