diff -pruN 2:2.4.3-1/debian/changelog 2:2.4.3-1ubuntu1/debian/changelog
--- 2:2.4.3-1/debian/changelog	2022-01-13 18:07:05.000000000 +0000
+++ 2:2.4.3-1ubuntu1/debian/changelog	2022-01-28 20:14:06.000000000 +0000
@@ -1,3 +1,23 @@
+cryptsetup (2:2.4.3-1ubuntu1) jammy; urgency=low
+
+  * Merge from Debian unstable (LP: #1959427). Remaining changes:
+    - debian/control:
+      + Recommend plymouth.
+      + Depend on busybox-initramfs instead of busybox | busybox-static.
+      + Move cryptsetup-initramfs back to cryptsetup's Recommends.
+      + Do not build cryptsetup-suspend binary package on i386.
+    - Fix cryptroot-unlock for busybox compatibility.
+    - Fix warning and error when running on ZFS on root: (LP: #1830110)
+      - d/functions: Return an empty devno for ZFS devices as they don't have
+        major:minor device numbers.
+      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message
+        when devices don't have a devno.
+    - debian/patches/decrease_memlock_ulimit.patch
+      Fixed FTBFS due to a restricted build environment
+    - Stop building the udeb on request.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 28 Jan 2022 12:14:06 -0800
+
 cryptsetup (2:2.4.3-1) unstable; urgency=high
 
   [ Guilhem Moulin ]
@@ -11,6 +31,64 @@ cryptsetup (2:2.4.3-1) unstable; urgency
 
  -- Guilhem Moulin <guilhem@debian.org>  Thu, 13 Jan 2022 19:07:05 +0100
 
+cryptsetup (2:2.4.2-1ubuntu4) jammy; urgency=medium
+
+  * Move cryptsetup-initramfs back to cryptsetup's Recommends (from Suggests).
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Thu, 09 Dec 2021 12:53:00 +1300
+
+cryptsetup (2:2.4.2-1ubuntu3) jammy; urgency=medium
+
+  * Fix build on i386.
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Tue, 07 Dec 2021 13:17:48 +1300
+
+cryptsetup (2:2.4.2-1ubuntu2) jammy; urgency=medium
+
+  * Do not build new cryptsetup-suspend binary package on i386.
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Tue, 07 Dec 2021 11:47:55 +1300
+
+cryptsetup (2:2.4.2-1ubuntu1) jammy; urgency=medium
+
+  * Merge from Debian unstable. Remaining changes:
+    - debian/control:
+      + Recommend plymouth.
+      + Depend on busybox-initramfs instead of busybox | busybox-static.
+    - Fix cryptroot-unlock for busybox compatibility.
+    - Fix warning and error when running on ZFS on root: (LP: #1830110)
+      - d/functions: Return an empty devno for ZFS devices as they don't have
+        major:minor device numbers.
+      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when
+        devices don't have a devno.
+      Submitted to debian upstream as bug #902449.
+    - debian/patches/decrease_memlock_ulimit.patch
+      Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473)
+      tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
+      - Thanks Guilherme G. Piccoli.
+    - Stop building the udeb on request.
+  * Dropped change, included in Debian:
+    - Introduce retry logic for external invocations after mdadm (LP: #1879980)
+      - Currently, if an encrypted rootfs is configured on top of a MD RAID1
+        array and such array gets degraded (e.g., a member is removed/failed)
+        the cryptsetup scripts cannot mount the rootfs, and the boot fails.
+        We fix that issue here by allowing the cryptroot script to be re-run
+        by initramfs-tools/local-block stage, as mdadm can activate degraded
+        arrays at that stage.
+        There is an initramfs-tools counter-part for this fix, but alone the
+        cryptsetup portion is harmless.
+      - d/cryptsetup-initramfs.install: ship the new local-bottom script.
+      - d/functions: declare variables for local-top|block|bottom scripts
+        (flag that local-block is running and external invocation counter.)
+      - d/i/s/local-block/cryptroot: set flag that local-block is running.
+      - d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
+      - d/i/s/local-top/cryptroot: change the logic from just waiting 180
+        seconds to waiting 5 seconds first, then allowing initramfs-tools
+        to run mdadm (to activate degraded arrays) and call back at least
+        30 times/seconds more.
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Thu, 02 Dec 2021 11:58:05 +1300
+
 cryptsetup (2:2.4.2-1) unstable; urgency=high
 
   * New upstream bugfix release 2.4.2.
@@ -128,6 +206,18 @@ cryptsetup (2:2.3.6-1+exp1) experimental
 
  -- Guilhem Moulin <guilhem@debian.org>  Fri, 28 May 2021 22:54:20 +0200
 
+cryptsetup (2:2.3.6-0ubuntu2) jammy; urgency=medium
+
+  * No-change rebuild against openssl3
+
+ -- Simon Chopin <simon.chopin@canonical.com>  Thu, 25 Nov 2021 14:22:07 +0200
+
+cryptsetup (2:2.3.6-0ubuntu1) impish; urgency=medium
+
+  * New upstream release.
+
+ -- Matthieu Clemenceau <matthieu.clemenceau@canonical.com>  Fri, 20 Aug 2021 11:32:12 +1200
+
 cryptsetup (2:2.3.5-1+exp1) experimental; urgency=medium
 
   * Upload to experimental.
@@ -200,6 +290,69 @@ cryptsetup (2:2.3.4-1+exp1) experimental
 
  -- Guilhem Moulin <guilhem@debian.org>  Fri, 04 Sep 2020 00:55:41 +0200
 
+cryptsetup (2:2.3.4-1ubuntu3) hirsute; urgency=medium
+
+  * Stop building the udeb on request.
+
+ -- Matthias Klose <doko@ubuntu.com>  Mon, 22 Feb 2021 12:10:36 +0100
+
+cryptsetup (2:2.3.4-1ubuntu2) hirsute; urgency=medium
+
+  * No-change rebuild to drop the udeb package.
+
+ -- Matthias Klose <doko@ubuntu.com>  Mon, 22 Feb 2021 10:30:38 +0100
+
+cryptsetup (2:2.3.4-1ubuntu1) hirsute; urgency=medium
+
+  * Merge with Debian unstable. Remaining changes:
+    - debian/control:
+      + Recommend plymouth.
+      + Depend on busybox-initramfs instead of busybox | busybox-static.
+    - Fix cryptroot-unlock for busybox compatibility.
+    - Fix warning and error when running on ZFS on root: (LP #1830110)
+      - d/functions: Return an empty devno for ZFS devices as they don't have
+        major:minor device numbers.
+      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when
+        devices don't have a devno.
+      Submitted to debian upstream as bug #902449.
+    - debian/patches/decrease_memlock_ulimit.patch
+      Fixed FTBFS due a restrict environment in the new Bionic Builder (LP #1891473)
+      tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
+      - Thanks Guilherme G. Piccoli.
+    - Introduce retry logic for external invocations after mdadm (LP #1879980)
+      - Currently, if an encrypted rootfs is configured on top of a MD RAID1
+        array and such array gets degraded (e.g., a member is removed/failed)
+        the cryptsetup scripts cannot mount the rootfs, and the boot fails.
+        We fix that issue here by allowing the cryptroot script to be re-run
+        by initramfs-tools/local-block stage, as mdadm can activate degraded
+        arrays at that stage.
+        There is an initramfs-tools counter-part for this fix, but alone the
+        cryptsetup portion is harmless.
+      - d/cryptsetup-initramfs.install: ship the new local-bottom script.
+      - d/functions: declare variables for local-top|block|bottom scripts
+        (flag that local-block is running and external invocation counter.)
+      - d/i/s/local-block/cryptroot: set flag that local-block is running.
+      - d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
+      - d/i/s/local-top/cryptroot: change the logic from just waiting 180
+        seconds to waiting 5 seconds first, then allowing initramfs-tools
+        to run mdadm (to activate degraded arrays) and call back at least
+        30 times/seconds more.
+  * Dropped changes:
+    - Included in new upstream version:
+      - SECURITY UPDATE: Out-of-bounds write
+        - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of
+          heap space in lib/luks2/luks2_json_metadata.c.
+        - CVE-2020-14382
+    - included in Debian:
+      - debian/cryptsetup-bin.install:
+        - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where
+          it was installed from ./scripts/crypsetup.conf.
+      - debian/rules:
+        - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even
+          without systemd knows how to ship cryptsetup.conf
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Tue, 10 Nov 2020 10:37:25 +1300
+
 cryptsetup (2:2.3.4-1) unstable; urgency=high
 
   * New upstream bugfix release, including fix for CVE-2020-14382:
@@ -267,6 +420,80 @@ cryptsetup (2:2.3.3-2) unstable; urgency
 
  -- Guilhem Moulin <guilhem@debian.org>  Wed, 12 Aug 2020 00:22:59 +0200
 
+cryptsetup (2:2.3.3-1ubuntu6) groovy; urgency=medium
+
+  * Introduce retry logic for external invocations after mdadm (LP: #1879980)
+    - Currently, if an encrypted rootfs is configured on top of a MD RAID1
+      array and such array gets degraded (e.g., a member is removed/failed)
+      the cryptsetup scripts cannot mount the rootfs, and the boot fails.
+      We fix that issue here by allowing the cryptroot script to be re-run
+      by initramfs-tools/local-block stage, as mdadm can activate degraded
+      arrays at that stage.
+      There is an initramfs-tools counter-part for this fix, but alone the
+      cryptsetup portion is harmless.
+    - d/cryptsetup-initramfs.install: ship the new local-bottom script.
+    - d/functions: declare variables for local-top|block|bottom scripts
+      (flag that local-block is running and external invocation counter.)
+    - d/i/s/local-block/cryptroot: set flag that local-block is running.
+    - d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
+    - d/i/s/local-top/cryptroot: change the logic from just waiting 180
+      seconds to waiting 5 seconds first, then allowing initramfs-tools
+      to run mdadm (to activate degraded arrays) and call back at least
+      30 times/seconds more.
+
+ -- Guilherme G. Piccoli <gpiccoli@canonical.com>  Wed, 16 Sep 2020 17:35:59 -0300
+
+cryptsetup (2:2.3.3-1ubuntu5) groovy; urgency=medium
+
+  * SECURITY UPDATE: Out-of-bounds write
+    - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of
+      heap space in lib/luks2/luks2_json_metadata.c.
+    - CVE-2020-14382
+  * debian/patches/decrease_memlock_ulimit.patch
+    Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473)
+    tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
+    - Thanks Guilherme G. Piccoli.
+
+ -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Wed, 09 Sep 2020 09:29:17 -0300
+
+cryptsetup (2:2.3.3-1ubuntu4) groovy; urgency=medium
+
+  * No change rebuild against new json-c ABI.
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 28 Jul 2020 17:42:50 +0100
+
+cryptsetup (2:2.3.3-1ubuntu3) groovy; urgency=medium
+
+  * debian/rules:
+    - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even
+      without systemd knows how to ship cryptsetup.conf
+
+ -- Didier Roche <didrocks@ubuntu.com>  Thu, 18 Jun 2020 11:44:50 +0200
+
+cryptsetup (2:2.3.3-1ubuntu2) groovy; urgency=medium
+
+  * debian/cryptsetup-bin.install:
+    - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where
+      it was installed from ./scripts/crypsetup.conf.
+  * Fix warning and error when running on ZFS on root: (LP: #1830110)
+    -  d/functions: Return an empty devno for ZFS devices as they don't have
+       major:minor device numbers.
+    - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when
+       devices don't have a devno.
+    Submitted to debian upstream as bug #902449.
+
+ -- Didier Roche <didrocks@ubuntu.com>  Thu, 18 Jun 2020 10:12:10 +0200
+
+cryptsetup (2:2.3.3-1ubuntu1) groovy; urgency=low
+
+  * Merge from Debian unstable.  Remaining changes:
+    - debian/control:
+      + Recommend plymouth.
+      + Depend on busybox-initramfs instead of busybox | busybox-static.
+    - Fix cryptroot-unlock for busybox compatibility.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 09 Jun 2020 10:40:32 -0700
+
 cryptsetup (2:2.3.3-1) unstable; urgency=medium
 
   [ Guilhem Moulin ]
@@ -295,6 +522,16 @@ cryptsetup (2:2.3.2-1) unstable; urgency
 
  -- Guilhem Moulin <guilhem@debian.org>  Wed, 06 May 2020 16:22:01 +0200
 
+cryptsetup (2:2.3.1-1ubuntu1) groovy; urgency=low
+
+  * Merge from Debian unstable.  Remaining changes:
+    - debian/control:
+      + Recommend plymouth.
+      + Depend on busybox-initramfs instead of busybox | busybox-static.
+    - Fix cryptroot-unlock for busybox compatibility.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 01 May 2020 07:07:58 -0700
+
 cryptsetup (2:2.3.1-1) unstable; urgency=medium
 
   * New upstream release.
@@ -330,6 +567,23 @@ cryptsetup (2:2.3.0-1) unstable; urgency
 
  -- Guilhem Moulin <guilhem@debian.org>  Wed, 04 Mar 2020 00:48:19 +0100
 
+cryptsetup (2:2.2.2-3ubuntu2) focal; urgency=medium
+
+  * Depend on cryptsetup from cryptsetup-initramfs instead of the dummy
+    cryptsetup-run package.  LP: #1864360.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 27 Feb 2020 00:16:14 -0600
+
+cryptsetup (2:2.2.2-3ubuntu1) focal; urgency=medium
+
+  * Merge from Debian unstable.  Remaining changes:
+    - debian/control:
+      + Recommend plymouth.
+      + Depend on busybox-initramfs instead of busybox | busybox-static.
+    - Fix cryptroot-unlock for busybox compatibility.
+
+ -- Matthias Klose <doko@ubuntu.com>  Mon, 10 Feb 2020 09:20:12 +0100
+
 cryptsetup (2:2.2.2-3) unstable; urgency=high
 
   * initramfs hook: Workaround fix for the libgcc_s's source location.
@@ -338,6 +592,16 @@ cryptsetup (2:2.2.2-3) unstable; urgency
 
  -- Guilhem Moulin <guilhem@debian.org>  Tue, 04 Feb 2020 14:11:12 +0100
 
+cryptsetup (2:2.2.2-2ubuntu1) focal; urgency=low
+
+  * Merge from Debian unstable.  Remaining changes:
+    - debian/control:
+      + Recommend plymouth.
+      + Depend on busybox-initramfs instead of busybox | busybox-static.
+    - Fix cryptroot-unlock for busybox compatibility.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Sat, 01 Feb 2020 22:11:22 -0800
+
 cryptsetup (2:2.2.2-2) unstable; urgency=medium
 
   [ Guilhem Moulin ]
@@ -355,6 +619,16 @@ cryptsetup (2:2.2.2-2) unstable; urgency
 
  -- Guilhem Moulin <guilhem@debian.org>  Sat, 18 Jan 2020 20:53:19 +0100
 
+cryptsetup (2:2.2.2-1ubuntu1) focal; urgency=low
+
+  * Merge from Debian unstable.  Remaining changes:
+    - debian/control:
+      + Recommend plymouth.
+      + Depend on busybox-initramfs instead of busybox | busybox-static.
+    - Fix cryptroot-unlock for busybox compatibility.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 11 Nov 2019 22:07:44 -0800
+
 cryptsetup (2:2.2.2-1) unstable; urgency=medium
 
   * New upstream bugfix release.
@@ -365,6 +639,16 @@ cryptsetup (2:2.2.2-1) unstable; urgency
 
  -- Guilhem Moulin <guilhem@debian.org>  Fri, 01 Nov 2019 19:32:36 +0100
 
+cryptsetup (2:2.2.1-1ubuntu1) focal; urgency=low
+
+  * Merge from Debian unstable.  Remaining changes:
+    - debian/control:
+      + Recommend plymouth.
+      + Depend on busybox-initramfs instead of busybox | busybox-static.
+    - Fix cryptroot-unlock for busybox compatibility.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 18 Oct 2019 15:14:29 -0700
+
 cryptsetup (2:2.2.1-1) unstable; urgency=medium
 
   * New upstream bugfix release.
@@ -372,6 +656,16 @@ cryptsetup (2:2.2.1-1) unstable; urgency
 
  -- Guilhem Moulin <guilhem@debian.org>  Fri, 06 Sep 2019 13:28:55 +0200
 
+cryptsetup (2:2.2.0-3ubuntu1) eoan; urgency=low
+
+  * Merge from Debian unstable.  Remaining changes:
+    - debian/control:
+      + Recommend plymouth.
+      + Depend on busybox-initramfs instead of busybox | busybox-static.
+    - Fix cryptroot-unlock for busybox compatibility.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 28 Aug 2019 16:13:22 -0700
+
 cryptsetup (2:2.2.0-3) unstable; urgency=medium
 
   * Cherry pick upstream commit 8f8f0b32: Fix mapped segments overflow on
@@ -379,6 +673,16 @@ cryptsetup (2:2.2.0-3) unstable; urgency
 
  -- Guilhem Moulin <guilhem@debian.org>  Mon, 26 Aug 2019 12:53:45 +0200
 
+cryptsetup (2:2.2.0-2ubuntu1) eoan; urgency=low
+
+  * Merge from Debian unstable.  Remaining changes:
+    - debian/control:
+      + Recommend plymouth.
+      + Depend on busybox-initramfs instead of busybox | busybox-static.
+    - Fix cryptroot-unlock for busybox compatibility.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Sun, 25 Aug 2019 12:25:55 -0700
+
 cryptsetup (2:2.2.0-2) unstable; urgency=medium
 
   * debian/control: Add 'Multi-Arch: foreign' tag to the transitional dummy
@@ -390,6 +694,25 @@ cryptsetup (2:2.2.0-2) unstable; urgency
 
  -- Guilhem Moulin <guilhem@debian.org>  Wed, 21 Aug 2019 22:45:12 +0200
 
+cryptsetup (2:2.2.0-1ubuntu2) eoan; urgency=medium
+
+  * debian/initramfs/cryptroot-unlock: canonicalize executable paths.
+    Thanks to Paride Legovini <paride.legovini@canonical.com> for the patch.
+    LP: #1840752.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 20 Aug 2019 15:34:10 -0700
+
+cryptsetup (2:2.2.0-1ubuntu1) eoan; urgency=low
+
+  * Merge from Debian unstable.  Remaining changes:
+    - debian/control:
+      + Recommend plymouth.
+      + Depend on busybox-initramfs instead of busybox | busybox-static.
+    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
+      compatibility.
+
+ -- Gianfranco Costamagna <locutusofborg@debian.org>  Tue, 20 Aug 2019 14:21:34 +0200
+
 cryptsetup (2:2.2.0-1) unstable; urgency=medium
 
   * New upstream release 2.2.0.  Highlights include:
@@ -467,6 +790,23 @@ cryptsetup (2:2.1.0-6) unstable; urgency
 
  -- Guilhem Moulin <guilhem@debian.org>  Sat, 20 Jul 2019 22:15:04 -0300
 
+cryptsetup (2:2.1.0-5ubuntu2) eoan; urgency=medium
+
+  * Rebuild against new libjson-c4.
+
+ -- Gianfranco Costamagna <locutusofborg@debian.org>  Sat, 29 Jun 2019 13:48:37 +0200
+
+cryptsetup (2:2.1.0-5ubuntu1) eoan; urgency=low
+
+  * Merge from Debian unstable.  Remaining changes:
+    - debian/control:
+      + Recommend plymouth.
+      + Depend on busybox-initramfs instead of busybox | busybox-static.
+    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
+      compatibility.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 14 Jun 2019 14:09:31 -0700
+
 cryptsetup (2:2.1.0-5) unstable; urgency=medium
 
   [ Jonas Meurer ]
@@ -479,6 +819,17 @@ cryptsetup (2:2.1.0-5) unstable; urgency
 
  -- Guilhem Moulin <guilhem@debian.org>  Mon, 10 Jun 2019 14:51:15 +0200
 
+cryptsetup (2:2.1.0-4ubuntu1) eoan; urgency=low
+
+  * Merge from Debian unstable.  Remaining changes:
+    - debian/control:
+      + Recommend plymouth.
+      + Depend on busybox-initramfs instead of busybox | busybox-static.
+    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
+      compatibility.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 28 May 2019 18:32:08 -0700
+
 cryptsetup (2:2.1.0-4) unstable; urgency=medium
 
   [Guilhem Moulin]
@@ -498,6 +849,26 @@ cryptsetup (2:2.1.0-4) unstable; urgency
 
  -- Guilhem Moulin <guilhem@debian.org>  Tue, 28 May 2019 17:04:16 +0200
 
+cryptsetup (2:2.1.0-3ubuntu2) eoan; urgency=medium
+
+  * Depend on busybox-initramfs, which is the implementation we actually use
+    for the initramfs and is guaranteed to always be present, instead of
+    busybox-static.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 09 May 2019 14:47:04 -0700
+
+cryptsetup (2:2.1.0-3ubuntu1) eoan; urgency=low
+
+  * Merge from Debian unstable.  Remaining changes:
+    - debian/control:
+      + Recommend plymouth.
+      + Invert the "busybox | busybox-static" Recommends, as the latter
+        is the one we ship in main as part of the ubuntu-standard task.
+    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
+      compatibility. LP: #1651818
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 03 May 2019 16:22:03 -0700
+
 cryptsetup (2:2.1.0-3) unstable; urgency=medium
 
   * d/scripts/decrypt_opensc: Fix standard output poisoning.  Thanks to Nils
@@ -521,6 +892,19 @@ cryptsetup (2:2.1.0-2) unstable; urgency
 
  -- Guilhem Moulin <guilhem@debian.org>  Thu, 28 Feb 2019 22:32:43 +0100
 
+cryptsetup (2:2.1.0-1ubuntu1) disco; urgency=medium
+
+  * Merge from Debian unstable. LP: #1815484
+  * Remaining changes:
+    - debian/control:
+      + Recommend plymouth.
+      + Invert the "busybox | busybox-static" Recommends, as the latter
+        is the one we ship in main as part of the ubuntu-standard task.
+    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
+      compatibility. LP: #1651818
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 13 Feb 2019 21:28:23 +0000
+
 cryptsetup (2:2.1.0-1) unstable; urgency=medium
 
   * New upstream release.  Highlights include:
@@ -563,6 +947,20 @@ cryptsetup (2:2.1.0-1) unstable; urgency
 
  -- Guilhem Moulin <guilhem@debian.org>  Sat, 09 Feb 2019 00:40:17 +0100
 
+cryptsetup (2:2.0.6-1ubuntu1) disco; urgency=medium
+
+  * Merge from Debian unstable.
+  * Remaining changes:
+    - debian/control:
+      + Recommend plymouth.
+      + Invert the "busybox | busybox-static" Recommends, as the latter
+        is the one we ship in main as part of the ubuntu-standard task.
+    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
+      compatibility. LP: #1651818
+  * Dropped delta sector_size support, merged in Debian.
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 05 Feb 2019 13:43:25 +0000
+
 cryptsetup (2:2.0.6-1) unstable; urgency=medium
 
   * New upstream bugfix release.  Highlights include:
@@ -627,6 +1025,27 @@ cryptsetup (2:2.0.4-3) unstable; urgency
 
  -- Guilhem Moulin <guilhem@debian.org>  Mon, 22 Oct 2018 17:45:35 +0200
 
+cryptsetup (2:2.0.4-2ubuntu2) cosmic; urgency=medium
+
+  * Implement support for --sector-size cryptsetup plain mode option in
+    crypttab. Matching support is also proposed to systemd-cryptsetup as
+    well. LP: #1776626
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com>  Fri, 31 Aug 2018 17:00:07 +0100
+
+cryptsetup (2:2.0.4-2ubuntu1) cosmic; urgency=low
+
+  * Merge from Debian unstable.  LP: #1785610.
+  * Remaining changes:
+    - debian/control:
+      + Recommend plymouth.
+      + Invert the "busybox | busybox-static" Recommends, as the latter
+        is the one we ship in main as part of the ubuntu-standard task.
+    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
+      compatibility. LP: #1651818
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 22 Aug 2018 22:51:47 +0100
+
 cryptsetup (2:2.0.4-2) unstable; urgency=medium
 
   * debian/cryptsetup-initramfs.preinst: Don't try to overwrite
@@ -659,6 +1078,28 @@ cryptsetup (2:2.0.3-7) unstable; urgency
 
  -- Guilhem Moulin <guilhem@debian.org>  Mon, 30 Jul 2018 16:32:07 +0800
 
+cryptsetup (2:2.0.3-6ubuntu1) cosmic; urgency=low
+
+  * Merge from Debian unstable.  LP: #1781912.
+  * Remaining changes:
+    - debian/control:
+      + Recommend plymouth.
+      + Invert the "busybox | busybox-static" Recommends, as the latter
+        is the one we ship in main as part of the ubuntu-standard task.
+    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
+      compatibility. LP: #1651818
+  * Dropped changes, included in Debian:
+    - Drop explicit libgcrypt20 dependency from libcryptsetup4.
+    - Drop the CRYPTSETUP variable warning from the initramfs hook, as
+      overlayroot package ships a dropin in conf-hooks.d triggering false
+      warnings.
+    - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
+    - Drop c99 std, as the default is now higher than that
+  * Dropped changes, no longer needed:
+    - Add maintscript to drop removed upstart system jobs.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 16 Jul 2018 08:27:58 -0400
+
 cryptsetup (2:2.0.3-6) unstable; urgency=medium
 
   * debian/TODO.md: Remove mention of parent device detection for mdadm
@@ -943,6 +1384,45 @@ cryptsetup (2:2.0.3-1) unstable; urgency
 
  -- Jonas Meurer <jonas@freesources.org>  Fri, 15 Jun 2018 15:32:16 +0200
 
+cryptsetup (2:2.0.2-1ubuntu3) cosmic; urgency=medium
+
+  * No-change rebuild against libargon2-1
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 10 Jul 2018 17:01:23 +0000
+
+cryptsetup (2:2.0.2-1ubuntu2) cosmic; urgency=medium
+
+  * Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
+    compatibility. LP: #1651818
+
+ -- Dimitri John Ledkov 🌈 <xnox@ubuntu.com>  Thu, 21 Jun 2018 16:38:31 +0100
+
+cryptsetup (2:2.0.2-1ubuntu1) bionic; urgency=low
+
+  * Merge from Debian unstable.
+    - bugfix upstream release, which solves problems with luks2 format
+      disks not unlocking.  LP: #1755322.
+  * Remaining changes:
+    - debian/control:
+      + Depend on plymouth.
+      + Invert the "busybox | busybox-static" Recommends, as the latter
+        is the one we ship in main as part of the ubuntu-standard task.
+      + Drop explicit libgcrypt20 dependency from libcryptsetup4.
+    - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
+    - Drop c99 std, as the default is now higher than that
+    - Drop upstart system jobs.
+    - Add maintscript to drop removed upstart system jobs.
+      - debian has its own now, but we have different version numbers.
+        this delta can be dropped after 18.04 release.
+    - Drop the CRYPTSETUP variable warning from the initramfs hook, as
+      overlayroot package ships a dropin in conf-hooks.d triggering false
+      warnings.
+  * Dropped changes:
+    - debian/cryptdisks{,-udev}.maintscript: drop, there is no package named
+      'cryptdisks' or 'cryptdisks-udev'.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 06 Apr 2018 10:23:53 -0700
+
 cryptsetup (2:2.0.2-1) unstable; urgency=low
 
   * New upstream release 2.0.2
@@ -972,6 +1452,40 @@ cryptsetup (2:2.0.1-1) unstable; urgency
 
  -- Guilhem Moulin <guilhem@debian.org>  Sun, 11 Feb 2018 00:02:05 +0100
 
+cryptsetup (2:2.0.1-0ubuntu2) bionic; urgency=medium
+
+  * Drop the CRYPTSETUP variable warning from the initramfs hook, as
+    overlayroot package ships a dropin in conf-hooks.d triggering false
+    warnings.
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com>  Thu, 22 Feb 2018 14:49:16 +0000
+
+cryptsetup (2:2.0.1-0ubuntu1) bionic; urgency=medium
+
+  * Merge from Debian unstable.  Remaining changes:
+    - debian/control:
+      + Depend on plymouth.
+      + Invert the "busybox | busybox-static" Recommends, as the latter
+        is the one we ship in main as part of the ubuntu-standard task.
+      + Drop explicit libgcrypt20 dependency from libcryptsetup4.
+    - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
+    - Drop c99 std, as the default is now higher than that
+    - Drop upstart system jobs.
+    - Add maintscript to drop removed upstart system jobs.
+      - debian has its own now, but we have different version numbers
+  * New upstream release
+  * Cherry-pick Guilhem Moulin's changes below from Debian git
+
+  [ Guilhem Moulin ]
+   * New upstream release 2.0.1:
+     - Use /run/cryptsetup as default for cryptsetup locking dir.
+     - Add missing symbols for new functions to debian/libcryptsetup12.symbols.
+  * debian/copyright: update copyright years.
+  * debian/patches: backport upstream's 8728ba08 to fix opening of loop-AES
+    devices using --key-file=-.  (Closes: #888162.)
+
+ -- Julian Andres Klode <juliank@ubuntu.com>  Mon, 29 Jan 2018 13:48:55 +0100
+
 cryptsetup (2:2.0.0-1) unstable; urgency=low
 
   [ Guilhem Moulin ]
@@ -1021,6 +1535,26 @@ cryptsetup (2:2.0.0~rc0-1) experimental;
 
  -- Guilhem Moulin <guilhem@debian.org>  Tue, 03 Oct 2017 03:37:36 +0200
 
+cryptsetup (2:1.7.5-1ubuntu1) bionic; urgency=low
+
+  * Merge from Debian unstable.  Remaining changes:
+    - debian/control:
+      + Depend on plymouth.
+      + Invert the "busybox | busybox-static" Recommends, as the latter
+        is the one we ship in main as part of the ubuntu-standard task.
+      + Drop explicit libgcrypt20 dependency from libcryptsetup4.
+    - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
+    - Drop c99 std, as the default is now higher than that
+    - Drop upstart system jobs.
+    - Add maintscript to drop removed upstart system jobs.
+  * Merged upstream:
+    - d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat
+      with recent FIPS enabled kernels.
+  * Merged in Debian:
+    - Use DEB_VERSION from dpkg/default.mk for pod2man release variable
+
+ -- Julian Andres Klode <juliank@ubuntu.com>  Wed, 17 Jan 2018 21:39:10 +0100
+
 cryptsetup (2:1.7.5-1) unstable; urgency=low
 
   * New upstream release 1.7.5.
@@ -1043,6 +1577,25 @@ cryptsetup (2:1.7.5-1) unstable; urgency
 
  -- Guilhem Moulin <guilhem@debian.org>  Thu, 14 Sep 2017 13:00:23 +0200
 
+cryptsetup (2:1.7.3-4ubuntu1) artful; urgency=low
+
+  * New upstream release, merge from Debian unstable. Remaining
+    Ubuntu changes:
+    - debian/control:
+      + Depend on plymouth.
+      + Invert the "busybox | busybox-static" Recommends, as the latter
+        is the one we ship in main as part of the ubuntu-standard task.
+      + Drop explicit libgcrypt20 dependency from libcryptsetup4.
+  * d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat
+    with recent FIPS enabled kernels.
+  * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
+  * Drop c99 std, as the default is now higher than that
+  * Use DEB_VERSION from dpkg/default.mk for pod2man release variable
+  * Drop upstart system jobs.
+  * Add maintscript to drop removed upstart system jobs.
+
+ -- Andy Whitcroft <apw@ubuntu.com>  Thu, 10 Aug 2017 14:07:29 +0100
+
 cryptsetup (2:1.7.3-4) unstable; urgency=high
 
   [ Guilhem Moulin ]
@@ -1255,6 +1808,40 @@ cryptsetup (2:1.7.2-1) unstable; urgency
 
  -- Jonas Meurer <mejo@debian.org>  Wed, 05 Oct 2016 20:53:09 +0200
 
+cryptsetup (2:1.7.2-0ubuntu4) artful; urgency=medium
+
+  * Add maintscript to drop removed upstart system jobs.
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com>  Mon, 21 Aug 2017 11:36:04 +0100
+
+cryptsetup (2:1.7.2-0ubuntu3) artful; urgency=medium
+
+  * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCe
+  * Drop c99 std, as the default is now higher than that
+  * Use DEB_VERSION from dpkg/default.mk for pod2man release variable
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com>  Sat, 19 Aug 2017 21:46:19 +0100
+
+cryptsetup (2:1.7.2-0ubuntu2) artful; urgency=medium
+
+  * Drop upstart system jobs.
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com>  Sat, 19 Aug 2017 20:57:17 +0100
+
+cryptsetup (2:1.7.2-0ubuntu1) yakkety; urgency=medium
+
+  * New upstream release, merge from Debian unstable (LP: #1548137). Remaining
+    Ubuntu changes:
+    - debian/control:
+      + Bump initramfs-tools Suggests to Depends: so system is not
+        potentially rendered unbootable.
+      + Depend on plymouth.
+      + Invert the "busybox | busybox-static" Recommends, as the latter
+        is the one we ship in main as part of the ubuntu-standard task.
+      + Drop explicit libgcrypt20 dependency from libcryptsetup4.
+
+ -- Unit 193 <unit193@ubuntu.com>  Wed, 22 Jun 2016 16:30:01 -0400
+
 cryptsetup (2:1.7.0-2) unstable; urgency=medium
 
   [ Guilhem Moulin ]
@@ -1329,6 +1916,35 @@ cryptsetup (2:1.7.0-1) unstable; urgency
 
  -- Jonas Meurer <mejo@debian.org>  Thu, 07 Jan 2016 02:22:33 +0100
 
+cryptsetup (2:1.6.6-5ubuntu2) wily; urgency=medium
+
+  * Fix stupid typo in Recommends "busybox | busybox-static" inversion.
+    Fixes binary moves for busybox into main.
+
+ -- Andy Whitcroft <apw@ubuntu.com>  Fri, 21 Aug 2015 08:56:34 +0100
+
+cryptsetup (2:1.6.6-5ubuntu1) wily; urgency=low
+
+  * Merge from Debian unstable.  Remaining changes:
+    - debian/control:
+      + Bump initramfs-tools Suggests to Depends: so system is not
+        potentially rendered unbootable.
+      + Depend on plymouth.
+      + Invert the "busybox | busybox-static" Recommends, as the latter
+        is the one we ship in main as part of the ubuntu-standard task.
+      + Drop explicit libgcrypt11 dependency from libcryptsetup4.
+  * Dropped changes, now in Debian:
+    - Remove hardcoded paths to udevadm.
+    - debian/initramfs/cryptroot-hook:
+      + Do not unconditionally include cryptsetup utils in the initramfs.
+      + Do not include any modules or utils in the initramfs, unless
+        rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
+        the initramfs.conf configuration file.
+    - debian/cryptsetup.maintscripts:
+      + Migrate upstart jobs to new names.
+
+ -- Andy Whitcroft <apw@ubuntu.com>  Tue, 07 Jul 2015 16:58:45 +0100
+
 cryptsetup (2:1.6.6-5) unstable; urgency=high
 
   * debian/cryptdisks.functions: fix the precheck for ubuntu+upstart
@@ -1481,6 +2097,71 @@ cryptsetup (2:1.6.4-1) unstable; urgency
 
  -- Jonas Meurer <mejo@debian.org>  Fri, 28 Jun 2013 12:14:55 +0200
 
+cryptsetup (2:1.6.1-1ubuntu7) vivid; urgency=medium
+
+  * Drop explicit libgcrypt11 dependency from libcryptsetup4.
+
+ -- Adam Conrad <adconrad@ubuntu.com>  Fri, 27 Mar 2015 18:24:38 -0600
+
+cryptsetup (2:1.6.1-1ubuntu6) vivid; urgency=medium
+
+  * No-change rebuild for the libgcrypt20 transition.
+
+ -- Adam Conrad <adconrad@ubuntu.com>  Fri, 27 Mar 2015 06:16:08 -0600
+
+cryptsetup (2:1.6.1-1ubuntu5) vivid; urgency=medium
+
+  * ./debian/scripts/luksformat: Drop luksFormat -s and --ciper options. They
+    aren't necessary any more, and aes-cbc-essiv:sha256 is obsolete. This will
+    now use aes-xts-plain64 by default. (LP: #1414719)
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Fri, 27 Feb 2015 09:37:05 +0100
+
+cryptsetup (2:1.6.1-1ubuntu4) vivid; urgency=medium
+
+  * No change rebuild to get debug symbols for all architectures.
+
+ -- Brian Murray <brian@ubuntu.com>  Wed, 03 Dec 2014 08:03:31 -0800
+
+cryptsetup (2:1.6.1-1ubuntu3) utopic; urgency=high
+
+  * No change rebuild against new dh_installinit, to call update-rc.d at
+    postinst.
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 28 May 2014 10:39:30 +0100
+
+cryptsetup (2:1.6.1-1ubuntu2) utopic; urgency=medium
+
+  * debian/askpass.c:
+    - Fix bug (LP: #1301086) where askpass fails to restore terminal
+      settings.
+
+ -- Robert Barabas <dc@0xdc.org>  Fri, 18 Apr 2014 14:08:51 -0400
+
+cryptsetup (2:1.6.1-1ubuntu1) trusty; urgency=low
+
+  * Merge from debian unstable, remaining changes:
+    - debian/control:
+      + Bump initramfs-tools Suggests to Depends: so system is not
+        potentially rendered unbootable.
+      + Depend on plymouth.
+
+    - Invert the "busybox | busybox-static" Recommends, as the latter is
+      the one we ship in main as part of the ubuntu-standard task.
+  
+    - Remove hardcoded paths to udevadm (LP: #1184066).  
+  
+    - debian/initramfs/cryptroot-hook:
+      + Do not unconditionally include cryptsetup utils in the initramfs.
+      + Do not include any modules or utils in the initramfs, unless
+        rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
+        the initramfs.conf configuration file.
+  
+    - debian/cryptsetup.maintscripts:
+      + Migrate upstart jobs to new names.
+
+ -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com>  Fri, 01 Nov 2013 16:48:57 +0000
+
 cryptsetup (2:1.6.1-1) unstable; urgency=low
 
   [ Milan Broz ]
@@ -1522,6 +2203,50 @@ cryptsetup (2:1.6.1-1) unstable; urgency
 
  -- Jonas Meurer <mejo@debian.org>  Fri, 28 Jun 2013 12:10:41 +0200
 
+cryptsetup (2:1.4.3-4ubuntu4) saucy; urgency=low
+
+  * debian/initramfs/cryptroot-hook:
+    - Do not unconditionally include cryptsetup utils in the initramfs.
+    - Do not include any modules or utils in the initramfs, unless
+      rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
+      the initramfs.conf configuration file.
+
+ -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com>  Mon, 10 Jun 2013 16:25:46 +0100
+
+cryptsetup (2:1.4.3-4ubuntu3) saucy; urgency=low
+
+  * Remove hardcoded paths to udevadm (LP: #1184066).
+
+ -- Colin Watson <cjwatson@ubuntu.com>  Tue, 28 May 2013 11:27:27 +0100
+
+cryptsetup (2:1.4.3-4ubuntu2) raring; urgency=low
+
+  * Invert the "busybox | busybox-static" Recommends, as the latter
+    is the one we ship in main as part of the ubuntu-standard task.
+
+ -- Adam Conrad <adconrad@ubuntu.com>  Fri, 16 Nov 2012 01:14:35 -0700
+
+cryptsetup (2:1.4.3-4ubuntu1) raring; urgency=low
+
+  * Merge from debian unstable, remaining changes:
+    - debian/control:
+      + Bump initramfs-tools Suggests to Depends: so system is not
+        potentially rendered unbootable.
+      + Depend on plymouth.
+
+    - init/upstart jobs:
+      + Rename cryptddisks{,-early}.upstart jobs to
+        cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs
+        for now.
+      + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
+        script a no-op, this should be handled entirely by the upstart job;
+      	and fix the LSB header to not declare this should be started in
+      	runlevel 'S'.
+      + Do not install start symlinks for init scripts
+      + NB! shutdown is still handled by the SystemV init scripts
+
+ -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com>  Tue, 13 Nov 2012 11:17:57 +0000
+
 cryptsetup (2:1.4.3-4) unstable; urgency=medium
 
   * change recommends for busybox to busybox | busybox-static. Thanks to
@@ -1554,6 +2279,50 @@ cryptsetup (2:1.4.3-3) unstable; urgency
 
  -- Jonas Meurer <mejo@debian.org>  Thu, 01 Nov 2012 15:34:09 +0100
 
+cryptsetup (2:1.4.3-2ubuntu1) quantal; urgency=low
+
+  * Merge from debian unstable (LP: #1015753), remaining changes:
+    - debian/control:
+      + Bump initramfs-tools Suggests to Depends: so system is not
+        potentially rendered unbootable.
+      + Depend on plymouth.
+
+    - init/upstart jobs:
+      + Add debian/cryptdisks-{enable,udev}.upstart for bootup.
+      + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
+        script a no-op, this should be handled entirely by the upstart job;
+      	and fix the LSB header to not declare this should be started in
+      	runlevel 'S'.
+      + Do not install start symlinks for init scripts
+      + NB! shutdown is still handled by the SystemV init scripts
+
+  * Rename cryptddisks{,-early}.upstart jobs back to
+    cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs
+    for now.
+
+  * Dropped Changes, included in Debian:
+    - debian/control:
+      + Split up package in cryptsetup and cryptsetup-bin. (LP: #343363).
+
+    - debian/cryptdisks.functions:
+      + Do not overwrite existing filesystems when creating swap (LP: #474258).
+      + Add aesni module when we have hardware encryption.
+      + Call 'udevadm settle' before 'dmsetup rename' http://pad.lv/874774
+      + Suppress "Starting init crypto disks" message in "init" phase, to
+        avoid writing over fsck progress text.
+      + new function, crypttab_start_one_disk, to look for the named source
+        device in /etc/crypttab (by device name, UUID, or label) and start it
+        if configured to do so
+      + handle the case where crypttab contains a name for the source
+        device that is not the kernel's preferred name for it (as is the case
+        for LVs).
+
+    - debian/initramfs/cryptroot-hook:
+      + Quiet warnings from find on arches that don't have all the
+        kernel/{arch,crypto} bits we're testing for.
+
+ -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com>  Tue, 21 Aug 2012 11:57:28 +0100
+
 cryptsetup (2:1.4.3-2) unstable; urgency=medium
 
   * fix the shared library symbols magic: so far, the symbols file for
@@ -1629,6 +2398,64 @@ cryptsetup (2:1.4.1-3) unstable; urgency
 
  -- Jonas Meurer <mejo@debian.org>  Wed, 11 Apr 2012 23:55:35 +0200
 
+cryptsetup (2:1.4.1-2ubuntu4) precise; urgency=low
+
+  * Our swap creation can trigger udev change events, which means udev may be
+    holding the device open at the time we try to call 'dmsetup rename' and
+    cause the /subsequent/ events to be missed because of dmsetup creating
+    device nodes by hand.  So call 'udevadm settle' before 'dmsetup rename',
+    to ensure blkid is out of the way first.  This should ensure swap
+    partitions are found by mountall in a non-racy manner.  LP: #874774.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 13 Apr 2012 20:23:21 -0700
+
+cryptsetup (2:1.4.1-2ubuntu3) precise; urgency=low
+
+  * Start cryptdisks-enable upstart job on 'or container', to let us
+    simplify the udevtrigger job.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 04 Apr 2012 17:02:00 -0700
+
+cryptsetup (2:1.4.1-2ubuntu2) precise; urgency=low
+
+  * Split up package in cryptsetup and cryptsetup-bin. (LP: #343363).
+  * Do not overwrite existing filesystems when creating swap (LP: #474258).
+  * Add aesni module when we have hardware encryption.
+
+ -- Jean-Louis Dupond <jean-louis@dupond.be>  Mon, 12 Mar 2012 10:14:30 +0100
+
+cryptsetup (2:1.4.1-2ubuntu1) precise; urgency=low
+
+  [ Jean-Louis Dupond ]
+  * Merge from debian unstable (LP: #776264), remaining changes:
+    - debian/cryptdisks.functions: Suppress "Starting init crypto disks" message
+      in "init" phase, to avoid writing over fsck progress text.
+    - debian/cryptroot-hook: Quiet warnings from find on arches that
+      don't have all the kernel/{arch,crypto} bits we're testing for.
+    - debian/control:
+      + Bump initramfs-tools Suggests to Depends: so system is not
+        potentially rendered unbootable.
+      + Depend on plymouth.
+    - Add debian/cryptdisks-{enable,udev}.upstart.
+    - debian/cryptdisks.functions:
+      + new function, crypttab_start_one_disk, to look for the named source
+        device in /etc/crypttab (by device name, UUID, or label) and start it
+        if configured to do so
+    - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
+      script a no-op, this should be handled entirely by the upstart job;
+      and fix the LSB header to not declare this should be started in
+      runlevel 'S'
+    - debian/rules:
+      + Do not install start symlinks for init scripts, and
+        install debian/cryptdisks-{enable,udev}.upstart scripts.
+
+  [ Steve Langasek ]
+  * debian/cryptdisks.functions: handle the case where crypttab contains a
+    name for the source device that is not the kernel's preferred name for
+    it (as is the case for LVs).
+
+ -- Jean-Louis Dupond <jean-louis@dupond.be>  Thu, 08 Mar 2012 07:32:40 +0100
+
 cryptsetup (2:1.4.1-2) unstable; urgency=low
 
   * acknowledge NMU. Thanks to Michael Biebl. (closes: #659182)
@@ -1838,6 +2665,56 @@ cryptsetup (2:1.2.0-1) experimental; urg
 
  -- Jonas Meurer <mejo@debian.org>  Sun, 16 Jan 2011 01:01:03 +0100
 
+cryptsetup (2:1.1.3-4ubuntu3) precise; urgency=low
+
+  [ Pali Rohar ]
+  * debian/cryptdisks.functions: Suppress "Starting init crypto disks" message
+    in "init" phase, to avoid writing over fsck progress text.
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 26 Oct 2011 09:16:15 +0200
+
+cryptsetup (2:1.1.3-4ubuntu2) oneiric; urgency=low
+
+  * debian/cryptroot-hook: Quiet warnings from find on arches that
+    don't have all the kernel/{arch,crypto} bits we're testing for. 
+
+ -- Adam Conrad <adconrad@ubuntu.com>  Sat, 01 Oct 2011 00:33:00 -0600
+
+cryptsetup (2:1.1.3-4ubuntu1) natty; urgency=low
+
+  * Merge from debian unstable (LP: #682177), remaining changes:
+    - debian/control:
+      + Bump initramfs-tools Suggests to Depends: so system is not
+        potentially rendered unbootable.
+      + Depend on plymouth.
+    - Add debian/cryptdisks-{enable,udev}.upstart.
+    - debian/cryptdisks.functions:
+      + new function, crypttab_start_one_disk, to look for the named source
+        device in /etc/crypttab (by device name, UUID, or label) and start it
+        if configured to do so
+      + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
+        we only ever have one of these running at a time; otherwise multiple
+        invocations could steal each other's input and/or write over each
+        other's output
+      + when called by cryptdisks-enable, check that we don't already have a
+        corresponding cryptdisks-udev job running (probably waiting for a
+        passphrase); if there is, wait until it's finished before continuing.
+    - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
+      script a no-op, this should be handled entirely by the upstart job;
+      and fix the LSB header to not declare this should be started in
+      runlevel 'S'
+    - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
+      upgrade.
+    - debian/rules: 
+      + Do not install start symlinks for init scripts, and
+        install debian/cryptdisks-{enable,udev}.upstart scripts.
+      + link dynamically against libgcrypt and libgpg-error.
+    - Add debian/cryptsetup.apport: Apport package hook. Install in
+      debian/rules and create dir in debian/cryptsetup.dirs.
+    - debian/cryptsetup.postrm: call update-initramfs on package removal.
+
+ -- Lorenzo De Liso <blackz@ubuntu.com>  Sat, 27 Nov 2010 17:37:43 +0100
+
 cryptsetup (2:1.1.3-4) unstable; urgency=high
 
   * bump standards-version to 3.9.1, no changes required
@@ -1943,6 +2820,69 @@ cryptsetup (2:1.1.3-1) unstable; urgency
 
  -- Jonas Meurer <mejo@debian.org>  Sat, 10 Jul 2010 14:32:40 +0200
 
+cryptsetup (2:1.1.2-1ubuntu1) maverick; urgency=low
+
+  * Merge from Debian unstable (LP: #594365).  Remaining changes:
+    - debian/control:
+      + Bump initramfs-tools Suggests to Depends: so system is not
+        potentially rendered unbootable.
+      + Depend on plymouth.   
+    - Add debian/cryptdisks-{enable,udev}.upstart.
+    - debian/cryptdisks.functions:
+      + new function, crypttab_start_one_disk, to look for the named source
+        device in /etc/crypttab (by device name, UUID, or label) and start it
+        if configured to do so
+      + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
+        we only ever have one of these running at a time; otherwise multiple
+        invocations could steal each other's input and/or write over each
+        other's output
+      + initially create the device under a temporary name and rename it only
+        at the end using 'dmsetup rename', to ensure that upstart/mountall
+        doesn't see our device before it's ready to go.
+      + do_tmp should mount under /var/run/cryptsetup for changing the
+        permissions of the filesystem root, not directly on /tmp, since
+        mounting on /tmp a) is racy, b) confuses mountall something fierce.
+      + when called by cryptdisks-enable, check that we don't already have a
+        corresponding cryptdisks-udev job running (probably waiting for a
+        passphrase); if there is, wait until it's finished before continuing.
+    - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
+      script a no-op, this should be handled entirely by the upstart job;
+      and fix the LSB header to not declare this should be started in
+      runlevel 'S'
+    - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
+      upgrade. 
+    - debian/rules: Do not install start symlinks for init scripts, and
+      install debian/cryptdisks-{enable,udev}.upstart scripts.
+    - Add debian/cryptsetup.apport: Apport package hook. Install in
+      debian/rules and create dir in debian/cryptsetup.dirs.
+    - debian/rules: link dynamically against libgcrypt and libgpg-error.
+    - debian/cryptsetup.postrm: call update-initramfs on package removal.
+  * Dropped changes, merged/superseded in Debian:
+    - Add ext4 support to passdev.
+    - cryptroot-hook: don't call copy_modules_dir with empty arguments when
+      archcrypto isn't found
+    - Set USPLASH=y and FRAMEBUFFER=y in the hook config to pull plymouth into
+      the initramfs.
+    - change interaction to use plymouth directly if present, and if not, to
+      fall back to /lib/cryptsetup/askpass as before
+    - cryptdisks.functions: replace 'echo -e' bashism with 'printf'.
+    - debian/initramfs/cryptroot-script: if plymouth is present in the
+      initramfs, use this directly, bypassing the cryptsetup askpass script
+    - debian/initramfs/cryptroot-hook: Properly anchor our regexps when
+      grepping /etc/crypttab so that we don't incorrectly match device names
+      that are substrings of one another.
+    - debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
+      file descriptor to subprocesses.
+    - Fix grammar error in debian/initramfs/cryptroot-script
+      ("setup" -> "set up")
+    - debian/initramfs/cryptroot-script: Fix this to work with current
+      initramfs-tools:
+      + Source /scripts/functions after checking for prerequisites.
+      + prereqs(): Do not assume we are running within initramfs, and
+        calculate relative path correctly.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 14 Jun 2010 21:47:28 -0700
+
 cryptsetup (2:1.1.2-1) unstable; urgency=low
 
   * new upstream release, changes include:
@@ -2060,6 +3000,171 @@ cryptsetup (2:1.1.0-1) unstable; urgency
 
  -- Jonas Meurer <mejo@debian.org>  Mon, 08 Mar 2010 14:15:35 +0100
 
+cryptsetup (2:1.1.0~rc2-1ubuntu14) maverick; urgency=low
+
+  [ David Stansby ]
+  * Fix grammar error in debian/initramfs/cryptroot-script
+    ("setup" -> "set up") (LP: #578896)
+
+ -- James Westby <james.westby@ubuntu.com>  Mon, 17 May 2010 13:33:40 +0100
+
+cryptsetup (2:1.1.0~rc2-1ubuntu13) lucid; urgency=low
+
+  * debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
+    file descriptor to subprocesses.
+
+ -- Colin Watson <cjwatson@ubuntu.com>  Mon, 29 Mar 2010 22:18:36 +0100
+
+cryptsetup (2:1.1.0~rc2-1ubuntu12) lucid; urgency=low
+
+  * debian/initramfs/cryptroot-hook: Properly anchor our regexps when
+    grepping /etc/crypttab so that we don't incorrectly match device names
+    that are substrings of one another.
+  * debian/cryptdisks-{enable,udev}.conf, debian/control: drop
+    'console output' and add a hard dependency on plymouth instead of
+    watershed, to avoid spitting extra messages to the console.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 18 Feb 2010 06:19:19 -0800
+
+cryptsetup (2:1.1.0~rc2-1ubuntu11) lucid; urgency=low
+
+  * Set FRAMEBUFFER=y in the file that we actually ship.
+  * debian/cryptsetup.postrm: call update-initramfs on package removal.
+    LP: #468228.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 25 Jan 2010 03:07:52 -0800
+
+cryptsetup (2:1.1.0~rc2-1ubuntu10) lucid; urgency=low
+
+  * cryptdisks.functions: replace 'echo -e' bashism with 'printf'.
+  * cryptdisks.functions: when called by cryptdisks-enable, check that we
+    don't already have a corresponding cryptdisks-udev job running (probably
+    waiting for a passphrase); if there is, wait until it's finished before
+    continuing.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 21 Jan 2010 14:57:21 +0000
+
+cryptsetup (2:1.1.0~rc2-1ubuntu9) lucid; urgency=low
+
+  * Set FRAMEBUFFER=y in the hook config as well, to pull plymouth into the
+    initramfs.
+  * cryptdisks.functions, debian/initramfs/cryptroot-script: fix the
+    invocation of plymouth, so that we actually get proper passphrase prompts
+    (once bug #496765 is fixed).
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Sat, 16 Jan 2010 02:32:41 -0800
+
+cryptsetup (2:1.1.0~rc2-1ubuntu8) lucid; urgency=low
+
+  * cryptdisks.functions: do_tmp should mount under /var/run/cryptsetup for
+    changing the permissions of the filesystem root, not directly on /tmp,
+    since mounting on /tmp a) is racy, b) confuses mountall something fierce.
+    LP: #475936.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 22 Dec 2009 20:24:28 +0000
+
+cryptsetup (2:1.1.0~rc2-1ubuntu7) lucid; urgency=low
+
+  * Depend on watershed.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 22 Dec 2009 01:37:36 +0000
+
+cryptsetup (2:1.1.0~rc2-1ubuntu6) lucid; urgency=low
+
+  [ Steve Langasek ]
+  * Fix the LSB header in the init scripts, now that we don't install to
+    rcS.d.
+
+  [ Martin Pitt ]
+  * debian/initramfs/cryptroot-script: Fix this to work with current
+    initramfs-tools:
+    - Source /scripts/functions after checking for prerequisites.
+    - prereqs(): Do not assume we are running within initramfs, and calculate
+      relative path correctly.
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Fri, 18 Dec 2009 17:07:07 +0100
+
+cryptsetup (2:1.1.0~rc2-1ubuntu5) lucid; urgency=low
+
+  * Rename the upstart job introduced in the previous upload to
+    cryptdisks-udev and restore the previous version of the job as
+    cryptdisks-enable, to run at the end of udev coldplugging as before;
+    this isn't entirely race-free, but should nevertheless give us the
+    two passes needed to cover devices that are decrypted using keys stored
+    on other encrypted disks.  LP: #443980.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 16 Dec 2009 06:41:30 +0000
+
+cryptsetup (2:1.1.0~rc2-1ubuntu4) lucid; urgency=low
+
+  [ Steve Langasek ]
+  * debian/initramfs/cryptroot-script: if plymouth is present in the
+    initramfs, use this directly, bypassing the cryptsetup askpass script;
+    but keep support for these other frontends around on a transitional
+    basis.
+  * debian/cryptdisks.functions:
+    - change interaction to use plymouth directly if present, and if not, to
+      fall back to /lib/cryptsetup/askpass as before
+    - wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
+      we only ever have one of these running at a time; otherwise multiple
+      invocations could steal each other's input and/or write over each
+      other's output
+    - new function, crypttab_start_one_disk, to look for the named source
+      device in /etc/crypttab (by device name, UUID, or label) and start it
+      if configured to do so
+  * debian/cryptdisks-enable.upstart: run the upstart job once for each block
+    device, using the new crypttab_start_one_disk function, triggered by udev;
+    this doesn't eliminate the possibility of a race with gdm when the
+    decrypted volume isn't a 'bootwait' mount point (since gdm kills
+    plymouth), but it does eliminate the race between udev and cryptsetup.
+    LP: #454898.
+  * debian/cryptdisks-enable.upstart: check that the package is installed
+    and exit gracefully if it's not.  LP: #435814
+  * debian/cryptdisk.functions: initially create the device under a temporary
+    name and rename it only at the end using 'dmsetup rename', to ensure that
+    upstart/mountall doesn't see our device before it's ready to go.
+    LP: #475936.
+
+  [ Colin Watson ]
+  * Add ext4 support to passdev.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 15 Dec 2009 18:05:45 -0800
+
+cryptsetup (2:1.1.0~rc2-1ubuntu3) lucid; urgency=low
+
+  * cryptroot-hook: Use if [ -n … ] instead of if ! test -z ….
+
+ -- Loïc Minier <loic.minier@ubuntu.com>  Sat, 12 Dec 2009 11:32:52 +0100
+
+cryptsetup (2:1.1.0~rc2-1ubuntu2) lucid; urgency=low
+
+  * cryptroot-hook: dont call copy_modules_dir with empty arguments when
+    archcrypto isnt found (LP: #495161)
+
+ -- Oliver Grawert <ogra@ubuntu.com>  Fri, 11 Dec 2009 14:39:00 +0100
+
+cryptsetup (2:1.1.0~rc2-1ubuntu1) lucid; urgency=low
+
+  * Merge with Debian testing. Remaining Ubuntu changes:
+    - debian/rules: cryptsetup is linked dynamically against libgcrypt and
+      libgpg-error.
+    - Upstart migration:
+      + Add debian/cryptdisks-enable.upstart.
+      + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
+        script a no-op, this should be handled entirely by the upstart job.
+        (LP #473615)
+      + debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
+        upgrade. 
+      + debian/rules: Do not install start symlinks for those two, and install
+        debian/cryptdisks-enable.upstart scripts.
+    - Add debian/cryptsetup.apport: Apport package hook. Install in
+      debian/rules, and create dir in debian/cryptsetup.dirs.
+    - Start usplash in initramfs, since we need it for fancy passphrase input:
+      + debian/initramfs/cryptroot-conf, debian/initramfs-conf.d: USPLASH=y
+      + debian/control: Bump initramfs-tools Suggests to Depends:.
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 11 Nov 2009 15:04:27 +0100
+
 cryptsetup (2:1.1.0~rc2-1) unstable; urgency=low
 
   * new upstream release candidate (1.1.0-rc2), highlights include:
@@ -2233,6 +3338,80 @@ cryptsetup (2:1.0.7~rc1-1) unstable; urg
 
  -- Jonas Meurer <mejo@debian.org>  Sat, 04 Jul 2009 15:52:06 +0200
 
+cryptsetup (2:1.0.6+20090405.svn49-1ubuntu8) lucid; urgency=low
+
+  [ Steve Langasek ]
+  * Make the 'start' action of the init script a no-op, this should be
+    handled entirely by the upstart job now; and remove any symlinks from
+    /etc/rcS.d on upgrade.  LP: #473615.
+
+  [ Reinhard Tartler ]
+  * Add an apport hook
+  * import the blkid and un_blkid from debian, LP: #446517
+  * also use this script by default (setting in /etc/default/cryptdisks)
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 04 Nov 2009 12:06:47 +0000
+
+cryptsetup (2:1.0.6+20090405.svn49-1ubuntu7) karmic; urgency=low
+
+  * Reupload previous version, siretart had left changes in bzr which
+    weren't documented in the changelog and caused FTBFS.
+
+ -- Scott James Remnant <scott@ubuntu.com>  Wed, 14 Oct 2009 13:57:59 +0100
+
+cryptsetup (2:1.0.6+20090405.svn49-1ubuntu6) karmic; urgency=low
+
+  [ Steve Langasek ]
+  * Move the Debian Vcs- fields aside.
+
+  [ Scott James Remnant ]
+  * debian/cryptdisks-enable.upstart: Don't overcompensate for my idiocy,
+    cryptsetup should not need a controlling terminal, just a terminal
+    is fine.  May fix LP: #439138.
+
+ -- Scott James Remnant <scott@ubuntu.com>  Wed, 14 Oct 2009 04:52:16 +0100
+
+cryptsetup (2:1.0.6+20090405.svn49-1ubuntu4) karmic; urgency=low
+
+  * debian/cryptdisks-enable.upstart: Things that often help include
+    not setting stdin/out to /dev/null, so you can actually type the
+    passphrase.  I am an idiot.  LP: #430496. 
+
+ -- Scott James Remnant <scott@ubuntu.com>  Thu, 17 Sep 2009 17:58:01 +0100
+
+cryptsetup (2:1.0.6+20090405.svn49-1ubuntu3) karmic; urgency=low
+
+  * debian/cryptdisks-enable.upstart: add upstart job to enable encrypted
+    disks once we've finished probing for udev devices, so that mountall
+    can use them.  LP: #430496.
+
+ -- Scott James Remnant <scott@ubuntu.com>  Thu, 17 Sep 2009 00:04:00 +0100
+
+cryptsetup (2:1.0.6+20090405.svn49-1ubuntu2) karmic; urgency=low
+
+  * debian/initramfs/cryptroot-conf: declare that we want usplash included
+    in the initramfs whenever this package is installed.  LP: #427356.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 15 Sep 2009 08:43:15 -0700
+
+cryptsetup (2:1.0.6+20090405.svn49-1ubuntu1) karmic; urgency=low
+
+  * Merge from debian unstable, remaining changes:
+    - Ubuntu specific:
+      + debian/rules: link dynamically for better security supportability and
+        smaller packages.
+      + debian/control: Depend on initramfs-tools so system is not potentially
+        rendered unbootable.
+    - debian/initramfs/cryptroot-script wait for encrypted device to appear,
+      report with log_*_msg (debian bug 488271).
+    - debian/initramfs/cryptroot-hook: fix support for UUID and LABEL
+      correlation between fstab and crypttab (debian bug 522041).
+    - debian/askpass.c, debian/initramfs/cryptroot-script: using newline
+      escape in passphrase prompt to avoid line-wrapping (debian bug 528133).
+  * Drop 04_fix_udevsettle_call.patch: fixed upstream differently.
+
+ -- Kees Cook <kees@ubuntu.com>  Sun, 10 May 2009 17:29:32 -0700
+
 cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low
 
   * New upstream svn snapshot. Highlights include:
@@ -2274,6 +3453,67 @@ cryptsetup (2:1.0.6+20090405.svn49-1) un
 
  -- Jonas Meurer <mejo@debian.org>  Mon, 06 Apr 2009 08:49:14 +0200
 
+cryptsetup (2:1.0.6-7ubuntu7) jaunty; urgency=low
+
+  * debian/control: Depend on initramfs-tools so system is not potentially
+    rendered unbootable (LP: #358654).
+
+ -- Kees Cook <kees@ubuntu.com>  Thu, 09 Apr 2009 12:29:31 -0700
+
+cryptsetup (2:1.0.6-7ubuntu6) jaunty; urgency=low
+
+  * debian/initramfs/cryptroot-script: we don't require vol_id to understand
+    the encrypted device, but we should check the device is fully up first
+    before continuing by calling udevadm settle.  LP: #291752.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Sat, 07 Mar 2009 21:39:14 -0800
+
+cryptsetup (2:1.0.6-7ubuntu5) jaunty; urgency=low
+
+  * debian/initramfs/cryptroot-hook: fix support for UUID and LABEL correlation
+    between fstab and crypttab (LP: #287879).
+
+ -- TJ <ubuntu@tjworld.net>  Mon, 16 Feb 2009 23:00:00 +0000
+
+cryptsetup (2:1.0.6-7ubuntu4) jaunty; urgency=low
+
+  * debian/askpass.c: also handle newline escape code in console prompt.
+
+ -- Kees Cook <kees@ubuntu.com>  Sun, 15 Feb 2009 08:57:05 -0800
+
+cryptsetup (2:1.0.6-7ubuntu3) jaunty; urgency=low
+
+  [ https://launchpad.net/~svenkata ]
+  * debian/checks/un_vol_id: dynamically build the "unknown volume type"
+    string, to allow for encrypted swap, LP: #316607
+
+ -- Dustin Kirkland <kirkland@ubuntu.com>  Thu, 12 Feb 2009 16:57:30 -0600
+
+cryptsetup (2:1.0.6-7ubuntu2) jaunty; urgency=low
+
+  * debian/askpass.c: handle newline escape code in password prompt.
+  * debian/initramfs/cryptroot-script: add newline to split cryptroot
+    password prompt onto two lines for readability (LP: #326900).
+
+ -- Kees Cook <kees@ubuntu.com>  Sun, 08 Feb 2009 07:26:01 -0800
+
+cryptsetup (2:1.0.6-7ubuntu1) jaunty; urgency=low
+
+  * Merge from debian unstable, remaining changes:
+    - debian/initramfs/cryptroot-script:
+      - must source /scripts/functions to get the log_*_msg() functions.
+      - wait for encrypted device to show up (LP 164044, 291752).
+      - disable error message 'failed to setup lvm device' (LP 151532).
+    - debian/rules:
+      - fix location of ltmain.sh (Ubuntu-specific until libtool 2.2.x is
+        in Debian unstable).
+      - link dynamically (LP 62751).
+    - add 04_fix_udevsettle_call.patch: fix path to binary for udevsettle.
+  * Revert versioned build-depency on libdevmapper-dev, since Ubuntu's
+    version is higher now.
+
+ -- Kees Cook <kees@ubuntu.com>  Tue, 06 Jan 2009 13:00:16 -0800
+
 cryptsetup (2:1.0.6-7) unstable; urgency=medium
 
   * Add patches/01_gettext_package.patch: Remove -luks from GETTEXT_PACKAGE
@@ -2318,6 +3558,38 @@ cryptsetup (2:1.0.6-7) unstable; urgency
 
  -- Jonas Meurer <mejo@debian.org>  Wed, 17 Dec 2008 21:25:45 +0100
 
+cryptsetup (2:1.0.6-6ubuntu2.1) intrepid-proposed; urgency=low
+
+  * debian/initramfs/cryptroot-script: do not require that vol_id
+    can parse the encrypted device as valid (LP: #291752).
+
+ -- Kees Cook <kees@ubuntu.com>  Fri, 31 Oct 2008 13:10:06 -0700
+
+cryptsetup (2:1.0.6-6ubuntu2) intrepid; urgency=low
+
+  * Fixes for (LP: #272301)
+  * debian/initramfs/cryptroot-script: must source /scripts/functions to get
+    the log_*_msg() functions
+  * 04_fix_udevsettle_call.patch: fix path to binary for udevsettle
+
+ -- Dustin Kirkland <kirkland@ubuntu.com>  Fri, 19 Sep 2008 18:03:28 -0500
+
+cryptsetup (2:1.0.6-6ubuntu1) intrepid; urgency=low
+
+  * drop almost all ubuntu specific changes from the cryptsetup package,
+    because they have been merged in debian. Thanks a lot!
+  * merge from debian, remaining changes:
+    - remove versioned build-depency on libdevmapper-dev, we are using a
+      rather sophisticated loop for making sure the root filesystem appears.
+  * debian/rules: fix location of ltmain.sh
+  * don't exit usplash anymore in the init script. LP: #110970, #139363
+  * Disable error message 'failed to setup lvm device'. It is harmless, and
+    caused by the fact that the udev rules provided by lvm2 are setting up
+    the lvm on their own. In debian the scripts here are responsible for this
+    but obviously fail in ubuntu. LP: #151532
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sat, 30 Aug 2008 17:52:16 +0200
+
 cryptsetup (2:1.0.6-6) unstable; urgency=high
 
   * Don't cat keyfile into pipe for do_noluks(). cryptsetup handles
@@ -2419,6 +3691,79 @@ cryptsetup (2:1.0.6-3) unstable; urgency
 
  -- Jonas Meurer <mejo@debian.org>  Mon, 07 Jul 2008 00:30:07 +0200
 
+cryptsetup (2:1.0.6-2ubuntu7) intrepid; urgency=low
+
+  * reintroduce changes from 2:1.0.6-2ubuntu5 that have been accidentally
+    dropped in version 2:1.0.6-2ubuntu6.
+
+ -- Reinhard Tartler <siretart@tauware.de>  Fri, 20 Jun 2008 15:15:54 +0200
+
+cryptsetup (2:1.0.6-2ubuntu6) intrepid; urgency=low
+
+  [ Kjell Braden ]
+  * load scripts/functions for log_{begin,end}_msg
+  * debian/initramfs/cryptroot-script: wait for the cryptsource, not the resulting mapped root device
+  * debian/initramfs/cryptroot-hook: copy binaries to the right directory
+
+  [ Reinhard Tartler ]
+  * remove versioned build-depency on libdevmapper-dev, we are using a
+    rather sophisticated loop for making sure the root filesystem appears.
+
+ -- Reinhard Tartler <siretart@tauware.de>  Wed, 18 Jun 2008 00:26:43 +0200
+
+cryptsetup (2:1.0.6-2ubuntu5) intrepid; urgency=low
+
+  * Okay, I give up. include preprocessed manpages and adapt
+    debian/rules to easily produce those.
+    ATTENTION: on subsequent uploads, make sure that the manpages are
+    available and up-to-date.
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sun, 15 Jun 2008 13:33:07 +0200
+
+cryptsetup (2:1.0.6-2ubuntu4) intrepid; urgency=low
+
+  * also use local dtd in debian/doc/variables.xml.in.
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sun, 15 Jun 2008 12:55:42 +0200
+
+cryptsetup (2:1.0.6-2ubuntu3) intrepid; urgency=low
+
+  * try harder to fix FTBFS.
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sun, 15 Jun 2008 11:42:54 +0200
+
+cryptsetup (2:1.0.6-2ubuntu2) intrepid; urgency=low
+
+  * build docbook documentation using local dtds instead of trying to
+    download them at buildtime. Fixes FTBFS.
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sun, 15 Jun 2008 11:12:28 +0200
+
+cryptsetup (2:1.0.6-2ubuntu1) intrepid; urgency=low
+
+  * Merge new debian version. Remaining changes:
+    - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
+      bzr on launchpad.
+    - debian/rules: cryptsetup is linked dynamically against libgcrypt and
+      libgpg-error.
+    - cryptdisks.functions: stop usplash on user input. LP #62751
+    - Parse comments in lines not starting with '#', LP #185380
+    - If the encrypted source device hasn't shown up yet, give it a
+      little while to deal with removable devices. LP #164044
+  * Depend on race-free version of libdevmapper, thus making udevsettle
+    call from cryptsetup binary unnecessary. Dropping patch
+    debian/patches/06_run_udevsettle.patch
+  * remove patch from LP #73862, loading optimized modules has been solved
+    in debian in another way.
+  * cryptdisk.functions: remove spurious call to load_optimized_module.
+    LP: #239946
+  * bugfix: make regex work if keyfile has extended attributes. LP: #231339.
+  * remove patch in cryptdisks.functions for rexecing the script itself for
+    ensuring that a tty is always available. (See LP #58794.) According to
+    Scott, this is not necessary anymore.
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sat, 14 Jun 2008 23:28:51 +0200
+
 cryptsetup (2:1.0.6-2) unstable; urgency=low
 
   [ Jonas Meurer ]
@@ -2444,6 +3789,54 @@ cryptsetup (2:1.0.6-2) unstable; urgency
 
  -- David Härdeman <david@hardeman.nu>  Mon, 26 May 2008 08:12:32 +0200
 
+cryptsetup (2:1.0.6-1ubuntu4) intrepid; urgency=low
+
+  [ Kjell Braden ]
+  * Fix configuration parsing (LP: #239808)
+
+  [ Reinhard Tartler ]
+  * cryptroot-script: use 'echo' instead of 'log_begin_msg' (LP: #237723)
+
+ -- Reinhard Tartler <siretart@tauware.de>  Fri, 13 Jun 2008 21:26:17 +0200
+
+cryptsetup (2:1.0.6-1ubuntu3) intrepid; urgency=low
+
+  * Parse comments in lines not starting with '#', LP: #185380
+  * in cryptroot hook, don't rely on 'udevadm settle' to wait long enough
+    for the cryptdevice to appear. Reimplement the busy waiting loop found
+    while waiting for the root file system. Patch based on work by Swâmi
+    Petaramesh. LP: #164044
+  * debian/crypdisks.functions: call 'env' with full path. LP: #178829.
+
+ -- Reinhard Tartler <siretart@tauware.de>  Mon, 26 May 2008 22:12:32 +0200
+
+cryptsetup (2:1.0.6-1ubuntu2) intrepid; urgency=low
+
+  * Simplify the patch in debian/cryptdisks.functions that stops usplash
+    before asking for a passphrase.
+
+ -- Reinhard Tartler <siretart@tauware.de>  Mon, 26 May 2008 20:18:14 +0200
+
+cryptsetup (2:1.0.6-1ubuntu1) intrepid; urgency=low
+
+  * Merge new debian version. Remaining changes:
+    - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
+    - stop usplash on user input. LP #62751
+    - debian/cryptdisks.functions: Always output and read from the console.
+      LP #58794.
+    - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
+      bzr on launchpad.
+    - debian/initramfs/cryptroot-hook: LP #73862
+      Added patch to install aes optimized cypher module
+    - try to load optimized cypher module in cryptsetup.functions as well,
+      because cryptroot-hook is only executed when we really have a
+      cryptoroot.
+  * other ubuntu changes have been merged into debian. Please report bugs
+    if you believe some patches have been dropped.
+  * removed 07_typos_fix.patch, has been reviewed and applied upstream.
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sun, 25 May 2008 22:52:30 +0200
+
 cryptsetup (2:1.0.6-1) unstable; urgency=low
 
   [ Jonas Meurer ]
@@ -2575,6 +3968,138 @@ cryptsetup (2:1.0.6~pre1-1) unstable; ur
 
  -- Jonas Meurer <mejo@debian.org>  Thu, 06 Dec 2007 15:56:05 +0100
 
+cryptsetup (2:1.0.5-2ubuntu12) hardy; urgency=low
+
+  * added debian/patches/07_typos_fix.dpatch: fixed typos in man pages. (LP: #164181)
+
+ -- Bruno Barrera Yever <bbyever@gmail.com>  Mon, 07 Apr 2008 18:43:05 -0500
+
+cryptsetup (2:1.0.5-2ubuntu11) hardy; urgency=low
+
+  * debian/initramfs/cryptroot-script: Do show the disk name after all, since
+    some people use multiple encrypted partitions as LVM PVs. (LP: #201413)
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Sun, 06 Apr 2008 11:54:41 -0600
+
+cryptsetup (2:1.0.5-2ubuntu10) hardy; urgency=low
+
+  * debian/initramfs/cryptroot-script: Do not mention the name of the
+    encrypted device. It is just technobabble anyway (sda4_crypt), and there
+    is just one root partition ever, so it is not needed to tell apart
+    different partitions. From a security POV, someone who can change your
+    initramfs to boot a different root partition can just as well change the
+    strings, too. (LP: #201413)
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 02 Apr 2008 15:51:53 +0200
+
+cryptsetup (2:1.0.5-2ubuntu9) hardy; urgency=low
+
+  * debian/scripts/luksformat: Use 256 bit key size by default.
+    (LP: #78508)
+  * debian/patches/02_manpage.dpatch: Clarify default key sizes (128 for
+    luksFormat and 256 for create) in cryptsetup.8. (side-note in LP #78508)
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 27 Feb 2008 17:43:46 +0100
+
+cryptsetup (2:1.0.5-2ubuntu8) hardy; urgency=low
+
+  * Fix -x calls and access() call.
+
+ -- Scott James Remnant <scott@ubuntu.com>  Fri, 14 Dec 2007 16:54:53 +0000
+
+cryptsetup (2:1.0.5-2ubuntu7) hardy; urgency=low
+
+  * debian/initramfs/cryptroot-script: call udevadm instead of udevsettle
+  * debian/patches/06_call_udevsettle.dpatch: likewise
+
+ -- Scott James Remnant <scott@ubuntu.com>  Fri, 14 Dec 2007 16:11:36 +0000
+
+cryptsetup (2:1.0.5-2ubuntu6) hardy; urgency=low
+
+  * Make cryptsetup understand devices specified by UUID=... or LABEL= 
+    in crypttab. (LP: #153597)
+
+ -- Andrea Colangelo <warp10@libero.it>  Mon, 29 Oct 2007 18:22:51 +0100
+
+cryptsetup (2:1.0.5-2ubuntu5) hardy; urgency=low
+
+  * reenable additional udevsettle calls in cryptroot hook from
+    https://launchpad.net/bugs/85640, LP: #132373.
+  * change maintainer to ubuntu-core-dev.
+  * use Vcs-Bzr instead of XSCB-Vcs-Bzr header in debian/control.
+
+ -- Reinhard Tartler <siretart@tauware.de>  Thu, 08 Nov 2007 23:52:19 +0100
+
+cryptsetup (2:1.0.5-2ubuntu4) hardy; urgency=low
+
+  * reapply changes from version 2:1.0.5-2ubuntu2, got dropped with last
+    upload. Sorry, pitti.
+  * convert patch to lib/libdevmapper.c to a dpatch.
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sun, 04 Nov 2007 21:42:43 +0100
+
+cryptsetup (2:1.0.5-2ubuntu3) hardy; urgency=low
+
+  * RELIABILY FIX: lib/libdevmapper.c: Ensure that pending device creation
+    events are being processed by calling /sbin/udevsettle. Patch based on
+    OpenSUSE bug #285478, LP: #132373.
+  * Based on the change above, the patch from LP #85640 is no longer needed.
+    dropping the relevant parts.
+  * Fix debian/rules to not fail to build if autom4te.cache is left behind
+    from a previous incomplete build.
+
+ -- Reinhard Tartler <siretart@tauware.de>  Fri, 02 Nov 2007 20:53:31 +0100
+
+cryptsetup (2:1.0.5-2ubuntu2) gutsy; urgency=low
+
+  * debian/initramfs/cryptroot-script:
+    - If the supplied password worked, remove the prompt from usplash again,
+      so that the user has some visual feedback that everything is alright.
+      (LP: #151305)
+    - Do not show the UUID device node of the outer physical device. It is
+      scary ("/dev/disk/by-uuid/1234yadayada") and displaying it does not
+      improve security at all: If attackers can tamper with your initramfs,
+      they can also change the prompt, and if the UUID of the physical device
+      changes, then booting will not even get that far. Now it is a much more
+      friendly "Enter passphrase for sda5_crypt:" which is still technical,
+      but it's necessary to point out which device will be unlocked in case
+      there are several.
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Thu, 11 Oct 2007 19:51:58 +0200
+
+cryptsetup (2:1.0.5-2ubuntu1) gutsy; urgency=low
+
+  * Merge new debian version. Remaining changes:
+    - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
+      This will break systems where /usr is a separate encrypted filesystem
+      but not have other bad consequences (in particular, systems with
+      encrypted root are still fine).  The upsides include better
+      security supportability and smaller packages.
+    - libcryptsetup.so et al removed from the binary packages.  They have
+      no stable ABI and are not suitable for use by other packages, and
+      were in violation of library policies etc.  They're not needed since
+      the cryptsetup executable statically contains the relevant parts of
+      libcryptsetup.
+    - cryptdisks.functions: remove #!/bin/bash as it isn't a script
+      by itself; it's only sourced by other scripts.  This gets rid
+      of the lintian warning `script-not-executable' for this file.
+    - stop usplash on user input. LP #62751
+    - Always output and read from the console. LP #58794.
+    - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
+      bzr on launchpad.
+    - Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate
+      libnsl linkage;
+    - debian/initramfs/cryptroot-hook: (LP: #73862)
+      Added patch to install aes optimized cypher module
+    - try to load optimized cypher module in cryptsetup.functions as well,
+      because cryptroot-hook is only executed when we really have a
+      cryptoroot.
+    - apply patch from pitti for allowing UUIDs in /etc/crypttab.
+      This allowes crypted PVs! LP: #144390.
+    - remove README.ubuntu, since it contains old and obsolete information.
+
+ -- Reinhard Tartler <siretart@tauware.de>  Tue, 02 Oct 2007 21:31:28 +0200
+
 cryptsetup (2:1.0.5-2) unstable; urgency=low
 
   [ Jonas Meurer ]
@@ -2623,6 +4148,68 @@ cryptsetup (2:1.0.5-2) unstable; urgency
 
  -- Jonas Meurer <mejo@debian.org>  Mon, 24 Sep 2007 15:42:06 +0200
 
+cryptsetup (2:1.0.5-1ubuntu5) UNRELEASED; urgency=low
+
+  * apply patch from pitti for allowing UUIDs in /etc/crypttab.
+    This allowes crypted PVs! LP: #144390.
+  * remove README.ubuntu, since it contains old and obsolete information.
+
+ -- Reinhard Tartler <siretart@tauware.de>  Tue, 02 Oct 2007 19:59:24 +0200
+
+cryptsetup (2:1.0.5-1ubuntu4) gutsy; urgency=low
+
+  [ Stephan Hermann ]
+  * debian/initramfs/cryptroot-hook: (LP: #73862)
+    - Added patch to install aes optimized cypher module
+
+  [ Reinhard Tartler ]
+  * re-applying old patch to new package version
+  * try to load optimized cypher module in cryptsetup.functions as well,
+    because cryptroot-hook is only executed when we really have a
+    cryptoroot.
+
+ -- Reinhard Tartler <siretart@tauware.de>  Thu, 27 Sep 2007 19:38:48 +0200
+
+cryptsetup (2:1.0.5-1ubuntu3) gutsy; urgency=low
+
+  * Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate
+    libnsl linkage; should finally produce a usable cryptsetup binary for
+    the udeb.
+
+ -- Colin Watson <cjwatson@ubuntu.com>  Wed, 19 Sep 2007 15:28:52 +0100
+
+cryptsetup (2:1.0.5-1ubuntu2) gutsy; urgency=low
+
+  * Bump libgcrypt11 build-dependency to 1.2.4-2ubuntu1 and rebuild for
+    proper udeb dependencies.
+
+ -- Colin Watson <cjwatson@ubuntu.com>  Wed, 19 Sep 2007 01:37:02 +0100
+
+cryptsetup (2:1.0.5-1ubuntu1) gutsy; urgency=low
+
+  * Merge new debian version. Remaining changes:
+    - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
+      This will break systems where /usr is a separate encrypted filesystem
+      but not have other bad consequences (in particular, systems with
+      encrypted root are still fine).  The upsides include better
+      security supportability and smaller packages.
+    - libcryptsetup.so et al removed from the binary packages.  They have
+      no stable ABI and are not suitable for use by other packages, and
+      were in violation of library policies etc.  They're not needed since
+      the cryptsetup executable statically contains the relevant parts of
+      libcryptsetup.
+    - cryptdisks.functions: remove #!/bin/bash as it isn't a script
+      by itself; it's only sourced by other scripts.  This gets rid
+      of the lintian warning `script-not-executable' for this file.
+    - stop usplash on user input. LP #62751
+    - Always output and read from the console. LP #58794.
+  * Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
+    bzr on launchpad.
+  * UVF exception request granted by Scott Kitterman and Chuck Short
+    LP: #138295
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sat, 08 Sep 2007 19:04:54 +0200
+
 cryptsetup (2:1.0.5-1) unstable; urgency=low
 
   [ Jonas Meurer ]
@@ -2643,6 +4230,66 @@ cryptsetup (2:1.0.5-1) unstable; urgency
 
  -- Jonas Meurer <mejo@debian.org>  Fri, 27 Jul 2007 04:59:33 +0200
 
+cryptsetup (2:1.0.4+svn29-1ubuntu6) gutsy; urgency=low
+
+  * Add notes by Ilkka Tuohela in a new file debian/README.ubuntu
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sat, 08 Sep 2007 18:43:56 +0200
+
+cryptsetup (2:1.0.4+svn29-1ubuntu5) gutsy; urgency=low
+
+  * cryptsetup is linked dynamically against libgcrypt and libgpg-error.
+    This will break systems where /usr is a separate encrypted filesystem
+    but not have other bad consequences (in particular, systems with
+    encrypted root are still fine).  The upsides include better
+    security supportability and smaller packages.
+  * libcryptsetup.so et al removed from the binary packages.  They have
+    no stable ABI and are not suitable for use by other packages, and
+    were in violation of library policies etc.  They're not needed since
+    the cryptsetup executable statically contains the relevant parts of
+    libcryptsetup.
+  * cryptdisks.functions: remove #!/bin/bash as it isn't a script
+    by itself; it's only sourced by other scripts.  This gets rid
+    of the lintian warning `script-not-executable' for this file.
+
+ -- Ian Jackson <iwj@ubuntu.com>  Fri, 31 Aug 2007 12:05:33 +0100
+
+cryptsetup (2:1.0.4+svn29-1ubuntu4) gutsy; urgency=low
+
+  * s/$CRYPTCMD/cryptsetup/ in debian/cryptdisks.functions
+    (LP: #115617)
+
+ -- Reinhard Tartler <siretart@ubuntu.com>  Tue, 29 May 2007 17:04:05 +0200
+
+cryptsetup (2:1.0.4+svn29-1ubuntu3) gutsy; urgency=low
+
+  * make luksformat check if filesystem is already mounted to prevent a
+    strange error message. thanks to mvo for the patch (LP: #116633)
+  * remove file debian/initramfs-cryptroot-script from source. it is not
+    installed anywhere, and a leftover from the last merge.
+  * add missing hunk of cryptsetup.functions compared to debian package.
+  * reapply http://librarian.launchpad.net/7329604/bug85640.debdiff to
+    debian/initramfs/cryptroot-script, since stgraber's patch has been
+    lost in the last merge. (LP: #85640)
+
+ -- Reinhard Tartler <siretart@ubuntu.com>  Tue, 29 May 2007 15:02:57 +0200
+
+cryptsetup (2:1.0.4+svn29-1ubuntu2) gutsy; urgency=low
+
+  * modprobe dm-mod from cryptsetup.functions. (LP: #64625, #91405)
+
+ -- Reinhard Tartler <siretart@ubuntu.com>  Tue, 29 May 2007 13:31:39 +0200
+
+cryptsetup (2:1.0.4+svn29-1ubuntu1) gutsy; urgency=low
+
+  * Merge from Debian unstable. Remaining Ubuntu changes:
+    - stop usplash on user input. Ubuntu: #62751
+    - Always output and read from the console.  Ubuntu: #58794.
+    - Wait for Udev to be ready to avoid partition non-detection. (LP: #85640)
+  * Modify Maintainer value to match Debian-Maintainer-Field Spec
+
+ -- Andrea Veri <bluekuja@ubuntu.com>  Sun,  6 May 2007 22:33:25 +0200
+
 cryptsetup (2:1.0.4+svn29-1) unstable; urgency=low
 
   * New upstream svn snapshot with several bugfixes
@@ -2695,6 +4342,20 @@ cryptsetup (2:1.0.4+svn26-2) unstable; u
 
  -- Jonas Meurer <mejo@debian.org>  Sat, 28 Apr 2007 20:45:50 +0200
 
+cryptsetup (2:1.0.4+svn26-1ubuntu2) feisty; urgency=low
+
+  * Wait for Udev to be ready to avoid partition non-detection. (LP: #85640)
+
+ -- Stéphane Graber <stgraber@ubuntu.com>  Thu,  14 Apr 2007 10:03:41 +0200
+
+cryptsetup (2:1.0.4+svn26-1ubuntu1) feisty; urgency=low
+
+  * merge debian changes. Remaining ubuntu changes:
+    - stop usplash on user input. Ubuntu: #62751
+    - Always output and read from the console.  Ubuntu: #58794.
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sat,  3 Feb 2007 21:30:03 +0100
+
 cryptsetup (2:1.0.4+svn26-1) unstable; urgency=high
 
   [ Jonas Meurer ]
@@ -2744,6 +4405,28 @@ cryptsetup (2:1.0.4+svn16-1) unstable; u
 
  -- Jonas Meurer <mejo@debian.org>  Tue, 28 Nov 2006 18:17:12 +0100
 
+cryptsetup (2:1.0.4-8ubuntu2) feisty; urgency=low
+
+  * fix and improve initramfs hook: terminate usplash if running, since
+    adequate secure text input is not possible with usplash ATM
+  * usplash support: Terminate usplash before asking a password. 
+    Closes https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/62751
+
+ -- Reinhard Tartler <siretart@tauware.de>  Wed, 24 Jan 2007 22:43:28 +0100
+
+cryptsetup (2:1.0.4-8ubuntu1) feisty; urgency=low
+
+  * merge debian changes, remaining patches:
+    - Always output and read from the console.  Ubuntu: #58794.
+  * other changes have been merged or do noy apply anymore
+  * read password via usplash if available in initramfs for rootfs. based on a patch from  
+    Swen Thümmler (Thanks for that!)  Ubuntu #62751
+  * read password from initscript via usplash if running. should fix the
+    rest of Ubuntu #62751. Only problem with that patch: It asks only once
+    for the password! improvements welcome!
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sun, 19 Nov 2006 20:04:19 +0100
+
 cryptsetup (2:1.0.4-8) unstable; urgency=high
 
   [ Jonas Meurer ]
@@ -2901,6 +4584,27 @@ cryptsetup (2:1.0.4~rc2-1) unstable; urg
 
  -- Jonas Meurer <mejo@debian.org>  Mon,  4 Sep 2006 03:55:35 +0200
 
+cryptsetup (2:1.0.3-3ubuntu3) edgy; urgency=low
+
+  * Always output and read from the console.  Ubuntu: #58794.
+
+ -- Scott James Remnant <scott@ubuntu.com>  Thu, 21 Sep 2006 03:05:18 +0100
+
+cryptsetup (2:1.0.3-3ubuntu2) edgy; urgency=low
+
+  * Load the dm-crypt module on startup.  Ubuntu: #53475.
+
+ -- Scott James Remnant <scott@ubuntu.com>  Wed, 23 Aug 2006 11:53:49 +0200
+
+cryptsetup (2:1.0.3-3ubuntu1) edgy; urgency=low
+
+  * Sync with Debian:
+    Remaining Ubuntu Changes
+    + debian/cryptdisks.functions:
+      - Tell usplash to quit if we ask for a passphrase
+
+ -- Sebastian Dröge <slomo@ubuntu.com>  Tue, 11 Jul 2006 20:03:27 +0200
+
 cryptsetup (2:1.0.3-3) unstable; urgency=low
 
   [ Jonas Meurer ]
@@ -3320,3 +5024,4 @@ cryptsetup-luks (0.992-1) unstable; urge
   * "integrated LUKS" support (very messy hack)
 
  -- Michael Gebetsroither <michael.geb@gmx.at>  Thu, 10 Feb 2005 18:16:21 +0100
+
diff -pruN 2:2.4.3-1/debian/control 2:2.4.3-1ubuntu1/debian/control
--- 2:2.4.3-1/debian/control	2022-01-13 18:07:05.000000000 +0000
+++ 2:2.4.3-1ubuntu1/debian/control	2022-01-13 21:44:35.000000000 +0000
@@ -1,7 +1,8 @@
 Source: cryptsetup
 Section: admin
 Priority: optional
-Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>
 Uploaders: Jonas Meurer <jonas@freesources.org>,
            Guilhem Moulin <guilhem@debian.org>
 Rules-Requires-Root: no
@@ -42,7 +43,8 @@ Depends: cryptsetup-bin (>= 2:1.6.0),
          dmsetup,
          ${misc:Depends},
          ${shlibs:Depends}
-Suggests: cryptsetup-initramfs, dosfstools, keyutils, liblocale-gettext-perl
+Recommends: cryptsetup-initramfs
+Suggests: dosfstools, keyutils, liblocale-gettext-perl
 Replaces: cryptsetup-run (<< 2:2.1.0-6)
 Breaks: cryptsetup-run (<< 2:2.1.0-6)
 Description: disk encryption support - startup scripts
@@ -75,11 +77,11 @@ Description: disk encryption support - c
 
 Package: cryptsetup-initramfs
 Architecture: all
-Depends: busybox | busybox-static,
+Depends: busybox-initramfs,
          cryptsetup (>= ${source:Version}),
          initramfs-tools (>= 0.137) | linux-initramfs-tool,
          ${misc:Depends}
-Recommends: console-setup, kbd
+Recommends: console-setup, kbd, plymouth
 Breaks: cryptsetup (<< 2:2.0.3-1)
 Replaces: cryptsetup (<< 2:2.0.3-1)
 Description: disk encryption support - initramfs integration
@@ -91,7 +93,7 @@ Description: disk encryption support - i
  This package provides initramfs integration for cryptsetup.
 
 Package: cryptsetup-suspend
-Architecture: linux-any
+Architecture: amd64 arm64 armhf ppc64el riscv64 s390x
 Multi-Arch: foreign
 Depends: cryptsetup-initramfs (>= ${source:Version}),
          initramfs-tools-core,
@@ -151,6 +153,7 @@ Description: disk encryption support - d
 Package: cryptsetup-udeb
 Section: debian-installer
 Package-Type: udeb
+Build-Profiles: <!noudeb>
 Architecture: linux-any
 Depends: dmsetup-udeb, ${misc:Depends}, ${shlibs:Depends}
 Description: disk encryption support - commandline tools (udeb)
@@ -164,6 +167,7 @@ Description: disk encryption support - c
 Package: libcryptsetup12-udeb
 Section: debian-installer
 Package-Type: udeb
+Build-Profiles: <!noudeb>
 Architecture: linux-any
 Depends: ${misc:Depends}, ${shlibs:Depends}
 Description: disk encryption support - shared library (udeb)
diff -pruN 2:2.4.3-1/debian/functions 2:2.4.3-1ubuntu1/debian/functions
--- 2:2.4.3-1/debian/functions	2022-01-13 18:07:05.000000000 +0000
+++ 2:2.4.3-1ubuntu1/debian/functions	2022-01-13 21:44:35.000000000 +0000
@@ -605,6 +605,7 @@ _resolve_device() {
 #   Print the major:minor device ID(s) holding the file system currently
 #   mounted currenty mounted on $mountpoint.
 #   Return 0 on success, 1 on error (if $mountpoint is not a mountpoint).
+#   devno will be empty if the filesystem must be excluded.
 get_mnt_devno() {
     local wantmount="$1" devnos="" uuid dev IFS
     local spec mountpoint fstype _ DEV MAJ MIN
@@ -618,8 +619,15 @@ get_mnt_devno() {
             # take the last mountpoint if used several times (shadowed)
             unset -v devnos
             spec="$(printf '%b' "$spec")"
-            _resolve_device "$spec" || continue # _resolve_device() already warns on error
             fstype="$(printf '%b' "$fstype")"
+            if [ "$fstype" = "zfs" ]; then
+                # Ignore ZFS entries as they don't have a major/minor and won't
+                # be imported when local-top cryptroot script will ran.
+                # Returns success with empty devno
+                printf ''
+                return 0
+            fi
+            _resolve_device "$spec" || continue # _resolve_device() already warns on error
             if [ "$fstype" = "btrfs" ]; then
                 # btrfs can span over multiple devices
                 if uuid="$(_device_uuid "$DEV")"; then
diff -pruN 2:2.4.3-1/debian/initramfs/cryptroot-unlock 2:2.4.3-1ubuntu1/debian/initramfs/cryptroot-unlock
--- 2:2.4.3-1/debian/initramfs/cryptroot-unlock	2022-01-13 18:07:05.000000000 +0000
+++ 2:2.4.3-1ubuntu1/debian/initramfs/cryptroot-unlock	2022-01-13 21:44:36.000000000 +0000
@@ -40,8 +40,14 @@ fi
 pgrep_exe() {
 	local exe pid
 	exe="$(readlink -f -- "$1" 2>/dev/null)" && [ -f "$exe" ] || return 0
-	ps -eo pid= | while read pid; do
-		[ "$(readlink -f "/proc/$pid/exe")" != "$exe" ] || printf '%d\n' "$pid"
+	ps | awk '{print $1, $5}' | while read LINE; do
+		set $LINE
+		local pid=$1
+		local cmd=$(readlink -f -- "$2")
+		if [ "$cmd" == "$exe" ]; then
+			echo $pid
+			break
+		fi
 	done
 }
 
@@ -101,7 +107,7 @@ wait_for_prompt() {
 			break
 		fi
 
-		usleep 100000
+		sleep 0.1
 		timer=$(( $timer - 1 ))
 		if [ $timer -le 0 ]; then
 			echo "Error: Timeout reached while waiting for askpass." >&2
@@ -112,7 +118,7 @@ wait_for_prompt() {
 	# find the cryptsetup process with same $CRYPTTAB_NAME
 	local o v
 	for o in NAME TRIED OPTION_tries; do
-		if v="$(grep -z -m1 "^CRYPTTAB_$o=" "/proc/$pid/environ")"; then
+		if v="$(tr '\0' '\n' < "/proc/$pid/environ" | grep -m1 "^CRYPTTAB_$o=")"; then
 			eval "CRYPTTAB_$o"="\${v#CRYPTTAB_$o=}"
 		else
 			eval unset -v "CRYPTTAB_$o"
@@ -128,7 +134,7 @@ wait_for_prompt() {
 	fi
 
 	for pid in $(pgrep_exe "/sbin/cryptsetup"); do
-		if grep -Fxqz "CRYPTTAB_NAME=$CRYPTTAB_NAME" "/proc/$pid/environ"; then
+		if tr '\0' '\n' < "/proc/$pid/environ" | grep -Fxq "CRYPTTAB_NAME=$CRYPTTAB_NAME"; then
 			PID=$pid
 			BIRTH=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) || break
 			return 0
@@ -148,7 +154,7 @@ wait_for_prompt() {
 wait_for_answer() {
 	local timer=$(( 10 * $TIMEOUT )) b
 	while [ -d "/proc/$PID" ] && b=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) && [ $b -le $BIRTH ]; do
-		usleep 100000
+		sleep 0.1
 		timer=$(( $timer - 1 ))
 		if [ $timer -le 0 ]; then
 			echo "Error: Timeout reached while waiting for PID $PID." >&2
diff -pruN 2:2.4.3-1/debian/initramfs/hooks/cryptroot 2:2.4.3-1ubuntu1/debian/initramfs/hooks/cryptroot
--- 2:2.4.3-1/debian/initramfs/hooks/cryptroot	2022-01-13 18:07:05.000000000 +0000
+++ 2:2.4.3-1ubuntu1/debian/initramfs/hooks/cryptroot	2022-01-13 21:44:36.000000000 +0000
@@ -181,16 +181,18 @@ generate_initrd_crypttab() {
 
     {
         if devnos="$(get_mnt_devno /)"; then
-            usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos
+            if [ -n "$devnos" ]; then
+                usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos
+            fi
         else
             cryptsetup_message "WARNING: Couldn't determine root device"
         fi
 
-        if devnos="$(get_resume_devno)"; then
+        if devnos="$(get_resume_devno)" && [ -n "$devnos" ]; then
             usage=resume foreach_cryptdev crypttab_find_and_print_entry $devnos
         fi
 
-        if devnos="$(get_mnt_devno /usr)"; then
+        if devnos="$(get_mnt_devno /usr)" && [ -n "$devnos" ]; then
             usage="" foreach_cryptdev crypttab_find_and_print_entry $devnos
         fi
 
diff -pruN 2:2.4.3-1/debian/patches/decrease_memlock_ulimit.patch 2:2.4.3-1ubuntu1/debian/patches/decrease_memlock_ulimit.patch
--- 2:2.4.3-1/debian/patches/decrease_memlock_ulimit.patch	1970-01-01 00:00:00.000000000 +0000
+++ 2:2.4.3-1ubuntu1/debian/patches/decrease_memlock_ulimit.patch	2021-12-01 02:11:55.000000000 +0000
@@ -0,0 +1,55 @@
+Description: Decrease memlock limit to mimic Xenial builder behavior.
+ This approach prevents cryptsetup to FTBFS, since the PPA builders were
+ upgraded to Bionic, which has a bigger memlock limit (but not enough).
+ With this quirk, cryptsetup won't mlock() its memory allocationss, hence
+ it behaves exactly as the Xenial builders. Meanwhile, we pursue the
+ proper fix (systemd patch to bump memlock to a higher limit on Bionic).
+Author: Guilherme G. Piccoli <gpiccoli@canonical.com>
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1891473
+Last-Update: 2020-09-09
+
+Index: cryptsetup-2.3.3/tests/compat-test
+===================================================================
+--- cryptsetup-2.3.3.orig/tests/compat-test
++++ cryptsetup-2.3.3/tests/compat-test
+@@ -45,6 +45,10 @@ TEST_UUID="12345678-1234-1234-1234-12345
+ LOOPDEV=$(losetup -f 2>/dev/null)
+ [ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
+ 
++# Circumvent test failure due to Bionic builder; we need to decrease
++# the memlock limit here to mimic Xenial builder (see LP #1891473).
++ulimit -l 0
++
+ function remove_mapping()
+ {
+ 	[ -b /dev/mapper/$DEV_NAME3 ] && dmsetup remove --retry $DEV_NAME3 >/dev/null 2>&1
+Index: cryptsetup-2.3.3/tests/luks2-validation-test
+===================================================================
+--- cryptsetup-2.3.3.orig/tests/luks2-validation-test
++++ cryptsetup-2.3.3/tests/luks2-validation-test
+@@ -21,6 +21,10 @@ FAILS=0
+ 
+ [ -z "$srcdir" ] && srcdir="."
+ 
++# Circumvent test failure due to Bionic builder; we need to decrease
++# the memlock limit here to mimic Xenial builder (see LP #1891473).
++ulimit -l 0
++
+ function remove_mapping()
+ {
+ 	rm -rf $IMG $TST_IMGS >/dev/null 2>&1
+Index: cryptsetup-2.3.3/tests/tcrypt-compat-test
+===================================================================
+--- cryptsetup-2.3.3.orig/tests/tcrypt-compat-test
++++ cryptsetup-2.3.3/tests/tcrypt-compat-test
+@@ -13,6 +13,10 @@ PIM=1234
+ 
+ [ -z "$srcdir" ] && srcdir="."
+ 
++# Circumvent test failure due to Bionic builder; we need to decrease
++# the memlock limit here to mimic Xenial builder (see LP #1891473).
++ulimit -l 0
++
+ function remove_mapping()
+ {
+ 	[ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP
diff -pruN 2:2.4.3-1/debian/patches/series 2:2.4.3-1ubuntu1/debian/patches/series
--- 2:2.4.3-1/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ 2:2.4.3-1ubuntu1/debian/patches/series	2021-12-01 02:11:55.000000000 +0000
@@ -0,0 +1 @@
+decrease_memlock_ulimit.patch
diff -pruN 2:2.4.3-1/debian/rules 2:2.4.3-1ubuntu1/debian/rules
--- 2:2.4.3-1/debian/rules	2022-01-13 18:07:05.000000000 +0000
+++ 2:2.4.3-1ubuntu1/debian/rules	2022-01-13 21:44:35.000000000 +0000
@@ -9,6 +9,10 @@ DEB_CFLAGS_MAINT_APPEND = -Wall
 include /usr/share/dpkg/architecture.mk
 -include /usr/share/dpkg/buildtools.mk
 
+ifeq (,$(filter noudeb, $(DEB_BUILD_PROFILES)))
+  with_udeb = yes
+endif
+
 CONFFLAGS =
 
 # Used e.g. for manpages (to build them in a reprodicible way)
@@ -83,10 +87,14 @@ override_dh_bugfiles:
 execute_after_dh_fixperms-arch:
 	chmod 0755 debian/cryptsetup/lib/cryptsetup/checks/*
 	chmod 0755 debian/cryptsetup/lib/cryptsetup/scripts/decrypt_*
+ifneq ($(DEB_HOST_ARCH),i386)
 	chmod 0755 debian/cryptsetup-suspend/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper
 	chmod 0755 debian/cryptsetup-suspend/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown
+endif
+ifeq ($(with_udeb),yes)
 	chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/checks/*
 	chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/scripts/decrypt_*
+endif
 
 execute_after_dh_fixperms-indep:
 	chmod 0755 debian/cryptsetup-initramfs/usr/share/cryptsetup/initramfs/bin/*
