Overview Repositories Revisions Requests Users Attributes Meta

Revisions of cryptsetup

Gustavo Yokoyama Ribeiro's avatar Gustavo Yokoyama Ribeiro (gyribeiro) committed (revision 4) 
- cryptsetup 2.4.3:
  * Fix possible attacks against data confidentiality through
    LUKS2 online reencryption extension crash recovery
    CVE-2021-4122, boo#1194469
  * Add configure option --disable-luks2-reencryption to completely
    disable LUKS2 reencryption code.
  * Improve internal metadata validation code for reencryption
    metadata
  * Add updated documentation for LUKS2 On-Disk Format
    Specification version 1.1.0
  * Fix support for bitlk (BitLocker compatible) startup key with
    new  metadata entry introduced in Windows 11
  * Fix space restriction for LUKS2 reencryption with data shift

- cryptsetup 2.4.2:
  * Fix possible large memory allocation if LUKS2 header size is
    invalid.
  * Fix memory corruption in debug message printing LUKS2
    checksum.
  * veritysetup: remove link to the UUID library for the static
    build.
  * Remove link to pwquality library for integritysetup and
    veritysetup. These tools do not read passphrases.
  * OpenSSL3 backend: avoid remaining deprecated calls in API.
    Crypto backend no longer use API deprecated in OpenSSL 3.0
  * Check if kernel device-mapper create device failed in an early
    phase. This happens when a concurrent creation of device-mapper
    devices meets in the very early state.
  * Do not set compiler optimization flag for Argon2 KDF if the
    memory wipe is implemented in libc.
Gustavo Yokoyama Ribeiro's avatar Gustavo Yokoyama Ribeiro (gyribeiro) committed (revision 3) 
sync with Factory
Gustavo Yokoyama Ribeiro's avatar Gustavo Yokoyama Ribeiro (gyribeiro) committed (revision 2) 
- need to use PBKDF2 by default for LUKS2 as grub can't decrypt when
  using Argon.

- crypsetup 2.4.0 (jsc#SLE-20275)
  * External LUKS token plugins
  * Experimental SSH token
  * Default LUKS2 PBKDF is now Argon2id
  * Increase minimal memory cost for Argon2 benchmark to 64MiB.
  * Autodetect optimal encryption sector size on LUKS2 format.
  * Use VeraCrypt option by default and add --disable-veracrypt option.
  * Support --hash and --cipher to limit opening time for TCRYPT type
  * Fixed default OpenSSL crypt backend support for OpenSSL3.
  * integritysetup: add integrity-recalculate-reset flag.
  * cryptsetup: retains keyslot number in luksChangeKey for LUKS2.
  * Fix cryptsetup resize using LUKS2 tokens.
  * Add close --deferred and --cancel-deferred options.
  * Rewritten command-line option parsing to avoid libpopt arguments
    memory leaks.
  * Add --test-args option.

- Use LUKS2 as default format on Tumbleweed.
  It provides some additional features which other tools
  (e.g. systemd-cryptenroll) rely on. GRUB 2.06 supports unlocking
  LUKS2 volumes meanwhile.

- cryptsetup 2.3.6:
  * integritysetup: Fix possible dm-integrity mapping table truncation.
  * cryptsetup: Backup header can be used to activate TCRYPT device.
    Use --header option to specify the header.
  * cryptsetup: Avoid LUKS2 decryption without detached header.
Gustavo Yokoyama Ribeiro's avatar Gustavo Yokoyama Ribeiro (gyribeiro) committed (revision 1) 
initialize package
Displaying all 4 revisions
openSUSE Build Service is sponsored by
Places