Revisions of cryptsetup
Gustavo Yokoyama Ribeiro (gyribeiro)
committed
(revision 4)
- cryptsetup 2.4.3: * Fix possible attacks against data confidentiality through LUKS2 online reencryption extension crash recovery CVE-2021-4122, boo#1194469 * Add configure option --disable-luks2-reencryption to completely disable LUKS2 reencryption code. * Improve internal metadata validation code for reencryption metadata * Add updated documentation for LUKS2 On-Disk Format Specification version 1.1.0 * Fix support for bitlk (BitLocker compatible) startup key with new metadata entry introduced in Windows 11 * Fix space restriction for LUKS2 reencryption with data shift - cryptsetup 2.4.2: * Fix possible large memory allocation if LUKS2 header size is invalid. * Fix memory corruption in debug message printing LUKS2 checksum. * veritysetup: remove link to the UUID library for the static build. * Remove link to pwquality library for integritysetup and veritysetup. These tools do not read passphrases. * OpenSSL3 backend: avoid remaining deprecated calls in API. Crypto backend no longer use API deprecated in OpenSSL 3.0 * Check if kernel device-mapper create device failed in an early phase. This happens when a concurrent creation of device-mapper devices meets in the very early state. * Do not set compiler optimization flag for Argon2 KDF if the memory wipe is implemented in libc.
Gustavo Yokoyama Ribeiro (gyribeiro)
committed
(revision 3)
sync with Factory
Gustavo Yokoyama Ribeiro (gyribeiro)
committed
(revision 2)
- need to use PBKDF2 by default for LUKS2 as grub can't decrypt when using Argon. - crypsetup 2.4.0 (jsc#SLE-20275) * External LUKS token plugins * Experimental SSH token * Default LUKS2 PBKDF is now Argon2id * Increase minimal memory cost for Argon2 benchmark to 64MiB. * Autodetect optimal encryption sector size on LUKS2 format. * Use VeraCrypt option by default and add --disable-veracrypt option. * Support --hash and --cipher to limit opening time for TCRYPT type * Fixed default OpenSSL crypt backend support for OpenSSL3. * integritysetup: add integrity-recalculate-reset flag. * cryptsetup: retains keyslot number in luksChangeKey for LUKS2. * Fix cryptsetup resize using LUKS2 tokens. * Add close --deferred and --cancel-deferred options. * Rewritten command-line option parsing to avoid libpopt arguments memory leaks. * Add --test-args option. - Use LUKS2 as default format on Tumbleweed. It provides some additional features which other tools (e.g. systemd-cryptenroll) rely on. GRUB 2.06 supports unlocking LUKS2 volumes meanwhile. - cryptsetup 2.3.6: * integritysetup: Fix possible dm-integrity mapping table truncation. * cryptsetup: Backup header can be used to activate TCRYPT device. Use --header option to specify the header. * cryptsetup: Avoid LUKS2 decryption without detached header.
Gustavo Yokoyama Ribeiro (gyribeiro)
committed
(revision 1)
initialize package
Displaying all 4 revisions