diff --git a/cryptsetup-2.0.5.tar.sign b/cryptsetup-2.0.5.tar.sign deleted file mode 100644 index fc0979a..0000000 --- a/cryptsetup-2.0.5.tar.sign +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAlvVz2sACgkQ2bBXe9k+ -mPyYuQ//fNwPronpHFrOzmv277cfzVT6zrgLKOaf/YlqA0h5XmBVX9xcOD9rXhda -ld9rumIQn9s8G8HLavxxxhnciqeNOS0T/1ry3NVpxYdfF1FptIjchH/Lo697P5dX -C1oAqchOqfxjm6dwmbllvXTgoHV657JUC5tuaL6Wl26DrhImmAgNi42yZehNtHZz -8FN0Fc0muU06LUmKR2a4P5xj2SvlNntMnvld+qLHf+k+bBrcJyu2cqaBNns45mXy -uDHXclP+8ofXW3mELmSBJ89GzLkr8Zpxp2dITv2GqtewX1MH5b8cMUwIVsCClqHl -2YNGhMqRkDDj0C8u8JpYvmmZxcMUaKr5EMze18NeqPXpZCBoW5nvEtsS7hWbCdyu -VPqdP4mHfHeQtZkk3U4SZLEU7xFzcTwhgpxRQPe6ujyz+PlrOLk0Z9js9WgOJZ1U -7a9YNnXWlNIcVqOoYm9SPBo9nj+eoVUr2GG3lT02udj5YhGZjDG0gbjgtM99jg+T -Bcv/h9abx6a2TmPIRW9Pa98ggIaeY3HbAK4D4xBritrfhvtyXMAYWbwj8ZkyCsCX -41I10Eh3dNXR6/OJQFjKv7RCqGzanyCzEG0F+G4mw5xqPx5jhowmjI7GaC54X7UZ -7RWYt1pl8F+UGIbBRl3BWuI+cHM0RBJ4Jx53f6zpqDP9hL58RbA= -=o3rq ------END PGP SIGNATURE----- diff --git a/cryptsetup-2.0.5.tar.xz b/cryptsetup-2.0.5.tar.xz deleted file mode 100644 index ec62a0a..0000000 --- a/cryptsetup-2.0.5.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a0f72ca2c824a5a555dc8924413dfe947eca23ab2e30bcff54eaafefe5fe301d -size 10476304 diff --git a/cryptsetup-2.1.0.tar.sign b/cryptsetup-2.1.0.tar.sign new file mode 100644 index 0000000..1f375e2 --- /dev/null +++ b/cryptsetup-2.1.0.tar.sign @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAlxdkp0ACgkQ2bBXe9k+ +mPx0JxAAu+yx54yDHQO1QOZvINKVSrLwZ/nGAy+JDQsOsM/+zOlXictxD/yybzZv +GFuWdn5POnZDfwjp9b9UvudOUbxTLWNimyavV58iG0ICgFbxC6wpCVn0NxC+lPtt +3uThWXTgJzcDpGbi9oi7FWEoihG7DJHMsGVUeUnhcZC+NSdXl6/ZTb5i68/rNNzc +YHwM7OSWczn39Bdr0+/gs3jxnO01OP1weNgFZ6ChcENkSp8n+TQJEVwa+yiuO+rP +BcBws0zjBYTKcpm/ZtuPGczwOaEBwk/jyamgfoobIeCzIyyUdMrCxwE/3oYMJxqS +faijxMd21RZ3yqnkwvhTO1CbGWHAlVCqjAzyX8okhgjVi8gQpWvD67WRSC7FX+vD +72m9yZ5qTO0lNPTtze6xo88UvWskIZtSg1rPtP39vyBnAAgZflKFRu8r+IgXn612 +VRJLlit+mCmKOgi5ochkxlJgrMY6FmWbVMlq1sxFy1dk3wRQTh5DYzT5IGnhdXi8 +osY2swVKnVJhkThomVUJ8pXIwWGKZNGMzTU7Eofi9zSHwTMm0y6EdFNlXogrzmY3 +vEHOb3zEqPujWegBeqsHhuHgPQewgts+7bIPEbvEPsSwSqMvX8BPsyLv7c6bat9x +GhXTLwGeJ2RcNmF5bH7GMe7b+XLVaeBzNjLE3Ty0iFWgzT3Uwd0= +=gOH9 +-----END PGP SIGNATURE----- diff --git a/cryptsetup-2.1.0.tar.xz b/cryptsetup-2.1.0.tar.xz new file mode 100644 index 0000000..771df0f --- /dev/null +++ b/cryptsetup-2.1.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a3eeb2741f8f3376d16585191f3c60e067dd987e096c3c4b073fab7748b1c897 +size 10662576 diff --git a/cryptsetup.changes b/cryptsetup.changes index 3228621..cc8d92f 100644 --- a/cryptsetup.changes +++ b/cryptsetup.changes @@ -1,3 +1,36 @@ +------------------------------------------------------------------- +Fri Feb 15 15:01:18 UTC 2019 - Jan Engelhardt + +- Use noun phrase in summary. + +------------------------------------------------------------------- +Fri Feb 15 09:41:52 UTC 2019 - lnussel@suse.de + +- New version 2.1.0 + * The default size of the LUKS2 header is increased to 16 MB. + It includes metadata and the area used for binary keyslots; + it means that LUKS header backup is now 16MB in size. + * Cryptsetup now doubles LUKS default key size if XTS mode is used + (XTS mode uses two internal keys). This does not apply if key size + is explicitly specified on the command line and it does not apply + for the plain mode. + This fixes a confusion with AES and 256bit key in XTS mode where + code used AES128 and not AES256 as often expected. + * Default cryptographic backend used for LUKS header processing is now + OpenSSL. For years, OpenSSL provided better performance for PBKDF. + + * The Python bindings are no longer supported and the code was removed + from cryptsetup distribution. Please use the libblockdev project + that already covers most of the libcryptsetup functionality + including LUKS2. + * Cryptsetup now allows using --offset option also for luksFormat. + * Cryptsetup now supports new refresh action (that is the alias for + "open --refresh"). + * Integritysetup now supports mode with detached data device through + new --data-device option. +- 2.1.0 would use LUKS2 as default, we stay with LUKS1 for now until + someone has time to evaluate the fallout from switching to LUKS2. + ------------------------------------------------------------------- Tue Oct 30 10:10:35 UTC 2018 - lnussel@suse.de diff --git a/cryptsetup.spec b/cryptsetup.spec index 754cfa5..b51c5cc 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -1,7 +1,7 @@ # # spec file for package cryptsetup # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -22,25 +22,25 @@ Name: cryptsetup2 %else Name: cryptsetup %endif -Version: 2.0.5 +Version: 2.1.0 Release: 0 -Summary: Set Up dm-crypt Based Encrypted Block Devices +Summary: Setup program for dm-crypt Based Encrypted Block Devices License: SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later Group: System/Base Url: https://gitlab.com/cryptsetup/cryptsetup/ -Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{version}.tar.xz +Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.1/cryptsetup-%{version}.tar.xz # GPG signature of the uncompressed tarball. -Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{version}.tar.sign +Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.1/cryptsetup-%{version}.tar.sign Source2: baselibs.conf Source3: cryptsetup.keyring BuildRequires: device-mapper-devel BuildRequires: fipscheck BuildRequires: fipscheck-devel -BuildRequires: libgcrypt-devel BuildRequires: libjson-c-devel BuildRequires: libpwquality-devel BuildRequires: libselinux-devel BuildRequires: libuuid-devel +BuildRequires: pkgconfig(openssl) # 2.6.38 has the required if_alg.h BuildRequires: linux-glibc-devel >= 2.6.38 BuildRequires: pkgconfig @@ -64,7 +64,7 @@ includes support for automatically setting up encrypted volumes at boot time via the config file %{_sysconfdir}/crypttab. %package -n libcryptsetup%{so_ver} -Summary: Set Up dm-crypt Based Encrypted Block Devices +Summary: Library for setting up dm-crypt Based Encrypted Block Devices Group: System/Libraries Suggests: libcryptsetup%{so_ver}-hmac @@ -76,7 +76,7 @@ includes support for automatically setting up encrypted volumes at boot time via the config file %{_sysconfdir}/crypttab. %package -n libcryptsetup%{so_ver}-hmac -Summary: Checksums for libcryptsetup4 +Summary: Checksums for libcryptsetup%{so_ver} Group: System/Base %description -n libcryptsetup%{so_ver}-hmac @@ -84,7 +84,7 @@ This package contains HMAC checksums for integrity checking of libcryptsetup4, used for FIPS. %package -n lib%{name}-devel -Summary: Set Up dm-crypt Based Encrypted Block Devices +Summary: Header files for libcryptsetup Group: Development/Libraries/C and C++ Requires: glibc-devel Requires: libcryptsetup%{so_ver} = %{version} @@ -118,6 +118,7 @@ autoreconf -f -i --enable-pwquality \ --enable-gcrypt-pbkdf2 \ --enable-libargon2 \ + --with-default-luks-format=LUKS1 \ --with-luks2-lock-path=/run/cryptsetup \ --with-tmpfilesdir='%{_tmpfilesdir}' make %{?_smp_mflags} V=1