diff --git a/cryptsetup-2.1.0.tar.sign b/cryptsetup-2.1.0.tar.sign deleted file mode 100644 index 1f375e2..0000000 --- a/cryptsetup-2.1.0.tar.sign +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAlxdkp0ACgkQ2bBXe9k+ -mPx0JxAAu+yx54yDHQO1QOZvINKVSrLwZ/nGAy+JDQsOsM/+zOlXictxD/yybzZv -GFuWdn5POnZDfwjp9b9UvudOUbxTLWNimyavV58iG0ICgFbxC6wpCVn0NxC+lPtt -3uThWXTgJzcDpGbi9oi7FWEoihG7DJHMsGVUeUnhcZC+NSdXl6/ZTb5i68/rNNzc -YHwM7OSWczn39Bdr0+/gs3jxnO01OP1weNgFZ6ChcENkSp8n+TQJEVwa+yiuO+rP -BcBws0zjBYTKcpm/ZtuPGczwOaEBwk/jyamgfoobIeCzIyyUdMrCxwE/3oYMJxqS -faijxMd21RZ3yqnkwvhTO1CbGWHAlVCqjAzyX8okhgjVi8gQpWvD67WRSC7FX+vD -72m9yZ5qTO0lNPTtze6xo88UvWskIZtSg1rPtP39vyBnAAgZflKFRu8r+IgXn612 -VRJLlit+mCmKOgi5ochkxlJgrMY6FmWbVMlq1sxFy1dk3wRQTh5DYzT5IGnhdXi8 -osY2swVKnVJhkThomVUJ8pXIwWGKZNGMzTU7Eofi9zSHwTMm0y6EdFNlXogrzmY3 -vEHOb3zEqPujWegBeqsHhuHgPQewgts+7bIPEbvEPsSwSqMvX8BPsyLv7c6bat9x -GhXTLwGeJ2RcNmF5bH7GMe7b+XLVaeBzNjLE3Ty0iFWgzT3Uwd0= -=gOH9 ------END PGP SIGNATURE----- diff --git a/cryptsetup-2.1.0.tar.xz b/cryptsetup-2.1.0.tar.xz deleted file mode 100644 index 771df0f..0000000 --- a/cryptsetup-2.1.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a3eeb2741f8f3376d16585191f3c60e067dd987e096c3c4b073fab7748b1c897 -size 10662576 diff --git a/cryptsetup-2.3.0.tar.sign b/cryptsetup-2.3.0.tar.sign new file mode 100644 index 0000000..b05b15e --- /dev/null +++ b/cryptsetup-2.3.0.tar.sign @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAl42+b4ACgkQ2bBXe9k+ +mPyC+w/+JY0R3jpt+iCfDjp/Terjwm+Q1NqOjTJ1pSps9ZzZF5vgqxDqF4IljxNX +zM4YtEN9HUUoE0U12FXmFTYlfoD4rj1AzR4Er9oX+P4YlGVQ0dmkGGr9gsmh+mpY +m9fZg3jLp+ebhkhIQqMgsUj2xjgQlYoc7hcRcNq9weatLBAidHIdd0JR/0ot2yAS +eLRodVOtfMvLDGhatMgwxm+FEXbPbgQXYrOemcqlHYPzKLv6xir9ZsLowZxABRaB +41LZ8o6+4VGqpoNA0r4M1XFqcJ0mDYLdLib7uNNFY97A5bZTUEmALuiHOBNdEygG +AgBUPnZPJUgSRKmJP4QL2CM6U3si3eNLDwrIjwp0cFtqnZB3bUzGfeu0h/XXSkrV +b6Yja7zneZNeWaxz8GWCiZwVVBtM2n7PamdVV4xqQF6GE0o84EkJ91oZBim+a/5B +PUOgcctQaYUAKkuvYXVhZQBaL5D4ppBWaFthENZSQ4sSlEILtsz5LYvWq1oMLWkv +rZN9lftPd5GqASkTIDQcTNL0GNdJR+P+0kMCNiWOCJzZNzEIk2D6tlyxjnJV8qrk +rFcShE9R3dADDJ9Ew+91JRk8C2XSG9gOS29K3fF2Hdnv7nfiTns3dh2V6kz/821W +E39CREgh0A67zppzKWyHnH1BayDeREgRA/TatjZWDAZOHWRM+Ig= +=cfqp +-----END PGP SIGNATURE----- diff --git a/cryptsetup-2.3.0.tar.xz b/cryptsetup-2.3.0.tar.xz new file mode 100644 index 0000000..2df831e --- /dev/null +++ b/cryptsetup-2.3.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:395690de99509428354d3cd15cf023bed01487e6f1565b2181e013dc847bbc85 +size 11035660 diff --git a/cryptsetup.changes b/cryptsetup.changes index c1b6626..6bd68f5 100644 --- a/cryptsetup.changes +++ b/cryptsetup.changes @@ -1,3 +1,60 @@ +------------------------------------------------------------------- +Tue Feb 4 07:59:24 UTC 2020 - Paolo Stivanin + +- Update to 2.3.0 (include release notes for 2.2.0) + * BITLK (Windows BitLocker compatible) device access + * Veritysetup now supports activation with additional PKCS7 signature + of root hash through --root-hash-signature option. + * Integritysetup now calculates hash integrity size according to algorithm + instead of requiring an explicit tag size. + * Integritysetup now supports fixed padding for dm-integrity devices. + * A lot of fixes to online LUKS2 reecryption. + * Add crypt_resume_by_volume_key() function to libcryptsetup. + If a user has a volume key available, the LUKS device can be resumed + directly using the provided volume key. + No keyslot derivation is needed, only the key digest is checked. + * Implement active device suspend info. + Add CRYPT_ACTIVATE_SUSPENDED bit to crypt_get_active_device() flags + that informs the caller that device is suspended (luksSuspend). + * Allow --test-passphrase for a detached header. + Before this fix, we required a data device specified on the command + line even though it was not necessary for the passphrase check. + * Allow --key-file option in legacy offline encryption. + The option was ignored for LUKS1 encryption initialization. + * Export memory safe functions. + To make developing of some extensions simpler, we now export + functions to handle memory with proper wipe on deallocation. + * Fail crypt_keyslot_get_pbkdf for inactive LUKS1 keyslot. + * Add optional global serialization lock for memory hard PBKDF. + * Abort conversion to LUKS1 with incompatible sector size that is + not supported in LUKS1. + * Report error (-ENOENT) if no LUKS keyslots are available. User can now + distinguish between a wrong passphrase and no keyslot available. + * Fix a possible segfault in detached header handling (double free). + * Add integritysetup support for bitmap mode introduced in Linux kernel 5.2. + * The libcryptsetup now keeps all file descriptors to underlying device + open during the whole lifetime of crypt device context to avoid excessive + scanning in udev (udev run scan on every descriptor close). + * The luksDump command now prints more info for reencryption keyslot + (when a device is in-reencryption). + * New --device-size parameter is supported for LUKS2 reencryption. + * New --resume-only parameter is supported for LUKS2 reencryption. + * The repair command now tries LUKS2 reencryption recovery if needed. + * If reencryption device is a file image, an interactive dialog now + asks if reencryption should be run safely in offline mode + (if autodetection of active devices failed). + * Fix activation through a token where dm-crypt volume key was not + set through keyring (but using old device-mapper table parameter mode). + * Online reencryption can now retain all keyslots (if all passphrases + are provided). Note that keyslot numbers will change in this case. + * Allow volume key file to be used if no LUKS2 keyslots are present. + * Print a warning if online reencrypt is called over LUKS1 (not supported). + * Fix TCRYPT KDF failure in FIPS mode. + * Remove FIPS mode restriction for crypt_volume_key_get. + * Reduce keyslots area size in luksFormat when the header device is too small. + * Make resize action accept --device-size parameter (supports units suffix). + +------------------------------------------------------------------- Thu Oct 17 11:55:51 UTC 2019 - Vítězslav Čížek - Create a weak dependency cycle between libcryptsetup and diff --git a/cryptsetup.spec b/cryptsetup.spec index f05f570..3151a68 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -1,7 +1,7 @@ # # spec file for package cryptsetup # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,15 +22,15 @@ Name: cryptsetup2 %else Name: cryptsetup %endif -Version: 2.1.0 +Version: 2.3.0 Release: 0 Summary: Setup program for dm-crypt Based Encrypted Block Devices License: SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later Group: System/Base -Url: https://gitlab.com/cryptsetup/cryptsetup/ -Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.1/cryptsetup-%{version}.tar.xz +URL: https://gitlab.com/cryptsetup/cryptsetup/ +Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-%{version}.tar.xz # GPG signature of the uncompressed tarball. -Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.1/cryptsetup-%{version}.tar.sign +Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-%{version}.tar.sign Source2: baselibs.conf Source3: cryptsetup.keyring BuildRequires: device-mapper-devel