Commit Graph

  • 714e50eb27 Accepting request 1330393 from security factory Ana Guerrero 2026-02-04 20:00:53 +00:00
  • 2673995f57 Update to 2.8.4 jsc#PED-15540 slfo-main Pedro Monreal 2026-02-02 13:14:14 +01:00
  • 6c60d3bd12 Accepting request 1330392 from home:pmonrealgonzalez:branches:security Pedro Monreal Gonzalez 2026-02-02 11:35:21 +00:00
  • 73c683ac49 Accepting request 1326306 from security Ana Guerrero 2026-01-12 09:16:05 +00:00
  • 75afc7c68f Accepting request 1326304 from home:pmonrealgonzalez:branches:security Pedro Monreal Gonzalez 2026-01-09 09:49:50 +00:00
  • f119f4648b Accepting request 1301272 from security Ana Guerrero 2025-08-26 12:56:15 +00:00
  • 1934221283 Accepting request 1300733 from home:pmonrealgonzalez:branches:security Lucas Mulling 2025-08-25 13:08:27 +00:00
  • bbab0cbcc4 Accepting request 1288922 from security Ana Guerrero 2025-06-30 11:03:54 +00:00
  • c51a02df02 Accepting request 1288645 from home:pmonrealgonzalez:branches:security Pedro Monreal Gonzalez 2025-06-28 06:12:06 +00:00
  • dc165b9096 Accepting request 1281108 from security Dominique Leuenberger 2025-06-01 19:36:11 +00:00
  • 35bb9e51bc Accepting request 1281107 from home:pmonrealgonzalez:branches:security Pedro Monreal Gonzalez 2025-05-29 10:27:47 +00:00
  • 28221efc39 Accepting request 1253109 from security slfo-1.2 Dominique Leuenberger 2025-03-15 15:15:02 +00:00
  • 95e7df1d95 Accepting request 1253109 from security Dominique Leuenberger 2025-03-15 15:15:02 +00:00
  • c7b473533a * Remove the dependency on libargon2 as is now provided by openssl. Pedro Monreal Gonzalez 2025-03-14 14:48:40 +00:00
  • 52fc9c1de7 Accepting request 1253108 from home:pmonrealgonzalez:branches:security Pedro Monreal Gonzalez 2025-03-14 14:48:40 +00:00
  • 50eda542af - Set pbkdf2 as the default PBKDF algorithm in LUKS2 format. [bsc#1236375, bsc#1236164] * The default PBKDF algorithm in the LUKS2 format is now Argon2id but its not FIPS compliant. A system would be unbootable if using Argon2id or Argon2i for disk encryption and then switching to kernel FIPS mode. This can be avoided by setting pbkdf2 as default. * Build using the configure option --with-luks2-pbkdf=pbkdf2. Pedro Monreal Gonzalez 2025-03-14 14:18:28 +00:00
  • f99cd330ef Accepting request 1253039 from home:pmonrealgonzalez:branches:security Pedro Monreal Gonzalez 2025-03-14 14:18:28 +00:00
  • 44ca5f7379 Accepting request 1229756 from security Ana Guerrero 2024-12-11 20:00:52 +00:00
  • 1b81bfe0b1 Accepting request 1229756 from security Ana Guerrero 2024-12-11 20:00:52 +00:00
  • 885a1330e4 - cryptsetup-fips140-3.patch: extend the password for PBKDF2 benchmarking to be more than 20 chars to meet FIPS 140-3 requirements (bsc#1229975) Pedro Monreal Gonzalez 2024-12-03 09:35:06 +00:00
  • 0a05ac33b3 Accepting request 1227947 from home:pmonrealgonzalez:branches:security Pedro Monreal Gonzalez 2024-12-03 09:35:06 +00:00
  • 0c48009205 Accepting request 1200765 from security Ana Guerrero 2024-09-15 10:32:53 +00:00
  • 5650c4313d Accepting request 1200765 from security Ana Guerrero 2024-09-15 10:32:53 +00:00
  • e7976f0568 - Update to 2.7.5: * Fix possible online reencryption data corruption (only in 2.7.x). In some situations (initializing a suspended device-mapper device), cryptsetup disabled direct-io device access. This caused unsafe online reencryption operations that could lead to data corruption. The code now adds strict checks (and aborts the operation) and changes direct-io detection code to prevent data corruption. * Fix a clang compilation error in SSH token plugin. As clang linker treats missing symbols as errors, the linker phase for the SSH token failed as the optional cryptsetup_token_buffer_free was not defined. * Fix crypto backend initialization in crypt_format_luks2_opal API call. Pedro Monreal Gonzalez 2024-09-13 07:39:51 +00:00
  • 48feeb2c62 Accepting request 1200764 from home:pmonrealgonzalez:branches:security Pedro Monreal Gonzalez 2024-09-13 07:39:51 +00:00
  • 9fdef8bed1 back out x86-64-v3 change Andreas Stieger 2024-08-20 11:27:24 +00:00
  • 1ecd208401 back out x86-64-v3 change Andreas Stieger 2024-08-20 11:27:24 +00:00
  • 7f4f0878f0 Accepting request 1194754 from home:RN:cryptsetup Andreas Stieger 2024-08-19 19:51:29 +00:00
  • 9f23ec4642 Accepting request 1194754 from home:RN:cryptsetup Andreas Stieger 2024-08-19 19:51:29 +00:00
  • 9fbdfa5559 Accepting request 1190588 from security Dominique Leuenberger 2024-08-01 20:03:44 +00:00
  • 2177bcf199 Accepting request 1190588 from security Dominique Leuenberger 2024-08-01 20:03:44 +00:00
  • 05965c5900 Accepting request 1190586 from home:mschreiner:branches:security Andreas Stieger 2024-07-31 06:37:09 +00:00
  • a54dbf7646 Accepting request 1190586 from home:mschreiner:branches:security Andreas Stieger 2024-07-31 06:37:09 +00:00
  • 9563f85232 Accepting request 1190462 from home:pmonrealgonzalez:branches:security Pedro Monreal Gonzalez 2024-07-30 11:55:40 +00:00
  • 460f5efd33 Accepting request 1190462 from home:pmonrealgonzalez:branches:security Pedro Monreal Gonzalez 2024-07-30 11:55:40 +00:00
  • fbbe067657 Accepting request 1187073 from home:pevik:branches:security Pedro Monreal Gonzalez 2024-07-30 11:52:06 +00:00
  • 9239dc4824 Accepting request 1187073 from home:pevik:branches:security Pedro Monreal Gonzalez 2024-07-30 11:52:06 +00:00
  • a3b9b4d0c2 Accepting request 1166583 from security Ana Guerrero 2024-04-10 15:48:58 +00:00
  • 2a7c71ad1a Accepting request 1166583 from security Ana Guerrero 2024-04-10 15:48:58 +00:00
  • ab2a7c9655 Accepting request 1166516 from home:AndreasStieger:branches:security Pedro Monreal Gonzalez 2024-04-10 07:32:59 +00:00
  • 9192c0ec66 Accepting request 1166516 from home:AndreasStieger:branches:security Pedro Monreal Gonzalez 2024-04-10 07:32:59 +00:00
  • 17b57cbf7d Accepting request 1158211 from security Ana Guerrero 2024-03-17 21:10:48 +00:00
  • a80e2d16af Accepting request 1158211 from security Ana Guerrero 2024-03-17 21:10:48 +00:00
  • a3ab8c2f62 Accepting request 1157608 from home:pmonrealgonzalez:branches:security Pedro Monreal Gonzalez 2024-03-15 11:46:26 +00:00
  • 26078bfb02 Accepting request 1157608 from home:pmonrealgonzalez:branches:security Pedro Monreal Gonzalez 2024-03-15 11:46:26 +00:00
  • 97f8c697a5 Accepting request 1142597 from security Ana Guerrero 2024-01-30 17:24:12 +00:00
  • 757922b069 Accepting request 1142597 from security Ana Guerrero 2024-01-30 17:24:12 +00:00
  • 9a7370c09b Accepting request 1142596 from home:pmonrealgonzalez:branches:security Pedro Monreal Gonzalez 2024-01-29 17:02:57 +00:00
  • ad949ba349 Accepting request 1142596 from home:pmonrealgonzalez:branches:security Pedro Monreal Gonzalez 2024-01-29 17:02:57 +00:00
  • 540dc9dc26 Accepting request 1098512 from security Dominique Leuenberger 2023-07-15 21:14:26 +00:00
  • d66f75451c Accepting request 1098512 from security Dominique Leuenberger 2023-07-15 21:14:26 +00:00
  • 82af2dfa2d Accepting request 1098511 from home:pmonrealgonzalez:branches:security Pedro Monreal Gonzalez 2023-07-13 11:20:07 +00:00
  • 9be144db60 Accepting request 1098511 from home:pmonrealgonzalez:branches:security Pedro Monreal Gonzalez 2023-07-13 11:20:07 +00:00
  • 0a7c78c1ff Accepting request 1093291 from security Dominique Leuenberger 2023-06-17 20:20:05 +00:00
  • 3b0d195b36 Accepting request 1093291 from security Dominique Leuenberger 2023-06-17 20:20:05 +00:00
  • b44b295cd3 Accepting request 1093121 from home:pmonrealgonzalez:branches:security Pedro Monreal Gonzalez 2023-06-15 12:05:44 +00:00
  • e38e78bf3a Accepting request 1093121 from home:pmonrealgonzalez:branches:security Pedro Monreal Gonzalez 2023-06-15 12:05:44 +00:00
  • 60962f2300 Accepting request 1064730 from security Dominique Leuenberger 2023-02-14 15:42:30 +00:00
  • 807e1116dd Accepting request 1064730 from security Dominique Leuenberger 2023-02-14 15:42:30 +00:00
  • 43e9b52bc7 Accepting request 1064729 from home:AndreasStieger:branches:security Andreas Stieger 2023-02-12 21:21:51 +00:00
  • d1bbcdc3a5 Accepting request 1064729 from home:AndreasStieger:branches:security Andreas Stieger 2023-02-12 21:21:51 +00:00
  • 2e667013fc Accepting request 1055943 from security Dominique Leuenberger 2023-01-05 14:00:19 +00:00
  • 42adfe6c69 Accepting request 1055943 from security Dominique Leuenberger 2023-01-05 14:00:19 +00:00
  • cf385930c9 Accepting request 1052843 from home:lnussel:usrmerge Andreas Stieger 2023-01-04 16:08:29 +00:00
  • ec41ae252e Accepting request 1052843 from home:lnussel:usrmerge Andreas Stieger 2023-01-04 16:08:29 +00:00
  • e9929646b3 Accepting request 1038821 from security Dominique Leuenberger 2022-11-30 13:58:56 +00:00
  • 53ba8b174f Accepting request 1038821 from security Dominique Leuenberger 2022-11-30 13:58:56 +00:00
  • 8cea81ce7b Accepting request 1038690 from home:polslinux:branches:security Ludwig Nussel 2022-11-29 07:29:17 +00:00
  • 18d9c1df91 Accepting request 1038690 from home:polslinux:branches:security Ludwig Nussel 2022-11-29 07:29:17 +00:00
  • db4246dcb6 Accepting request 1003455 from security Dominique Leuenberger 2022-09-15 20:57:41 +00:00
  • 9682c573a2 Accepting request 1003455 from security Dominique Leuenberger 2022-09-15 20:57:41 +00:00
  • 59aec6d066 Accepting request 1003354 from home:bluca:branches:security Ludwig Nussel 2022-09-14 07:18:13 +00:00
  • 680d3223dd Accepting request 1003354 from home:bluca:branches:security Ludwig Nussel 2022-09-14 07:18:13 +00:00
  • c067b49eca Accepting request 999047 from security Dominique Leuenberger 2022-08-25 13:33:10 +00:00
  • 44c37eb16e Accepting request 999047 from security Dominique Leuenberger 2022-08-25 13:33:10 +00:00
  • 0ffce94442 Accepting request 999046 from home:lnussel:branches:security Ludwig Nussel 2022-08-24 11:32:11 +00:00
  • 7096638fa6 Accepting request 999046 from home:lnussel:branches:security Ludwig Nussel 2022-08-24 11:32:11 +00:00
  • de1f20aa9d Accepting request 946915 from security Dominique Leuenberger 2022-01-19 23:11:59 +00:00
  • 83acd1b8d7 Accepting request 946915 from security Dominique Leuenberger 2022-01-19 23:11:59 +00:00
  • ee04894715 Accepting request 946498 from home:AndreasStieger:branches:security Ludwig Nussel 2022-01-17 09:00:02 +00:00
  • c1513500b9 Accepting request 946498 from home:AndreasStieger:branches:security Ludwig Nussel 2022-01-17 09:00:02 +00:00
  • 3ec70ab5a7 Accepting request 919547 from security Dominique Leuenberger 2021-09-21 19:12:23 +00:00
  • 3084276a30 Accepting request 919547 from security Dominique Leuenberger 2021-09-21 19:12:23 +00:00
  • 1e4cc6eca2 - cryptsetup 2.4.1 * Fix compilation for libc implementations without dlvsym(). * Fix compilation and tests on systems with non-standard libraries * Try to workaround some issues on systems without udev support. * Fixes for OpenSSL3 crypto backend (including FIPS mode). * Print error message when assigning a token to an inactive keyslot. * Fix offset bug in LUKS2 encryption code if --offset option was used. * Do not allow LUKS2 decryption for devices with data offset. * Fix LUKS1 cryptsetup repair command for some specific problems. - cryptsetup 2.4.0 (jsc#SLE-20275) Ludwig Nussel 2021-09-16 15:25:13 +00:00
  • d50fe3a20b - cryptsetup 2.4.1 * Fix compilation for libc implementations without dlvsym(). * Fix compilation and tests on systems with non-standard libraries * Try to workaround some issues on systems without udev support. * Fixes for OpenSSL3 crypto backend (including FIPS mode). * Print error message when assigning a token to an inactive keyslot. * Fix offset bug in LUKS2 encryption code if --offset option was used. * Do not allow LUKS2 decryption for devices with data offset. * Fix LUKS1 cryptsetup repair command for some specific problems. - cryptsetup 2.4.0 (jsc#SLE-20275) Ludwig Nussel 2021-09-16 15:25:13 +00:00
  • a9f0d82fe4 Accepting request 915495 from security Dominique Leuenberger 2021-09-02 21:20:08 +00:00
  • 2b7c001d26 Accepting request 915495 from security Dominique Leuenberger 2021-09-02 21:20:08 +00:00
  • cddcbab746 - As YaST passes necessary parameters to cryptsetup anyway, we do not necessarily need to take grub into consideration. So back to Argon2 to see how it goes. Ludwig Nussel 2021-08-25 13:47:31 +00:00
  • 08914ca36a - As YaST passes necessary parameters to cryptsetup anyway, we do not necessarily need to take grub into consideration. So back to Argon2 to see how it goes. Ludwig Nussel 2021-08-25 13:47:31 +00:00
  • 002330efa3 update Ludwig Nussel 2021-08-23 05:09:18 +00:00
  • 0bcd0cd3ca update Ludwig Nussel 2021-08-23 05:09:18 +00:00
  • 9b4f111a1b add feature reference Ludwig Nussel 2021-08-12 13:00:47 +00:00
  • b0f1e566b3 add feature reference Ludwig Nussel 2021-08-12 13:00:47 +00:00
  • c25748051d - need to use PBKDF2 by default for LUKS2 as grub can't decrypt when using Argon. Ludwig Nussel 2021-08-03 13:44:07 +00:00
  • 82c892b805 - need to use PBKDF2 by default for LUKS2 as grub can't decrypt when using Argon. Ludwig Nussel 2021-08-03 13:44:07 +00:00
  • db71e925b5 merge Ludwig Nussel 2021-08-02 15:43:50 +00:00
  • f4aaac2569 merge Ludwig Nussel 2021-08-02 15:43:50 +00:00
  • 8d2c1398f0 - crypsetup 2.4.0~rc1 * External LUKS token plugins * Experimental SSH token * Default LUKS2 PBKDF is now Argon2id * Increase minimal memory cost for Argon2 benchmark to 64MiB. * Autodetect optimal encryption sector size on LUKS2 format. * Use VeraCrypt option by default and add --disable-veracrypt option. * Support --hash and --cipher to limit opening time for TCRYPT type * Fixed default OpenSSL crypt backend support for OpenSSL3. * integritysetup: add integrity-recalculate-reset flag. * cryptsetup: retains keyslot number in luksChangeKey for LUKS2. * Fix cryptsetup resize using LUKS2 tokens. * Add close --deferred and --cancel-deferred options. * Rewritten command-line option parsing to avoid libpopt arguments memory leaks. * Add --test-args option. - switch to LUKS2 default format Ludwig Nussel 2021-08-02 15:10:27 +00:00
  • 0248560949 - crypsetup 2.4.0~rc1 * External LUKS token plugins * Experimental SSH token * Default LUKS2 PBKDF is now Argon2id * Increase minimal memory cost for Argon2 benchmark to 64MiB. * Autodetect optimal encryption sector size on LUKS2 format. * Use VeraCrypt option by default and add --disable-veracrypt option. * Support --hash and --cipher to limit opening time for TCRYPT type * Fixed default OpenSSL crypt backend support for OpenSSL3. * integritysetup: add integrity-recalculate-reset flag. * cryptsetup: retains keyslot number in luksChangeKey for LUKS2. * Fix cryptsetup resize using LUKS2 tokens. * Add close --deferred and --cancel-deferred options. * Rewritten command-line option parsing to avoid libpopt arguments memory leaks. * Add --test-args option. - switch to LUKS2 default format Ludwig Nussel 2021-08-02 15:10:27 +00:00
  • 2ca5e2b515 Accepting request 903414 from security Dominique Leuenberger 2021-07-04 20:10:04 +00:00