SHA256
1
0
forked from pool/cryptsetup
cryptsetup/cryptsetup-2.0.5.tar.sign

17 lines
833 B
Plaintext
Raw Normal View History

Accepting request 645498 from home:lnussel:branches:security - Suggest hmac package (boo#1090768) - remove old upgrade hack for upgrades from 12.1 - New version 2.0.5 Changes since version 2.0.4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Wipe full header areas (including unused) during LUKS format. Since this version, the whole area up to the data offset is zeroed, and subsequently, all keyslots areas are wiped with random data. This ensures that no remaining old data remains in the LUKS header areas, but it could slow down format operation on some devices. Previously only first 4k (or 32k for LUKS2) and the used keyslot was overwritten in the format operation. * Several fixes to error messages that were unintentionally replaced in previous versions with a silent exit code. More descriptive error messages were added, including error messages if - a device is unusable (not a block device, no access, etc.), - a LUKS device is not detected, - LUKS header load code detects unsupported version, - a keyslot decryption fails (also happens in the cipher check), - converting an inactive keyslot. * Device activation fails if data area overlaps with LUKS header. * Code now uses explicit_bzero to wipe memory if available (instead of own implementation). * Additional VeraCrypt modes are now supported, including Camellia and Kuznyechik symmetric ciphers (and cipher chains) and Streebog hash function. These were introduced in a recent VeraCrypt upstream. Note that Kuznyechik requires out-of-tree kernel module and Streebog hash function is available only with the gcrypt cryptographic backend for now. OBS-URL: https://build.opensuse.org/request/show/645498 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAlvVz2sACgkQ2bBXe9k+
mPyYuQ//fNwPronpHFrOzmv277cfzVT6zrgLKOaf/YlqA0h5XmBVX9xcOD9rXhda
ld9rumIQn9s8G8HLavxxxhnciqeNOS0T/1ry3NVpxYdfF1FptIjchH/Lo697P5dX
C1oAqchOqfxjm6dwmbllvXTgoHV657JUC5tuaL6Wl26DrhImmAgNi42yZehNtHZz
8FN0Fc0muU06LUmKR2a4P5xj2SvlNntMnvld+qLHf+k+bBrcJyu2cqaBNns45mXy
uDHXclP+8ofXW3mELmSBJ89GzLkr8Zpxp2dITv2GqtewX1MH5b8cMUwIVsCClqHl
2YNGhMqRkDDj0C8u8JpYvmmZxcMUaKr5EMze18NeqPXpZCBoW5nvEtsS7hWbCdyu
VPqdP4mHfHeQtZkk3U4SZLEU7xFzcTwhgpxRQPe6ujyz+PlrOLk0Z9js9WgOJZ1U
7a9YNnXWlNIcVqOoYm9SPBo9nj+eoVUr2GG3lT02udj5YhGZjDG0gbjgtM99jg+T
Bcv/h9abx6a2TmPIRW9Pa98ggIaeY3HbAK4D4xBritrfhvtyXMAYWbwj8ZkyCsCX
41I10Eh3dNXR6/OJQFjKv7RCqGzanyCzEG0F+G4mw5xqPx5jhowmjI7GaC54X7UZ
7RWYt1pl8F+UGIbBRl3BWuI+cHM0RBJ4Jx53f6zpqDP9hL58RbA=
=o3rq
-----END PGP SIGNATURE-----