From 83843b89365fdec7e65433751e9ec86a22bfb6bbeab7d4f9c00aa14b0ac49718 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Mon, 20 Dec 2010 13:44:02 +0000 Subject: [PATCH] - new version 1.2.0 * Add selection of random/urandom number generator for luksFormat (option --use-random and --use-urandom). * Fix luksRemoveKey to not ask for remaining keyslot passphrase, only for removed one. * No longer support luksDelKey (replaced with luksKillSlot). * if you want to remove particular passphrase, use luksKeyRemove * if you want to remove particular keyslot, use luksKillSlot Note that in batch mode luksKillSlot allows removing of any keyslot without question, in normal mode requires passphrase or keyfile from other keyslot. * Default alignment for device (if not overridden by topology info) is now (multiple of) *1MiB*. This reflects trends in storage technologies and aligns to the same defaults for partitions and volume management. * Allow explicit UUID setting in luksFormat and allow change it later in luksUUID (--uuid parameter). * All commands using key file now allows limited read from keyfile using --keyfile-size and --new-keyfile-size parameters (in bytes). This change also disallows overloading of --key-size parameter which is now exclusively used for key size specification (in bits.) * luksFormat using pre-generated master key now properly allows using key file (only passphrase was allowed prior to this update). * Add --dump-master-key option for luksDump to perform volume (master) key dump. Note that printed information allows accessing device without passphrase so it must be stored encrypted. This operation is useful for simple Key Escrow function (volume key and encryption parameters printed on paper on safe place). This operation requires passphrase or key file. OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=58 --- cryptsetup-1.1.3.tar.bz2 | 3 -- cryptsetup-1.1.3.tar.bz2.asc | 7 --- cryptsetup-1.2.0.tar.bz2 | 3 ++ cryptsetup-1.2.0.tar.bz2.asc | 7 +++ cryptsetup.changes | 86 ++++++++++++++++++++++++++++++++++++ cryptsetup.spec | 9 ++-- 6 files changed, 100 insertions(+), 15 deletions(-) delete mode 100644 cryptsetup-1.1.3.tar.bz2 delete mode 100644 cryptsetup-1.1.3.tar.bz2.asc create mode 100644 cryptsetup-1.2.0.tar.bz2 create mode 100644 cryptsetup-1.2.0.tar.bz2.asc diff --git a/cryptsetup-1.1.3.tar.bz2 b/cryptsetup-1.1.3.tar.bz2 deleted file mode 100644 index d348757..0000000 --- a/cryptsetup-1.1.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9c8e68a272f6d9cfb6cd65cc0743f4c44a2096c61f74e0602bf40208b5e69c0a -size 499276 diff --git a/cryptsetup-1.1.3.tar.bz2.asc b/cryptsetup-1.1.3.tar.bz2.asc deleted file mode 100644 index e09a62e..0000000 --- a/cryptsetup-1.1.3.tar.bz2.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.10 (GNU/Linux) - -iEYEABECAAYFAkwvQUAACgkQf1Jlc7shgi/UvgCfasORC/TsVH3svv5F/f2WEw+X -XXoAnRhz0xfzQT/xhhoZgg+Jv4sChd2C -=cWbV ------END PGP SIGNATURE----- diff --git a/cryptsetup-1.2.0.tar.bz2 b/cryptsetup-1.2.0.tar.bz2 new file mode 100644 index 0000000..47f622c --- /dev/null +++ b/cryptsetup-1.2.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:411129817ff29e6a957bcbdcd9a2c4c953c1539acd8af912c383262ba901b5ea +size 523859 diff --git a/cryptsetup-1.2.0.tar.bz2.asc b/cryptsetup-1.2.0.tar.bz2.asc new file mode 100644 index 0000000..721e24d --- /dev/null +++ b/cryptsetup-1.2.0.tar.bz2.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.10 (GNU/Linux) + +iEYEABECAAYFAk0PQJUACgkQf1Jlc7shgi93yQCfdC+Z1aMb8NdBC8Zx/R/P6d8x +0d4AoJPO28ny/LmCRa3mCrh155YW6rZT +=UGVC +-----END PGP SIGNATURE----- diff --git a/cryptsetup.changes b/cryptsetup.changes index 13ff047..166c835 100644 --- a/cryptsetup.changes +++ b/cryptsetup.changes @@ -1,3 +1,89 @@ +------------------------------------------------------------------- +Mon Dec 20 13:01:54 UTC 2010 - lnussel@suse.de + +- new version 1.2.0 + * Add selection of random/urandom number generator for luksFormat + (option --use-random and --use-urandom). + + * Fix luksRemoveKey to not ask for remaining keyslot passphrase, + only for removed one. + + * No longer support luksDelKey (replaced with luksKillSlot). + * if you want to remove particular passphrase, use luksKeyRemove + * if you want to remove particular keyslot, use luksKillSlot + + Note that in batch mode luksKillSlot allows removing of any keyslot + without question, in normal mode requires passphrase or keyfile from + other keyslot. + + * Default alignment for device (if not overridden by topology info) + is now (multiple of) *1MiB*. + This reflects trends in storage technologies and aligns to the same + defaults for partitions and volume management. + + * Allow explicit UUID setting in luksFormat and allow change it later + in luksUUID (--uuid parameter). + + * All commands using key file now allows limited read from keyfile using + --keyfile-size and --new-keyfile-size parameters (in bytes). + + This change also disallows overloading of --key-size parameter which + is now exclusively used for key size specification (in bits.) + + * luksFormat using pre-generated master key now properly allows + using key file (only passphrase was allowed prior to this update). + + * Add --dump-master-key option for luksDump to perform volume (master) + key dump. Note that printed information allows accessing device without + passphrase so it must be stored encrypted. + + This operation is useful for simple Key Escrow function (volume key and + encryption parameters printed on paper on safe place). + + This operation requires passphrase or key file. + + * The reload command is no longer supported. + (Use dmsetup reload instead if needed. There is no real use for this + function except explicit data corruption:-) + + * Cryptsetup now properly checks if underlying device is in use and + disallows *luksFormat*, luksOpen and create commands on open + (e.g. already mapped or mounted) device. + + * Option --non-exclusive (already deprecated) is removed. + +Libcryptsetup API additions: + + * new functions + * crypt_get_type() - explicit query to crypt device context type + * crypt_resize() - new resize command using context + * crypt_keyslot_max() - helper to get number of supported keyslots + * crypt_get_active_device() - get active device info + * crypt_set/get_rng_type() - random/urandom RNG setting + * crypt_set_uuid() - explicit UUID change of existing device + * crypt_get_device_name() - get underlying device name + + * Fix optional password callback handling. + + * Allow to activate by internally cached volume key immediately after + crypt_format() without active slot (for temporary devices with + on-disk metadata) + + * libcryptsetup is binary compatible with 1.1.x release and still + supports legacy API calls + + * cryptsetup binary now uses only new API calls. + + * Static compilation of both library (--enable-static) and cryptsetup + binary (--enable-static-cryptsetup) is now properly implemented by common + libtool logic. + + Prior to this it produced miscompiled dynamic cryptsetup binary with + statically linked libcryptsetup. + + The static binary is compiled as src/cryptsetup.static in parallel + with dynamic build if requested. + ------------------------------------------------------------------- Tue Nov 30 14:16:07 UTC 2010 - lnussel@suse.de diff --git a/cryptsetup.spec b/cryptsetup.spec index af6cae6..23e1b38 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -29,8 +29,8 @@ BuildRequires: libselinux-devel pkgconfig License: GPLv2+ Group: System/Base AutoReqProv: on -Version: 1.1.3 -Release: 3 +Version: 1.2.0 +Release: 1 Summary: Set Up dm-crypt Based Encrypted Block Devices Source: http://cryptsetup.googlecode.com/files/cryptsetup-%{version}.tar.bz2 Source1: http://cryptsetup.googlecode.com/files/cryptsetup-%{version}.tar.bz2.asc @@ -153,7 +153,7 @@ popd %install make install DESTDIR=$RPM_BUILD_ROOT -# move devel stuff to %{libdir} +# move devel stuff to %%{libdir} rm -f $RPM_BUILD_ROOT/%{_lib}/libcryptsetup.so mkdir -p $RPM_BUILD_ROOT%{_libdir} ln -s /%{_lib}/libcryptsetup.so.1 $RPM_BUILD_ROOT%{_libdir}/libcryptsetup.so @@ -224,8 +224,7 @@ rm -rf $RPM_BUILD_ROOT %files -n libcryptsetup1 %defattr(-,root,root) -/%_lib/libcryptsetup.so.1 -/%_lib/libcryptsetup.so.1.0.0 +/%_lib/libcryptsetup.so.1* %files -n libcryptsetup-devel %defattr(-,root,root)