forked from pool/cryptsetup
- New version 2.1.0
* The default size of the LUKS2 header is increased to 16 MB. It includes metadata and the area used for binary keyslots; it means that LUKS header backup is now 16MB in size. * Cryptsetup now doubles LUKS default key size if XTS mode is used (XTS mode uses two internal keys). This does not apply if key size is explicitly specified on the command line and it does not apply for the plain mode. This fixes a confusion with AES and 256bit key in XTS mode where code used AES128 and not AES256 as often expected. * Default cryptographic backend used for LUKS header processing is now OpenSSL. For years, OpenSSL provided better performance for PBKDF. * The Python bindings are no longer supported and the code was removed from cryptsetup distribution. Please use the libblockdev project that already covers most of the libcryptsetup functionality including LUKS2. * Cryptsetup now allows using --offset option also for luksFormat. * Cryptsetup now supports new refresh action (that is the alias for "open --refresh"). * Integritysetup now supports mode with detached data device through new --data-device option. - 2.1.0 would use LUKS2 as default, we stay with LUKS1 for now until someone has time to evaluate the fallout from switching to LUKS2. OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=146
This commit is contained in:
parent
3dd02a4dcc
commit
901c97104c
@ -1,16 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAlvVz2sACgkQ2bBXe9k+
|
|
||||||
mPyYuQ//fNwPronpHFrOzmv277cfzVT6zrgLKOaf/YlqA0h5XmBVX9xcOD9rXhda
|
|
||||||
ld9rumIQn9s8G8HLavxxxhnciqeNOS0T/1ry3NVpxYdfF1FptIjchH/Lo697P5dX
|
|
||||||
C1oAqchOqfxjm6dwmbllvXTgoHV657JUC5tuaL6Wl26DrhImmAgNi42yZehNtHZz
|
|
||||||
8FN0Fc0muU06LUmKR2a4P5xj2SvlNntMnvld+qLHf+k+bBrcJyu2cqaBNns45mXy
|
|
||||||
uDHXclP+8ofXW3mELmSBJ89GzLkr8Zpxp2dITv2GqtewX1MH5b8cMUwIVsCClqHl
|
|
||||||
2YNGhMqRkDDj0C8u8JpYvmmZxcMUaKr5EMze18NeqPXpZCBoW5nvEtsS7hWbCdyu
|
|
||||||
VPqdP4mHfHeQtZkk3U4SZLEU7xFzcTwhgpxRQPe6ujyz+PlrOLk0Z9js9WgOJZ1U
|
|
||||||
7a9YNnXWlNIcVqOoYm9SPBo9nj+eoVUr2GG3lT02udj5YhGZjDG0gbjgtM99jg+T
|
|
||||||
Bcv/h9abx6a2TmPIRW9Pa98ggIaeY3HbAK4D4xBritrfhvtyXMAYWbwj8ZkyCsCX
|
|
||||||
41I10Eh3dNXR6/OJQFjKv7RCqGzanyCzEG0F+G4mw5xqPx5jhowmjI7GaC54X7UZ
|
|
||||||
7RWYt1pl8F+UGIbBRl3BWuI+cHM0RBJ4Jx53f6zpqDP9hL58RbA=
|
|
||||||
=o3rq
|
|
||||||
-----END PGP SIGNATURE-----
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:a0f72ca2c824a5a555dc8924413dfe947eca23ab2e30bcff54eaafefe5fe301d
|
|
||||||
size 10476304
|
|
16
cryptsetup-2.1.0.tar.sign
Normal file
16
cryptsetup-2.1.0.tar.sign
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAlxdkp0ACgkQ2bBXe9k+
|
||||||
|
mPx0JxAAu+yx54yDHQO1QOZvINKVSrLwZ/nGAy+JDQsOsM/+zOlXictxD/yybzZv
|
||||||
|
GFuWdn5POnZDfwjp9b9UvudOUbxTLWNimyavV58iG0ICgFbxC6wpCVn0NxC+lPtt
|
||||||
|
3uThWXTgJzcDpGbi9oi7FWEoihG7DJHMsGVUeUnhcZC+NSdXl6/ZTb5i68/rNNzc
|
||||||
|
YHwM7OSWczn39Bdr0+/gs3jxnO01OP1weNgFZ6ChcENkSp8n+TQJEVwa+yiuO+rP
|
||||||
|
BcBws0zjBYTKcpm/ZtuPGczwOaEBwk/jyamgfoobIeCzIyyUdMrCxwE/3oYMJxqS
|
||||||
|
faijxMd21RZ3yqnkwvhTO1CbGWHAlVCqjAzyX8okhgjVi8gQpWvD67WRSC7FX+vD
|
||||||
|
72m9yZ5qTO0lNPTtze6xo88UvWskIZtSg1rPtP39vyBnAAgZflKFRu8r+IgXn612
|
||||||
|
VRJLlit+mCmKOgi5ochkxlJgrMY6FmWbVMlq1sxFy1dk3wRQTh5DYzT5IGnhdXi8
|
||||||
|
osY2swVKnVJhkThomVUJ8pXIwWGKZNGMzTU7Eofi9zSHwTMm0y6EdFNlXogrzmY3
|
||||||
|
vEHOb3zEqPujWegBeqsHhuHgPQewgts+7bIPEbvEPsSwSqMvX8BPsyLv7c6bat9x
|
||||||
|
GhXTLwGeJ2RcNmF5bH7GMe7b+XLVaeBzNjLE3Ty0iFWgzT3Uwd0=
|
||||||
|
=gOH9
|
||||||
|
-----END PGP SIGNATURE-----
|
3
cryptsetup-2.1.0.tar.xz
Normal file
3
cryptsetup-2.1.0.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:a3eeb2741f8f3376d16585191f3c60e067dd987e096c3c4b073fab7748b1c897
|
||||||
|
size 10662576
|
@ -1,3 +1,31 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Feb 15 09:41:52 UTC 2019 - lnussel@suse.de
|
||||||
|
|
||||||
|
- New version 2.1.0
|
||||||
|
* The default size of the LUKS2 header is increased to 16 MB.
|
||||||
|
It includes metadata and the area used for binary keyslots;
|
||||||
|
it means that LUKS header backup is now 16MB in size.
|
||||||
|
* Cryptsetup now doubles LUKS default key size if XTS mode is used
|
||||||
|
(XTS mode uses two internal keys). This does not apply if key size
|
||||||
|
is explicitly specified on the command line and it does not apply
|
||||||
|
for the plain mode.
|
||||||
|
This fixes a confusion with AES and 256bit key in XTS mode where
|
||||||
|
code used AES128 and not AES256 as often expected.
|
||||||
|
* Default cryptographic backend used for LUKS header processing is now
|
||||||
|
OpenSSL. For years, OpenSSL provided better performance for PBKDF.
|
||||||
|
|
||||||
|
* The Python bindings are no longer supported and the code was removed
|
||||||
|
from cryptsetup distribution. Please use the libblockdev project
|
||||||
|
that already covers most of the libcryptsetup functionality
|
||||||
|
including LUKS2.
|
||||||
|
* Cryptsetup now allows using --offset option also for luksFormat.
|
||||||
|
* Cryptsetup now supports new refresh action (that is the alias for
|
||||||
|
"open --refresh").
|
||||||
|
* Integritysetup now supports mode with detached data device through
|
||||||
|
new --data-device option.
|
||||||
|
- 2.1.0 would use LUKS2 as default, we stay with LUKS1 for now until
|
||||||
|
someone has time to evaluate the fallout from switching to LUKS2.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Oct 30 10:10:35 UTC 2018 - lnussel@suse.de
|
Tue Oct 30 10:10:35 UTC 2018 - lnussel@suse.de
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package cryptsetup
|
# spec file for package cryptsetup
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -22,25 +22,25 @@ Name: cryptsetup2
|
|||||||
%else
|
%else
|
||||||
Name: cryptsetup
|
Name: cryptsetup
|
||||||
%endif
|
%endif
|
||||||
Version: 2.0.5
|
Version: 2.1.0
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Set Up dm-crypt Based Encrypted Block Devices
|
Summary: Set Up dm-crypt Based Encrypted Block Devices
|
||||||
License: SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later
|
License: SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later
|
||||||
Group: System/Base
|
Group: System/Base
|
||||||
Url: https://gitlab.com/cryptsetup/cryptsetup/
|
Url: https://gitlab.com/cryptsetup/cryptsetup/
|
||||||
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{version}.tar.xz
|
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.1/cryptsetup-%{version}.tar.xz
|
||||||
# GPG signature of the uncompressed tarball.
|
# GPG signature of the uncompressed tarball.
|
||||||
Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{version}.tar.sign
|
Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.1/cryptsetup-%{version}.tar.sign
|
||||||
Source2: baselibs.conf
|
Source2: baselibs.conf
|
||||||
Source3: cryptsetup.keyring
|
Source3: cryptsetup.keyring
|
||||||
BuildRequires: device-mapper-devel
|
BuildRequires: device-mapper-devel
|
||||||
BuildRequires: fipscheck
|
BuildRequires: fipscheck
|
||||||
BuildRequires: fipscheck-devel
|
BuildRequires: fipscheck-devel
|
||||||
BuildRequires: libgcrypt-devel
|
|
||||||
BuildRequires: libjson-c-devel
|
BuildRequires: libjson-c-devel
|
||||||
BuildRequires: libpwquality-devel
|
BuildRequires: libpwquality-devel
|
||||||
BuildRequires: libselinux-devel
|
BuildRequires: libselinux-devel
|
||||||
BuildRequires: libuuid-devel
|
BuildRequires: libuuid-devel
|
||||||
|
BuildRequires: pkgconfig(openssl)
|
||||||
# 2.6.38 has the required if_alg.h
|
# 2.6.38 has the required if_alg.h
|
||||||
BuildRequires: linux-glibc-devel >= 2.6.38
|
BuildRequires: linux-glibc-devel >= 2.6.38
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
@ -118,6 +118,7 @@ autoreconf -f -i
|
|||||||
--enable-pwquality \
|
--enable-pwquality \
|
||||||
--enable-gcrypt-pbkdf2 \
|
--enable-gcrypt-pbkdf2 \
|
||||||
--enable-libargon2 \
|
--enable-libargon2 \
|
||||||
|
--with-default-luks-format=LUKS1 \
|
||||||
--with-luks2-lock-path=/run/cryptsetup \
|
--with-luks2-lock-path=/run/cryptsetup \
|
||||||
--with-tmpfilesdir='%{_tmpfilesdir}'
|
--with-tmpfilesdir='%{_tmpfilesdir}'
|
||||||
make %{?_smp_mflags} V=1
|
make %{?_smp_mflags} V=1
|
||||||
|
Loading…
Reference in New Issue
Block a user