SHA256
1
0
forked from pool/cryptsetup
Commit Graph

1 Commits

Author SHA256 Message Date
3dd02a4dcc Accepting request 645498 from home:lnussel:branches:security
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
  Changes since version 2.0.4
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~
  * Wipe full header areas (including unused) during LUKS format.
    Since this version, the whole area up to the data offset is zeroed,
    and subsequently, all keyslots areas are wiped with random data.
    This ensures that no remaining old data remains in the LUKS header
    areas, but it could slow down format operation on some devices.
    Previously only first 4k (or 32k for LUKS2) and the used keyslot
    was overwritten in the format operation.
  * Several fixes to error messages that were unintentionally replaced
    in previous versions with a silent exit code.
    More descriptive error messages were added, including error
    messages if
     - a device is unusable (not a block device, no access, etc.),
     - a LUKS device is not detected,
     - LUKS header load code detects unsupported version,
     - a keyslot decryption fails (also happens in the cipher check),
     - converting an inactive keyslot.
  * Device activation fails if data area overlaps with LUKS header.
  * Code now uses explicit_bzero to wipe memory if available
    (instead of own implementation).
  * Additional VeraCrypt modes are now supported, including Camellia
    and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
    hash function. These were introduced in a recent VeraCrypt upstream.
    Note that Kuznyechik requires out-of-tree kernel module and
    Streebog hash function is available only with the gcrypt cryptographic
    backend for now.

OBS-URL: https://build.opensuse.org/request/show/645498
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 08:59:56 +00:00