SHA256
1
0
forked from pool/cryptsetup
Commit Graph

218 Commits

Author SHA256 Message Date
Dominique Leuenberger
f33f765a5e Accepting request 755886 from security
OBS-URL: https://build.opensuse.org/request/show/755886
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=106
2019-12-17 12:29:09 +00:00
6a28f3c770 Accepting request 739355 from home:vitezslav_cizek:branches:security
- Create a weak dependency cycle between libcryptsetup and
  libcryptsetup-hmac to make sure they are installed together
  (bsc#1090768)

OBS-URL: https://build.opensuse.org/request/show/739355
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=151
2019-12-11 15:11:37 +00:00
Dominique Leuenberger
1590108120 Accepting request 701789 from security
retrofit bug number

OBS-URL: https://build.opensuse.org/request/show/701789
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=105
2019-05-14 11:29:48 +00:00
a86aef0410 retrofit bug number for sle
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=149
2019-05-09 11:56:46 +00:00
Yuchen Lin
277dfb964c Accepting request 677121 from security
OBS-URL: https://build.opensuse.org/request/show/677121
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=104
2019-02-20 13:08:36 +00:00
b860f84edd Accepting request 676570 from home:jengelh:branches:security
- Use noun phrase in summary.

OBS-URL: https://build.opensuse.org/request/show/676570
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=147
2019-02-18 12:27:45 +00:00
901c97104c - New version 2.1.0
* The default size of the LUKS2 header is increased to 16 MB.
    It includes metadata and the area used for binary keyslots;
    it means that LUKS header backup is now 16MB in size.
  * Cryptsetup now doubles LUKS default key size if XTS mode is used
    (XTS mode uses two internal keys). This does not apply if key size
    is explicitly specified on the command line and it does not apply
    for the plain mode.
    This fixes a confusion with AES and 256bit key in XTS mode where
    code used AES128 and not AES256 as often expected.
  * Default cryptographic backend used for LUKS header processing is now
    OpenSSL. For years, OpenSSL provided better performance for PBKDF.
  * The Python bindings are no longer supported and the code was removed
    from cryptsetup distribution. Please use the libblockdev project
    that already covers most of the libcryptsetup functionality
    including LUKS2.
  * Cryptsetup now allows using --offset option also for luksFormat.
  * Cryptsetup now supports new refresh action (that is the alias for
    "open --refresh").
  * Integritysetup now supports mode with detached data device through
    new --data-device option.
- 2.1.0 would use LUKS2 as default, we stay with LUKS1 for now until
  someone has time to evaluate the fallout from switching to LUKS2.

OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=146
2019-02-15 14:36:10 +00:00
Dominique Leuenberger
96adeab889 Accepting request 645684 from security
OBS-URL: https://build.opensuse.org/request/show/645684
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=103
2018-11-06 14:25:37 +00:00
3dd02a4dcc Accepting request 645498 from home:lnussel:branches:security
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
  Changes since version 2.0.4
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~
  * Wipe full header areas (including unused) during LUKS format.
    Since this version, the whole area up to the data offset is zeroed,
    and subsequently, all keyslots areas are wiped with random data.
    This ensures that no remaining old data remains in the LUKS header
    areas, but it could slow down format operation on some devices.
    Previously only first 4k (or 32k for LUKS2) and the used keyslot
    was overwritten in the format operation.
  * Several fixes to error messages that were unintentionally replaced
    in previous versions with a silent exit code.
    More descriptive error messages were added, including error
    messages if
     - a device is unusable (not a block device, no access, etc.),
     - a LUKS device is not detected,
     - LUKS header load code detects unsupported version,
     - a keyslot decryption fails (also happens in the cipher check),
     - converting an inactive keyslot.
  * Device activation fails if data area overlaps with LUKS header.
  * Code now uses explicit_bzero to wipe memory if available
    (instead of own implementation).
  * Additional VeraCrypt modes are now supported, including Camellia
    and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
    hash function. These were introduced in a recent VeraCrypt upstream.
    Note that Kuznyechik requires out-of-tree kernel module and
    Streebog hash function is available only with the gcrypt cryptographic
    backend for now.

OBS-URL: https://build.opensuse.org/request/show/645498
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 08:59:56 +00:00
Dominique Leuenberger
873a55aadc Accepting request 630730 from security
- New version 2.0.4
  Changes since version 2.0.3
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~
  * Use the libblkid (blockid) library to detect foreign signatures
    on a device before LUKS format and LUKS2 auto-recovery.
    This change fixes an unexpected recovery using the secondary
    LUKS2 header after a device was already overwritten with
    another format (filesystem or LVM physical volume).
    LUKS2 will not recreate a primary header if it detects a valid
    foreign signature. In this situation, a user must always
    use cryptsetup repair command for the recovery.
    Note that libcryptsetup and utilities are now linked to libblkid
    as a new dependence.
    To compile code without blockid support (strongly discouraged),
    use --disable-blkid configure switch.
  * Add prompt for format and repair actions in cryptsetup and
    integritysetup if foreign signatures are detected on the device
    through the blockid library.
    After the confirmation, all known signatures are then wiped as
    part of the format or repair procedure.
  * Print consistent verbose message about keyslot and token numbers.
    For keyslot actions: Key slot <number> unlocked/created/removed.
    For token actions: Token <number> created/removed.
  * Print error, if a non-existent token is tried to be removed.
  * Add support for LUKS2 token definition export and import.
    The token command now can export/import customized token JSON file
    directly from command line. See the man page for more details.
  * Add support for new dm-integrity superblock version 2.
  * Add an error message when nothing was read from a key file.
  * Update cryptsetup man pages, including --type option usage.

OBS-URL: https://build.opensuse.org/request/show/630730
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=102
2018-08-28 07:22:31 +00:00
405535408f fix
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=142
2018-08-21 09:23:54 +00:00
b9976bf5b8 - New version 2.0.4
Changes since version 2.0.3
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~
  * Use the libblkid (blockid) library to detect foreign signatures
    on a device before LUKS format and LUKS2 auto-recovery.
    This change fixes an unexpected recovery using the secondary
    LUKS2 header after a device was already overwritten with
    another format (filesystem or LVM physical volume).
    LUKS2 will not recreate a primary header if it detects a valid
    foreign signature. In this situation, a user must always
    use cryptsetup repair command for the recovery.
    Note that libcryptsetup and utilities are now linked to libblkid
    as a new dependence.
    To compile code without blockid support (strongly discouraged),
    use --disable-blkid configure switch.
  * Add prompt for format and repair actions in cryptsetup and
    integritysetup if foreign signatures are detected on the device
    through the blockid library.
    After the confirmation, all known signatures are then wiped as
    part of the format or repair procedure.
  * Print consistent verbose message about keyslot and token numbers.
    For keyslot actions: Key slot <number> unlocked/created/removed.
    For token actions: Token <number> created/removed.
  * Print error, if a non-existent token is tried to be removed.
  * Add support for LUKS2 token definition export and import.
    The token command now can export/import customized token JSON file
    directly from command line. See the man page for more details.
  * Add support for new dm-integrity superblock version 2.
  * Add an error message when nothing was read from a key file.
  * Update cryptsetup man pages, including --type option usage.

OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=141
2018-08-21 07:44:40 +00:00
Dominique Leuenberger
7375ef6f52 Accepting request 574742 from security
OBS-URL: https://build.opensuse.org/request/show/574742
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=101
2018-02-13 09:25:18 +00:00
6a3a5ab46f Accepting request 574741 from home:AndreasStieger:branches:security
untested 2.0.1

OBS-URL: https://build.opensuse.org/request/show/574741
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=139
2018-02-09 15:48:12 +00:00
Dominique Leuenberger
d2aa865791 Accepting request 562805 from security
- Update to version 2.0.0:
  * Add support for new on-disk LUKS2 format
  * Enable to use system libargon2 instead of bundled version
  * Install tmpfiles.d configuration for LUKS2 locking directory
  * New command integritysetup: support for the new dm-integrity kernel target
  * Support for larger sector sizes for crypt devices
  * Miscellaneous fixes and improvements

OBS-URL: https://build.opensuse.org/request/show/562805
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=100
2018-01-31 18:48:16 +00:00
d84b0a491a OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=137 2018-01-09 09:48:53 +00:00
7cb1ae6064 Accepting request 561151 from home:archie172:branches:security
- Update to version 2.0.0:
  * Add support for new on-disk LUKS2 format
  * Enable to use system libargon2 instead of bundled version
  * Install tmpfiles.d configuration for LUKS2 locking directory
  * New command integritysetup: support for the new dm-integrity kernel target
  * Support for larger sector sizes for crypt devices
  * Miscellaneous fixes and improvements

OBS-URL: https://build.opensuse.org/request/show/561151
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=136
2018-01-09 08:52:58 +00:00
Dominique Leuenberger
e2bd3202b3 Accepting request 492821 from security
1

OBS-URL: https://build.opensuse.org/request/show/492821
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=99
2017-05-10 18:34:03 +00:00
04c288cc69 Accepting request 492031 from home:pluskalm:branches:security
- Update to version 1.7.5:
  * Fixes to luksFormat to properly support recent kernel running
    in FIPS mode.
  * Fixes accesses to unaligned hidden legacy TrueCrypt header.
  * Fixes to optional dracut ramdisk scripts for offline
    re-encryption on initial boot.

OBS-URL: https://build.opensuse.org/request/show/492031
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=134
2017-05-04 09:42:46 +00:00
Yuchen Lin
d82cae9dac Accepting request 481749 from security
1

OBS-URL: https://build.opensuse.org/request/show/481749
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=98
2017-04-07 12:17:28 +00:00
96565497db Accepting request 480910 from home:pluskalm:branches:security
- Update to version 1.7.4:

OBS-URL: https://build.opensuse.org/request/show/480910
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=132
2017-03-21 11:44:43 +00:00
Dominique Leuenberger
47cacbabc0 Accepting request 423052 from security
1

OBS-URL: https://build.opensuse.org/request/show/423052
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=97
2016-08-28 10:17:20 +00:00
Alexander Naumov
5b2dc6e33d Accepting request 422113 from home:Alexander_Naumov:branches:security
Update to version 1.7.2

OBS-URL: https://build.opensuse.org/request/show/422113
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=130
2016-08-26 11:48:47 +00:00
Dominique Leuenberger
8d993e85ec Accepting request 357344 from security
1

OBS-URL: https://build.opensuse.org/request/show/357344
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=96
2016-02-12 10:20:59 +00:00
4f8e236159 Accepting request 352690 from home:benoit_monin:branches:security
update to 1.7.0

OBS-URL: https://build.opensuse.org/request/show/352690
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=128
2016-02-02 11:57:35 +00:00
Dominique Leuenberger
323c74e83b Accepting request 350182 from security
1

OBS-URL: https://build.opensuse.org/request/show/350182
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=95
2015-12-23 08:56:19 +00:00
36e909287e Accepting request 349019 from home:tiwai:branches:security
- Fix missing dependency on coreutils for initrd macros (boo#958562)
- Call missing initrd macro at postun (boo#958562)

OBS-URL: https://build.opensuse.org/request/show/349019
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=126
2015-12-21 11:53:09 +00:00
Dominique Leuenberger
8c796b5e04 Accepting request 338019 from security
1

OBS-URL: https://build.opensuse.org/request/show/338019
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=94
2015-10-20 14:21:29 +00:00
ce789c545b Accepting request 329788 from home:adra:branches:security
Update to 1.6.8

OBS-URL: https://build.opensuse.org/request/show/329788
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=124
2015-10-12 09:14:03 +00:00
Dominique Leuenberger
8bdd24a00d Accepting request 295656 from security
1

OBS-URL: https://build.opensuse.org/request/show/295656
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=93
2015-04-21 10:02:13 +00:00
2ebbcc2226 Accepting request 295595 from home:elvigia:branches:security
- Enable verbose build log. 

- regenerate the initrd if cryptsetup tool changes
  (wanted by 90crypt dracut module)

OBS-URL: https://build.opensuse.org/request/show/295595
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=122
2015-04-13 09:46:51 +00:00
Dominique Leuenberger
d3e63f96b0 Accepting request 294961 from security
1

OBS-URL: https://build.opensuse.org/request/show/294961
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=92
2015-04-10 07:44:54 +00:00
da8c646220 Accepting request 294152 from home:pluskalm:branches:security
- Update to 1.6.7

OBS-URL: https://build.opensuse.org/request/show/294152
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=120
2015-04-08 12:54:34 +00:00
Stephan Kulow
c702d47d37 Accepting request 249222 from security
version 1.6.6 (forwarded request 249180 from adra)

OBS-URL: https://build.opensuse.org/request/show/249222
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=91
2014-09-17 19:24:38 +00:00
245087ea13 Accepting request 249180 from home:adra:branches:security
version 1.6.6

OBS-URL: https://build.opensuse.org/request/show/249180
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=118
2014-09-15 09:54:57 +00:00
Stephan Kulow
6136ac7941 Accepting request 246424 from security
1

OBS-URL: https://build.opensuse.org/request/show/246424
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=89
2014-08-27 20:18:06 +00:00
a823d6ea4c Accepting request 245748 from home:msmeissn:branches:security
- Use --enable-gcrypt-pbkdf2 to use the PBKDFv2 method from libgcrypt.

OBS-URL: https://build.opensuse.org/request/show/245748
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=116
2014-08-26 06:33:53 +00:00
10401f6d08 Accepting request 244510 from security
1

OBS-URL: https://build.opensuse.org/request/show/244510
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=88
2014-08-15 07:55:25 +00:00
9d75fbda81 Accepting request 244369 from home:adra:branches:security
version 1.6.5, Updated build requirements

OBS-URL: https://build.opensuse.org/request/show/244369
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=114
2014-08-13 07:59:19 +00:00
110c3d1016 Accepting request 244329 from home:msmeissn:branches:security
- libcryptsetup4-hmac split off contain the hmac for FIPS certification

OBS-URL: https://build.opensuse.org/request/show/244329
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=113
2014-08-12 13:38:20 +00:00
Stephan Kulow
46036de7cc Accepting request 239882 from security
1

OBS-URL: https://build.opensuse.org/request/show/239882
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=87
2014-07-13 15:15:27 +00:00
5c09e34343 Accepting request 235564 from home:msmeissn:branches:security
- version 1.6.4
  - new tarball / signature location
  * Implement new erase (with alias luksErase) command.
  * Add internal "whirlpool_gcryptbug hash" for accessing flawed
    Whirlpool hash in gcrypt (requires gcrypt 1.6.1 or above).
  * Allow to use --disable-gcrypt-pbkdf2 during configuration
    to force use internal PBKDF2 code.
  * Require gcrypt 1.6.1 for imported implementation of PBKDF2
    (PBKDF2 in gcrypt 1.6.0 is too slow).
  * Add --keep-key to cryptsetup-reencrypt.
  * By default verify new passphrase in luksChangeKey and luksAddKey
    commands (if input is from terminal).
  * Fix memory leak in Nettle crypto backend.
  * Support --tries option even for TCRYPT devices in cryptsetup.
  * Support --allow-discards option even for TCRYPT devices.
    (Note that this could destroy hidden volume and it is not suggested
    by original TrueCrypt security model.)
  * Link against -lrt for clock_gettime to fix undefined reference
    to clock_gettime error (introduced in 1.6.2).
  * Fix misleading error message when some algorithms are not available.
  * Count system time in PBKDF2 benchmark if kernel returns no self
    usage info.

OBS-URL: https://build.opensuse.org/request/show/235564
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=111
2014-07-08 11:55:23 +00:00
Stephan Kulow
9396118766 Accepting request 231183 from security
- remove dependency on gpg-offline (source_validator already
  checks for gpg integrity) (forwarded request 231181 from lnussel)

OBS-URL: https://build.opensuse.org/request/show/231183
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=86
2014-04-26 15:01:54 +00:00
a5a193c2f7 Accepting request 231181 from home:dirkmueller:branches:security
- remove dependency on gpg-offline (source_validator already
  checks for gpg integrity)

OBS-URL: https://build.opensuse.org/request/show/231181
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=109
2014-04-23 16:25:27 +00:00
Stephan Kulow
a44c443eb1 Accepting request 211316 from security
- version 1.6.3 
* Fix cryptsetup reencryption tool to work properly 
  with devices using 4kB sectors.
* Rewrite cipher benchmark loop which was unreliable on very fast machines.
* Support activation of old TrueCrypt containers (requires kernel 3.13)
* Other bugfixes. (forwarded request 210973 from lnussel)

OBS-URL: https://build.opensuse.org/request/show/211316
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=85
2013-12-19 11:39:34 +00:00
7d203f1cbd Accepting request 210973 from home:elvigia:branches:security
- version 1.6.3 
* Fix cryptsetup reencryption tool to work properly 
  with devices using 4kB sectors.
* Rewrite cipher benchmark loop which was unreliable on very fast machines.
* Support activation of old TrueCrypt containers (requires kernel 3.13)
* Other bugfixes.

OBS-URL: https://build.opensuse.org/request/show/210973
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=107
2013-12-18 07:35:57 +00:00
Stephan Kulow
27bee42f51 Accepting request 196348 from security
- cryptsetup 1.6.2
* Print error and fail if more device arguments 
  are present for isLuks command.
* Fix cipher specification string parsing 
(found by gcc -fsanitize=address option).
* Try to map TCRYPT system encryption through partitions
* Workaround for some recent changes in automake (forwarded request 185875 from lnussel)

OBS-URL: https://build.opensuse.org/request/show/196348
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=83
2013-08-30 09:33:17 +00:00
97c0fc2e1f Accepting request 185875 from home:elvigia:branches:security
- cryptsetup 1.6.2
* Print error and fail if more device arguments 
  are present for isLuks command.
* Fix cipher specification string parsing 
(found by gcc -fsanitize=address option).
* Try to map TCRYPT system encryption through partitions
* Workaround for some recent changes in automake

OBS-URL: https://build.opensuse.org/request/show/185875
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=105
2013-08-26 08:24:57 +00:00
Stephan Kulow
a17cc78ed0 Accepting request 181818 from security
- cryptsetup 1.6.1
 * Fix loop-AES keyfile parsing.
 * Fix passphrase pool overflow for too long TCRYPT passphrase.
 * Fix deactivation of device when failed underlying node disappeared.
- There is a bug in the released tarball, due to HAVE_BYTESWAP_H
  and HAVE_ENDIAN_H not properly handled by the buildsystem. A
  patch with permanent solution was sent and accepted upstream
  and will appear in the next release, for now an spec file workaround
  is in place, remove in the next update. (forwarded request 181807 from elvigia)

OBS-URL: https://build.opensuse.org/request/show/181818
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=82
2013-07-03 14:29:37 +00:00
Dr. Werner Fink
ba19ad260a Accepting request 181807 from home:elvigia:branches:security
- cryptsetup 1.6.1
 * Fix loop-AES keyfile parsing.
 * Fix passphrase pool overflow for too long TCRYPT passphrase.
 * Fix deactivation of device when failed underlying node disappeared.
- There is a bug in the released tarball, due to HAVE_BYTESWAP_H
  and HAVE_ENDIAN_H not properly handled by the buildsystem. A
  patch with permanent solution was sent and accepted upstream
  and will appear in the next release, for now an spec file workaround
  is in place, remove in the next update.

OBS-URL: https://build.opensuse.org/request/show/181807
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=103
2013-07-02 20:45:10 +00:00