rpm/cryptsetup
SHA256
1
0
Fork 0
forked from pool/cryptsetup
Code Pull Requests Activity
0354a9dd68
cryptsetup/cryptsetup.changes
Ludwig Nussel 0354a9dd68 - boot.crypto: 
* don't use hashalot if keyfile is specified
  * to comply with Debian, keyscripts must only output the password.
    In order to allow keyscript to use different methods to retrieve
    a key, add a keyscript_rawkey option.

OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=17
2009-09-24 13:40:40 +00:00

438 lines
16 KiB
Plaintext
Raw Blame History

-------------------------------------------------------------------
Thu Sep 24 13:36:52 UTC 2009 - lnussel@suse.de
- boot.crypto:
* don't use hashalot if keyfile is specified
* to comply with Debian, keyscripts must only output the password.
In order to allow keyscript to use different methods to retrieve
a key, add a keyscript_rawkey option.
-------------------------------------------------------------------
Mon Sep 21 08:51:40 UTC 2009 - lnussel@suse.de
- boot.crypto:
* fix test for keyfile (bnc#540363)
-------------------------------------------------------------------
Wed Sep 16 12:49:07 UTC 2009 - lnussel@suse.de
- boot.crypto:
* 2.6.31 requires the cryptomgr module in the initrd (bnc#535013)
-------------------------------------------------------------------
Tue Sep 15 13:20:59 UTC 2009 - lnussel@suse.de
- boot.crypto:
* uppercase variables exported to keyscript in anticipation of
Debian adopting the implementation
-------------------------------------------------------------------
Fri Sep 4 10:04:05 UTC 2009 - lnussel@suse.de
- boot.crypto:
* fix setting options without parameter
* infinite retries in initrd
* tries=0 means infinite tries
* implement retries in the script to make it work with keyscripts and non-luks volumes
* keyscript support (fate#302628)
* remove the option to fsck the fs as it actually never worked
* fix initrd option parsing
-------------------------------------------------------------------
Thu Aug 27 06:59:55 UTC 2009 - lnussel@suse.de
- new cryptsetup version 1.0.7
* Allow removal of last slot in luksRemoveKey and luksKillSlot.
* Reject unsupported --offset and --skip options for luksFormat and update man page.
* Various man page fixes.
* Set UUID in device-mapper for LUKS devices.
* Retain readahead of underlying device.
* Display device name when asking for password.
* Check device size when loading LUKS header. Remove misleading error message later.
* Add error hint if dm-crypt mapping failed.
* Use better error messages if device doesn't exist or is already used by other mapping.
* Fix make distcheck.
* Check if all slots are full during luksAddKey.
* Fix segfault in set_error.
* Code cleanups, remove precompiled pot files, remove unnecessary files from po directory
* Fix uninitialized return value variable in setup.c.
* Code cleanups. (thanks to Ivan Stankovic)
* Fix wrong output for remaining key at key deletion.
* Allow deletion of key slot while other keys have the same key information.
* Add missing AM_PROG_CC_C_O to configure.in
* Remove duplicate sentence in man page.
* Wipe start of device (possible fs signature) before LUKS-formatting.
* Do not process configure.in in hidden directories.
* Return more descriptive error in case of IO or header format error.
* Use remapping to error target instead of calling udevsettle for temporary crypt device.
* Check device mapper communication and warn user if device-mapper support missing in kernel.
* Fix signal handler to properly close device.
* write_lseek_blockwise: declare innerCount outside the if block.
* add -Wall to the default CFLAGS. fix some signedness issues.
* Error handling improvement.
* Add non-exclusive override to interface definition.
* Refactor key slot selection into keyslot_from_option.
-------------------------------------------------------------------
Wed Aug 19 14:08:40 CEST 2009 - lnussel@suse.de
- boot.crypto:
* set infinite timeout during 2nd stage (bnc#456004)
-------------------------------------------------------------------
Mon Jul 13 08:56:56 UTC 2009 - lnussel@suse.de
- boot.crypto:
* wait for device before calling luksOpen (bnc#521446)
-------------------------------------------------------------------
Wed Jun 17 11:30:08 CEST 2009 - coolo@novell.com
- fix link order
-------------------------------------------------------------------
Thu Jun 11 21:36:28 CEST 2009 - coolo@novell.com
- fix compile with glibc 2.10
-------------------------------------------------------------------
Thu Apr 2 09:33:22 CEST 2009 - lnussel@suse.de
- boot.crypto:
* resolve symlinks when searching for loop devices (bnc#490170)
* add extra man page tags to avoid FIXME output of docbook
* don't pipe password if there's only one device to open
* update copyright information
* fix spelling and actually stop in pre_stop_hook
* introduce initrd option in crypttab (bnc#465711)
-------------------------------------------------------------------
Fri Mar 6 13:01:44 CET 2009 - lnussel@suse.de
- boot.crypto:
* print dm name instead of physdev (bnc#456664)
* make prompt work with infinite timeout (bnc#466405)
* implement pre-stop hook (bnc#481870)
* remove hardcoded loop device number limit (bnc#481872)
* Warn if using a non-absolute path for physdev in crypttab
- hashalot: compute hash of empty passphrase if not interactive
(bnc#475135)
-------------------------------------------------------------------
Tue Mar 3 16:27:23 CET 2009 - lnussel@suse.de
- fix boot.crypto doesn't care on tries flag in crypttab (bnc#480741)
- mkinitrd scripts now included in boot.crypto git
-------------------------------------------------------------------
Thu Feb 26 15:34:06 CET 2009 - mhopf@suse.de
- Fix segfault with oversized hashes (bnc #476290).
-------------------------------------------------------------------
Wed Feb 25 13:47:43 CET 2009 - jsmeix@suse.de
- Fixed initrd LUKS password annoyance in mkinitrd-boot.sh and
mkinitrd-setup.sh when the same password is used for all
partitions. In this case the password is now only asked
once (bnc#465711).
-------------------------------------------------------------------
Sun Dec 14 12:27:34 CET 2008 - bwalle@suse.de
- Fix LUKS root partition residing on a soft raid (bnc#358341)
-------------------------------------------------------------------
Mon Nov 3 14:03:33 CET 2008 - mkoenig@suse.de
- boot.crypto-early: explicitly start before boot.localfs
-------------------------------------------------------------------
Fri Sep 12 16:40:03 CEST 2008 - mkoenig@suse.de
- branch off shlib to subpackage libcryptsetup0
- rename cryptsetup-devel to libcryptsetup-devel
-------------------------------------------------------------------
Wed Sep 3 11:09:34 CEST 2008 - hare@suse.de
- Call mkinitrd_setup during %post and %postun (bnc#413709)
-------------------------------------------------------------------
Wed Aug 20 15:20:06 CEST 2008 - mkoenig@suse.de
- enable SELinux support (fate#303662)
-------------------------------------------------------------------
Wed Aug 13 11:21:14 CEST 2008 - mkoenig@suse.de
- boot.crypto:
* Fix init script tags
-------------------------------------------------------------------
Fri Aug 8 11:42:10 CEST 2008 - mkoenig@suse.de
- boot.crypto:
* Provide some reasonable exit status (bnc#409502)
-------------------------------------------------------------------
Wed Jul 23 15:44:31 CEST 2008 - hare@suse.de
- Include mkinitrd scriptlets.
-------------------------------------------------------------------
Wed Jul 23 13:05:20 CEST 2008 - mkoenig@suse.de
- use /sbin/udevadm settle instead of /sbin/udevsettle (bnc#404875)
-------------------------------------------------------------------
Tue May 6 12:36:49 CEST 2008 - mkoenig@suse.de
- load loop module in boot.crypto-early as it might be needed.
It is previously initially loaded by boot.localfs.
-------------------------------------------------------------------
Wed Apr 9 15:59:09 CEST 2008 - mkoenig@suse.de
- add support for boot.crypto-early (bnc#355824)
needed to encrypt block devices for usage with LVM or MD
adds a new option 'noearly' for crypttab, which will skip
the device in boot.crypto-early.
-------------------------------------------------------------------
Wed Feb 27 12:10:32 CET 2008 - mkoenig@suse.de
- update to svn revision 46:
* fix out of bound for key index in delKey (bnc#360041)
* Add typo fixes to the cryptsetup.8 manpage
* Add key-slot patch
* Remove O_EXCL requirement for certain LUKS operations
* mention luksKillSlot in the manpage
-------------------------------------------------------------------
Mon Feb 4 16:22:42 CET 2008 - lnussel@suse.de
- boot.crypto:
* check for columns of terminal (bnc#337614)
* enhance crypttab manpage (bnc#351061)
* check for fs_passno (bnc#345339)
-------------------------------------------------------------------
Wed Jan 9 12:07:14 CET 2008 - lnussel@suse.de
- upgrade to svn revision 42 which includes previous patches
- boot.crypto:
* don't mount read-only as safety check (bnc#345338)
* implement precheck scripts
* allow restarting of single volumes (bnc#345605)
* status query of individual devices (bnc#345605)
* add vol_id check script
* maintain boot.crypto stuff in revision control and use tarball
snapshots of it
-------------------------------------------------------------------
Thu Nov 29 13:47:24 CET 2007 - lnussel@suse.de
- upgrade to svn revision 38
-------------------------------------------------------------------
Wed Nov 7 12:40:02 CET 2007 - mkoenig@suse.de
- add %fillup_prereq and %insserv_prereq to PreReq
-------------------------------------------------------------------
Tue Oct 16 10:38:35 CEST 2007 - lnussel@suse.de
- upgrade to svn revision 31
* Rename luksDelKey into luksKillSlot
* Add luksRemoveKey that queries a given key before removal
* Fix segfault in luksOpen.
* Add LUKS_device_ready check for most LUKS calls, so that
cryptsetup dies before password querying in case a blockdev is
unavailable
* For LUKS key material access require exclusive access to the
underlying device. This will prevent multiple mappings onto a
single LUKS device. dm*crypt doesn't feature any syncing
capabilities, hence there is no real application for this as it
will likely lead to disk corruption.
* Add signal handler to keyencryption to free the temporary
mapping in case the user hits ctrl-c.
-------------------------------------------------------------------
Mon Aug 27 16:25:54 CEST 2007 - lnussel@suse.de
- remove /var/run/keymap from previous boot to make /etc/init.d/kbd
work (#296409)
-------------------------------------------------------------------
Mon Aug 27 10:42:32 CEST 2007 - lnussel@suse.de
- run fsck with progressbar (#304750)
-------------------------------------------------------------------
Thu Jun 21 16:06:53 CEST 2007 - mkoenig@suse.de
- run udevsettle to avoid problems with busy temporary
device mapper devices [#285478]
-------------------------------------------------------------------
Mon Jun 11 09:23:24 CEST 2007 - lnussel@suse.de
- rephrase error message (#279169)
-------------------------------------------------------------------
Fri Jun 1 10:07:14 CEST 2007 - lnussel@suse.de
- rename util-linux-crypto to cryptsetup
- remove dmconvert
- replace svn snapshot with official 1.0.5 release
- don't enable boot.crypto by default
-------------------------------------------------------------------
Tue May 29 15:58:44 CEST 2007 - lnussel@suse.de
- fix segfault when trying to open a non existing device
- fix gcc warnings
- add Short-Description to boot.crypto
- use %find_lang
-------------------------------------------------------------------
Wed May 9 14:52:00 CEST 2007 - lnussel@suse.de
- boot.crypto: implement 'status'
- boot.crypto: accept argument to start/stop single devices
-------------------------------------------------------------------
Wed May 9 10:40:28 CEST 2007 - lnussel@suse.de
- hashalot: add timeout option
-------------------------------------------------------------------
Wed May 9 09:40:42 CEST 2007 - lnussel@suse.de
- fix build
-------------------------------------------------------------------
Tue May 8 15:16:41 CEST 2007 - lnussel@suse.de
- boot.crypto: switch off splash screen only when needed
- boot.crypto: report status for individual volumes instead of using one global
exit status
- hashalot: exit unsucessfully on empty passphrase
-------------------------------------------------------------------
Tue May 8 10:43:24 CEST 2007 - lnussel@suse.de
- boot.crypto: sleep a bit longer before overwriting the prompt
- boot.crypto: add support for pseed and itercountk options
- boot.crypto: skip entries with unsupported/unknown options
- hashalot: add support for itercountk
-------------------------------------------------------------------
Fri May 4 16:38:11 CEST 2007 - lnussel@suse.de
- upgrade cryptsetup to current svn revision 30 which includes
previous patches.
- fix background prompt process not getting killed on ctrl-d in
boot.crypto
-------------------------------------------------------------------
Fri Apr 27 15:46:05 CEST 2007 - lnussel@suse.de
- upgrade cryptsetup to current svn revision 26. Does no longer hang
when a file is specified instead of a device.
- remove obsolete cryptsetup.sh script
- boot.crypto:
* drop support for cryptoloop, use cryptsetup also for cryptotab
* refactor code and create reusable components for use in cryptotab
and crypttab code path
* run sulogin only during boot if fsck failed
* support crypttab's 'tries' option
- add crypttab manpage based on Debian one
-------------------------------------------------------------------
Tue Apr 24 17:38:40 CEST 2007 - lnussel@suse.de
- add boot.crypto (#257884)
- add crypttab and cryptotab as %ghost to filelist
-------------------------------------------------------------------
Tue Mar 27 10:22:48 CEST 2007 - mkoenig@suse.de
- move devel .so link to %{libdir}
- run ldconfig, since we have now a shared lib installed
-------------------------------------------------------------------
Fri Mar 23 16:18:12 CET 2007 - dmueller@suse.de
- cryptsetup can now link shared since libpopt is
no longer under /usr
-------------------------------------------------------------------
Fri Mar 9 12:06:53 CET 2007 - lnussel@suse.de
- add patch to support old loop_fish2 key hash method
-------------------------------------------------------------------
Thu Dec 7 18:33:01 CET 2006 - mkoenig@suse.de
- update cryptsetup to version 1.0.4:
* added terminal timeout rewrite
* allow user selection of key slot
* reading binary keys from stdin using the "-" as key file
* fix 64 bit compiler warning issues.
* fix getline problem for 64-bit archs.
-------------------------------------------------------------------
Fri Oct 13 11:30:19 CEST 2006 - mkoenig@suse.de
- fix build failure due to missing pthreads
-------------------------------------------------------------------
Wed Sep 13 12:39:27 CEST 2006 - hvogel@suse.de
- use the LUKS version of cryptsetup
- split -devel subpackage for libcryptsetup
- remove patches because they are in the new cryptsetup
* cryptsetup-0.1-static.patch
* cryptsetup-0.1-retval.patch
* cryptsetup-0.1-dmi.exists.patch
* cryptsetup-0.1-timeout.patch
- use man page from the new cryptsetup
-------------------------------------------------------------------
Tue May 16 11:03:08 CEST 2006 - hvogel@suse.de
- Fix cryptsetup to work when the device does not exist yet
[#175931]
-------------------------------------------------------------------
Wed Jan 25 21:42:28 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Mon Dec 19 14:46:30 CET 2005 - mmj@suse.de
- Remove symlinks to hashalot we don't want
-------------------------------------------------------------------
Thu Oct 13 15:04:29 CEST 2005 - hvogel@suse.de
- Fix uninitialized var in dmconvert. Add
* dmconvert-0.2-uninitialized.patch
- Fix return value in cryptsetup. Add
* cryptsetup-0.1-retval.patch
-------------------------------------------------------------------
Wed Jun 29 14:28:32 CEST 2005 - hvogel@suse.de
- Link cryptsetup static so it can be in /sbin and you can get
/usr over nfs or even crypted
-------------------------------------------------------------------
Mon May 9 17:23:39 CEST 2005 - hvogel@suse.de
- New package, Version 2.12q
View Git Blame Copy Permalink