forked from pool/cryptsetup
Ludwig Nussel
3dd02a4dcc
- Suggest hmac package (boo#1090768) - remove old upgrade hack for upgrades from 12.1 - New version 2.0.5 Changes since version 2.0.4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Wipe full header areas (including unused) during LUKS format. Since this version, the whole area up to the data offset is zeroed, and subsequently, all keyslots areas are wiped with random data. This ensures that no remaining old data remains in the LUKS header areas, but it could slow down format operation on some devices. Previously only first 4k (or 32k for LUKS2) and the used keyslot was overwritten in the format operation. * Several fixes to error messages that were unintentionally replaced in previous versions with a silent exit code. More descriptive error messages were added, including error messages if - a device is unusable (not a block device, no access, etc.), - a LUKS device is not detected, - LUKS header load code detects unsupported version, - a keyslot decryption fails (also happens in the cipher check), - converting an inactive keyslot. * Device activation fails if data area overlaps with LUKS header. * Code now uses explicit_bzero to wipe memory if available (instead of own implementation). * Additional VeraCrypt modes are now supported, including Camellia and Kuznyechik symmetric ciphers (and cipher chains) and Streebog hash function. These were introduced in a recent VeraCrypt upstream. Note that Kuznyechik requires out-of-tree kernel module and Streebog hash function is available only with the gcrypt cryptographic backend for now. OBS-URL: https://build.opensuse.org/request/show/645498 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144 |
||
---|---|---|
.gitattributes | ||
.gitignore | ||
baselibs.conf | ||
cryptsetup-2.0.5.tar.sign | ||
cryptsetup-2.0.5.tar.xz | ||
cryptsetup.changes | ||
cryptsetup.keyring | ||
cryptsetup.spec |