|
Packit Service |
a9384c |
Cryptsetup 2.3.1 Release Notes
|
|
Packit Service |
a9384c |
==============================
|
|
Packit Service |
a9384c |
Stable bug-fix release.
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
All users of cryptsetup 2.x should upgrade to this version.
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
Changes since version 2.3.0
|
|
Packit Service |
a9384c |
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
* Support VeraCrypt 128 bytes passwords.
|
|
Packit Service |
a9384c |
VeraCrypt now allows passwords of maximal length 128 bytes
|
|
Packit Service |
a9384c |
(compared to legacy TrueCrypt where it was limited by 64 bytes).
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
* Strip extra newline from BitLocker recovery keys
|
|
Packit Service |
a9384c |
There might be a trailing newline added by the text editor when
|
|
Packit Service |
a9384c |
the recovery passphrase was passed using the --key-file option.
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
* Detect separate libiconv library.
|
|
Packit Service |
a9384c |
It should fix compilation issues on distributions with iconv
|
|
Packit Service |
a9384c |
implemented in a separate library.
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
* Various fixes and workarounds to build on old Linux distributions.
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
* Split lines with hexadecimal digest printing for large key-sizes.
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
* Do not wipe the device with no integrity profile.
|
|
Packit Service |
a9384c |
With --integrity none we performed useless full device wipe.
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
* Workaround for dm-integrity kernel table bug.
|
|
Packit Service |
a9384c |
Some kernels show an invalid dm-integrity mapping table
|
|
Packit Service |
a9384c |
if superblock contains the "recalculate" bit. This causes
|
|
Packit Service |
a9384c |
integritysetup to not recognize the dm-integrity device.
|
|
Packit Service |
a9384c |
Integritysetup now specifies kernel options such a way that
|
|
Packit Service |
a9384c |
even on unpatched kernels mapping table is correct.
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
* Print error message if LUKS1 keyslot cannot be processed.
|
|
Packit Service |
a9384c |
If the crypto backend is missing support for hash algorithms
|
|
Packit Service |
a9384c |
used in PBKDF2, the error message was not visible.
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
* Properly align LUKS2 keyslots area on conversion.
|
|
Packit Service |
a9384c |
If the LUKS1 payload offset (data offset) is not aligned
|
|
Packit Service |
a9384c |
to 4 KiB boundary, new LUKS2 keyslots area in now aligned properly.
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
* Validate LUKS2 earlier on conversion to not corrupt the device
|
|
Packit Service |
a9384c |
if binary keyslots areas metadata are not correct.
|