mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-05 16:00:05 +01:00
3106b4e2c1
Reported by `git ls-tree -rz --name-only | grep -Evz -e '\.(pdf|xz)$' -e ^po/ | xargs -r0 spellintian --`. All changes are documentation-related (comments, manuals, etc.) except for s/fial/fail/ in tests/unit-wipe-test. The remaining entry are AFAICT all false positives, mostly annotations such as `@param name name of xyz` or `struct foo foo`: $ git ls-tree -rz HEAD --name-only | grep -Evz -e '\.(pdf|xz)$' -e ^po/ | xargs -r0 spellintian -- COPYING.LGPL: "GNU Library Public License" -> "GNU Library General Public License" autogen.sh: echo echo (duplicate word) -> echo configure.ac: fi fi (duplicate word) -> fi docs/v1.7.2-ReleaseNotes: option option (duplicate word) -> option lib/crypto_backend/cipher_check.c: block block (duplicate word) -> block lib/libcryptsetup.h: name name (duplicate word) -> name lib/libcryptsetup.h: type type (duplicate word) -> type lib/libcryptsetup.h: passphrase passphrase (duplicate word) -> passphrase lib/libcryptsetup.h: flags flags (duplicate word) -> flags lib/libcryptsetup.h: password password (duplicate word) -> password lib/libcryptsetup.h: salt salt (duplicate word) -> salt lib/libcryptsetup.h: keyslot keyslot (duplicate word) -> keyslot lib/libcryptsetup.h: priority priority (duplicate word) -> priority lib/libcryptsetup.h: offset offset (duplicate word) -> offset lib/libcryptsetup.h: length length (duplicate word) -> length lib/libcryptsetup.h: keyfile keyfile (duplicate word) -> keyfile lib/libcryptsetup.h: token token (duplicate word) -> token lib/libcryptsetup.h: cipher cipher (duplicate word) -> cipher lib/libcryptsetup.h: size size (duplicate word) -> size lib/luks2/luks2_json_metadata.c: long long (duplicate word) -> long lib/luks2/luks2_keyslot_luks2.c: AFEKSize AFEKSize (duplicate word) -> AFEKSize lib/luks2/luks2_reencrypt.c: alignment alignment (duplicate word) -> alignment lib/luks2/luks2_reencrypt_digest.c: ptr ptr (duplicate word) -> ptr lib/luks2/luks2_reencrypt_digest.c: buffer buffer (duplicate word) -> buffer lib/luks2/luks2_segment.c: min min (duplicate word) -> min lib/verity/verity_fec.c: blocks blocks (duplicate word) -> blocks man/cryptsetup.8.adoc: LUKS LUKS (duplicate word) -> LUKS scripts/cryptsetup.conf.in: root root (duplicate word) -> root src/Makemodule.am: endif endif (duplicate word) -> endif src/cryptsetup.c: long long (duplicate word) -> long src/utils_args.c: long long (duplicate word) -> long tests/compat-test2: fi fi (duplicate word) -> fi tests/device-test: echo echo (duplicate word) -> echo tests/differ.c: long long (duplicate word) -> long tests/loopaes-test: done done (duplicate word) -> done tests/luks2-integrity-test: aead aead (duplicate word) -> aead tests/luks2-reencryption-test: fi fi (duplicate word) -> fi tests/mode-test: done done (duplicate word) -> done tests/password-hash-test: cat cat (duplicate word) -> cat tests/password-hash-test: fi fi (duplicate word) -> fi tests/unit-wipe.c: long long (duplicate word) -> long tests/verity-compat-test: done done (duplicate word) -> done tests/verity-compat-test: fi fi (duplicate word) -> fi tokens/ssh/cryptsetup-ssh.c: argp argp (duplicate word) -> argp tokens/ssh/cryptsetup-ssh.c: arguments arguments (duplicate word) -> arguments (Treated COPYING.LGPL as a false positive too since it's the exact text from https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html .)
55 lines
2.4 KiB
Plaintext
55 lines
2.4 KiB
Plaintext
Cryptsetup 1.6.5 Release Notes
|
|
==============================
|
|
|
|
Changes since version 1.6.4
|
|
|
|
* Allow LUKS header operation handling without requiring root privilege.
|
|
It means that you can manipulate with keyslots as a regular user, only
|
|
write access to device (or image) is required.
|
|
|
|
This requires kernel crypto wrapper (similar to TrueCrypt device handling)
|
|
to be available (CRYPTO_USER_API_SKCIPHER kernel option).
|
|
If this kernel interface is not available, code fallbacks to old temporary
|
|
keyslot device creation (where root privilege is required).
|
|
|
|
Note that activation, deactivation, resize and suspend operations still
|
|
need root privilege (limitation of kernel device-mapper backend).
|
|
|
|
* Fix internal PBKDF2 key derivation function implementation for alternative
|
|
crypto backends (kernel, NSS) which do not support PBKDF2 directly and have
|
|
issues with longer HMAC keys.
|
|
|
|
This fixes the problem for long keyfiles where either calculation is too slow
|
|
(because of internal rehashing in every iteration) or there is a limit
|
|
(kernel backend seems to not support HMAC key longer than 20480 bytes).
|
|
|
|
(Note that for recent version of gcrypt, nettle or openssl the internal
|
|
PBKDF2 code is not compiled in and crypto library internal functions are
|
|
used instead.)
|
|
|
|
* Support for Python3 for simple Python binding.
|
|
Python >= 2.6 is now required. You can set Python compiled version by setting
|
|
--with-python_version configure option (together with --enable-python).
|
|
|
|
* Use internal PBKDF2 in Nettle library for Nettle crypto backend.
|
|
Cryptsetup compilation requires Nettle >= 2.6 (if using Nettle crypto backend).
|
|
|
|
* Allow simple status of crypt device without providing metadata header.
|
|
The command "cryptsetup status" will print basic info, even if you
|
|
do not provide detached header argument.
|
|
|
|
* Allow one to specify ECB mode in cryptsetup benchmark.
|
|
|
|
* Add some LUKS images for regression testing.
|
|
Note that if image with Whirlpool fails, the most probable cause is that
|
|
you have old gcrypt library with flawed whirlpool hash.
|
|
Read FAQ section 8.3 for more info.
|
|
|
|
Cryptsetup API NOTE:
|
|
The direct terminal handling for passphrase entry will be removed from
|
|
libcryptsetup in next major version (application should handle it itself).
|
|
|
|
It means that you have to always either provide password in buffer or set
|
|
your own password callback function trhough crypt_set_password_callback().
|
|
See API documentation (or libcryptsetup.h) for more info.
|