mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-06 00:10:04 +01:00
3106b4e2c1
Reported by `git ls-tree -rz --name-only | grep -Evz -e '\.(pdf|xz)$' -e ^po/ | xargs -r0 spellintian --`. All changes are documentation-related (comments, manuals, etc.) except for s/fial/fail/ in tests/unit-wipe-test. The remaining entry are AFAICT all false positives, mostly annotations such as `@param name name of xyz` or `struct foo foo`: $ git ls-tree -rz HEAD --name-only | grep -Evz -e '\.(pdf|xz)$' -e ^po/ | xargs -r0 spellintian -- COPYING.LGPL: "GNU Library Public License" -> "GNU Library General Public License" autogen.sh: echo echo (duplicate word) -> echo configure.ac: fi fi (duplicate word) -> fi docs/v1.7.2-ReleaseNotes: option option (duplicate word) -> option lib/crypto_backend/cipher_check.c: block block (duplicate word) -> block lib/libcryptsetup.h: name name (duplicate word) -> name lib/libcryptsetup.h: type type (duplicate word) -> type lib/libcryptsetup.h: passphrase passphrase (duplicate word) -> passphrase lib/libcryptsetup.h: flags flags (duplicate word) -> flags lib/libcryptsetup.h: password password (duplicate word) -> password lib/libcryptsetup.h: salt salt (duplicate word) -> salt lib/libcryptsetup.h: keyslot keyslot (duplicate word) -> keyslot lib/libcryptsetup.h: priority priority (duplicate word) -> priority lib/libcryptsetup.h: offset offset (duplicate word) -> offset lib/libcryptsetup.h: length length (duplicate word) -> length lib/libcryptsetup.h: keyfile keyfile (duplicate word) -> keyfile lib/libcryptsetup.h: token token (duplicate word) -> token lib/libcryptsetup.h: cipher cipher (duplicate word) -> cipher lib/libcryptsetup.h: size size (duplicate word) -> size lib/luks2/luks2_json_metadata.c: long long (duplicate word) -> long lib/luks2/luks2_keyslot_luks2.c: AFEKSize AFEKSize (duplicate word) -> AFEKSize lib/luks2/luks2_reencrypt.c: alignment alignment (duplicate word) -> alignment lib/luks2/luks2_reencrypt_digest.c: ptr ptr (duplicate word) -> ptr lib/luks2/luks2_reencrypt_digest.c: buffer buffer (duplicate word) -> buffer lib/luks2/luks2_segment.c: min min (duplicate word) -> min lib/verity/verity_fec.c: blocks blocks (duplicate word) -> blocks man/cryptsetup.8.adoc: LUKS LUKS (duplicate word) -> LUKS scripts/cryptsetup.conf.in: root root (duplicate word) -> root src/Makemodule.am: endif endif (duplicate word) -> endif src/cryptsetup.c: long long (duplicate word) -> long src/utils_args.c: long long (duplicate word) -> long tests/compat-test2: fi fi (duplicate word) -> fi tests/device-test: echo echo (duplicate word) -> echo tests/differ.c: long long (duplicate word) -> long tests/loopaes-test: done done (duplicate word) -> done tests/luks2-integrity-test: aead aead (duplicate word) -> aead tests/luks2-reencryption-test: fi fi (duplicate word) -> fi tests/mode-test: done done (duplicate word) -> done tests/password-hash-test: cat cat (duplicate word) -> cat tests/password-hash-test: fi fi (duplicate word) -> fi tests/unit-wipe.c: long long (duplicate word) -> long tests/verity-compat-test: done done (duplicate word) -> done tests/verity-compat-test: fi fi (duplicate word) -> fi tokens/ssh/cryptsetup-ssh.c: argp argp (duplicate word) -> argp tokens/ssh/cryptsetup-ssh.c: arguments arguments (duplicate word) -> arguments (Treated COPYING.LGPL as a false positive too since it's the exact text from https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html .)
85 lines
3.3 KiB
Plaintext
85 lines
3.3 KiB
Plaintext
Cryptsetup 1.6.7 Release Notes
|
|
==============================
|
|
|
|
Changes since version 1.6.6
|
|
|
|
* Cryptsetup git and wiki are now hosted on GitLab.
|
|
https://gitlab.com/cryptsetup/cryptsetup
|
|
|
|
Repository of stable releases remains on kernel.org site
|
|
https://www.kernel.org/pub/linux/utils/cryptsetup/
|
|
|
|
For more info please see README file.
|
|
|
|
* Cryptsetup TCRYPT mode now supports VeraCrypt devices (TrueCrypt extension).
|
|
|
|
The VeraCrypt extension only increases iteration count for the key
|
|
derivation function (on-disk format is the same as TrueCrypt format).
|
|
|
|
Note that unlocking of a VeraCrypt device can take very long time if used
|
|
on slow machines.
|
|
|
|
To use this extension, add --veracrypt option, for example
|
|
cryptsetup open --type tcrypt --veracrypt <container> <name>
|
|
|
|
For use through libcryptsetup, just add CRYPT_TCRYPT_VERA_MODES flag.
|
|
|
|
* Support keyfile-offset and keyfile-size options even for plain volumes.
|
|
|
|
* Support keyfile option for luksAddKey if the master key is specified.
|
|
|
|
* For historic reasons, hashing in the plain mode is not used
|
|
if keyfile is specified (with exception of --key-file=-).
|
|
Print a warning if these parameters are ignored.
|
|
|
|
* Support permanent device decryption for cryptsetup-reencrypt.
|
|
To remove LUKS encryption from a device, you can now use --decrypt option.
|
|
|
|
* Allow one to use --header option in all LUKS commands.
|
|
The --header always takes precedence over positional device argument.
|
|
|
|
* Allow luksSuspend without need to specify a detached header.
|
|
|
|
* Detect if O_DIRECT is usable on a device allocation.
|
|
There are some strange storage stack configurations which wrongly allows
|
|
one to open devices with direct-io but fails on all IO operations later.
|
|
|
|
Cryptsetup now tries to read the device first sector to ensure it can use
|
|
direct-io.
|
|
|
|
* Add low-level performance options tuning for dmcrypt (for Linux 4.0 and later).
|
|
|
|
Linux kernel 4.0 contains rewritten dmcrypt code which tries to better utilize
|
|
encryption on parallel CPU cores.
|
|
|
|
While tests show that this change increases performance on most configurations,
|
|
dmcrypt now provides some switches to change its new behavior.
|
|
|
|
You can use them (per-device) with these cryptsetup switches:
|
|
--perf-same_cpu_crypt
|
|
--perf-submit_from_crypt_cpus
|
|
|
|
Please use these only in the case of serious performance problems.
|
|
Refer to the cryptsetup man page and dm-crypt documentation
|
|
(for same_cpu_crypt and submit_from_crypt_cpus options).
|
|
https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt
|
|
|
|
* Get rid of libfipscheck library.
|
|
(Note that this option was used only for Red Hat and derived distributions.)
|
|
With recent FIPS changes we do not need to link to this FIPS monster anymore.
|
|
Also drop some no longer needed FIPS mode checks.
|
|
|
|
* Many fixes and clarifications to man pages.
|
|
|
|
* Prevent compiler to optimize-out zeroing of buffers for on-stack variables.
|
|
|
|
* Fix a crash if non-GNU strerror_r is used.
|
|
|
|
Cryptsetup API NOTE:
|
|
The direct terminal handling for passphrase entry will be removed from
|
|
libcryptsetup in next major version (application should handle it itself).
|
|
|
|
It means that you have to always either provide password in buffer or set
|
|
your own password callback function through crypt_set_password_callback().
|
|
See API documentation (or libcryptsetup.h) for more info.
|