mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-05 16:00:05 +01:00
3106b4e2c1
Reported by `git ls-tree -rz --name-only | grep -Evz -e '\.(pdf|xz)$' -e ^po/ | xargs -r0 spellintian --`. All changes are documentation-related (comments, manuals, etc.) except for s/fial/fail/ in tests/unit-wipe-test. The remaining entry are AFAICT all false positives, mostly annotations such as `@param name name of xyz` or `struct foo foo`: $ git ls-tree -rz HEAD --name-only | grep -Evz -e '\.(pdf|xz)$' -e ^po/ | xargs -r0 spellintian -- COPYING.LGPL: "GNU Library Public License" -> "GNU Library General Public License" autogen.sh: echo echo (duplicate word) -> echo configure.ac: fi fi (duplicate word) -> fi docs/v1.7.2-ReleaseNotes: option option (duplicate word) -> option lib/crypto_backend/cipher_check.c: block block (duplicate word) -> block lib/libcryptsetup.h: name name (duplicate word) -> name lib/libcryptsetup.h: type type (duplicate word) -> type lib/libcryptsetup.h: passphrase passphrase (duplicate word) -> passphrase lib/libcryptsetup.h: flags flags (duplicate word) -> flags lib/libcryptsetup.h: password password (duplicate word) -> password lib/libcryptsetup.h: salt salt (duplicate word) -> salt lib/libcryptsetup.h: keyslot keyslot (duplicate word) -> keyslot lib/libcryptsetup.h: priority priority (duplicate word) -> priority lib/libcryptsetup.h: offset offset (duplicate word) -> offset lib/libcryptsetup.h: length length (duplicate word) -> length lib/libcryptsetup.h: keyfile keyfile (duplicate word) -> keyfile lib/libcryptsetup.h: token token (duplicate word) -> token lib/libcryptsetup.h: cipher cipher (duplicate word) -> cipher lib/libcryptsetup.h: size size (duplicate word) -> size lib/luks2/luks2_json_metadata.c: long long (duplicate word) -> long lib/luks2/luks2_keyslot_luks2.c: AFEKSize AFEKSize (duplicate word) -> AFEKSize lib/luks2/luks2_reencrypt.c: alignment alignment (duplicate word) -> alignment lib/luks2/luks2_reencrypt_digest.c: ptr ptr (duplicate word) -> ptr lib/luks2/luks2_reencrypt_digest.c: buffer buffer (duplicate word) -> buffer lib/luks2/luks2_segment.c: min min (duplicate word) -> min lib/verity/verity_fec.c: blocks blocks (duplicate word) -> blocks man/cryptsetup.8.adoc: LUKS LUKS (duplicate word) -> LUKS scripts/cryptsetup.conf.in: root root (duplicate word) -> root src/Makemodule.am: endif endif (duplicate word) -> endif src/cryptsetup.c: long long (duplicate word) -> long src/utils_args.c: long long (duplicate word) -> long tests/compat-test2: fi fi (duplicate word) -> fi tests/device-test: echo echo (duplicate word) -> echo tests/differ.c: long long (duplicate word) -> long tests/loopaes-test: done done (duplicate word) -> done tests/luks2-integrity-test: aead aead (duplicate word) -> aead tests/luks2-reencryption-test: fi fi (duplicate word) -> fi tests/mode-test: done done (duplicate word) -> done tests/password-hash-test: cat cat (duplicate word) -> cat tests/password-hash-test: fi fi (duplicate word) -> fi tests/unit-wipe.c: long long (duplicate word) -> long tests/verity-compat-test: done done (duplicate word) -> done tests/verity-compat-test: fi fi (duplicate word) -> fi tokens/ssh/cryptsetup-ssh.c: argp argp (duplicate word) -> argp tokens/ssh/cryptsetup-ssh.c: arguments arguments (duplicate word) -> arguments (Treated COPYING.LGPL as a false positive too since it's the exact text from https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html .)
63 lines
2.3 KiB
Plaintext
63 lines
2.3 KiB
Plaintext
Cryptsetup 1.4.3 Release Notes
|
|
==============================
|
|
|
|
Changes since version 1.4.2
|
|
|
|
* Fix readonly activation if underlying device is readonly (1.4.0).
|
|
|
|
* Fix loop mapping on readonly file.
|
|
|
|
* Include stddef.h in libdevmapper.h (size_t definition).
|
|
|
|
* Fix keyslot removal for device with 4k hw block (1.4.0).
|
|
(Wipe keyslot failed in this case.)
|
|
|
|
* Relax --shared flag to allow mapping even for overlapping segments.
|
|
|
|
The --shared flag (and API CRYPT_ACTIVATE_SHARED flag) is now able
|
|
to map arbitrary overlapping area. From API it is even usable
|
|
for LUKS devices.
|
|
It is user responsibility to not cause data corruption though.
|
|
|
|
This allows e.g. scubed to work again and also allows some
|
|
tricky extensions later.
|
|
|
|
* Allow empty cipher (cipher_null) for testing.
|
|
|
|
You can now use "null" (or directly cipher_null-ecb) in cryptsetup.
|
|
This means no encryption, useful for performance tests
|
|
(measure dm-crypt layer overhead).
|
|
|
|
* Switch on retry on device remove for libdevmapper.
|
|
Device-mapper now retry removal if device is busy.
|
|
|
|
* Allow "private" activation (skip some udev global rules) flag.
|
|
Cryptsetup library API now allows one to specify CRYPT_ACTIVATE_PRIVATE,
|
|
which means that some udev rules are not processed.
|
|
(Used for temporary devices, like internal keyslot mappings where
|
|
it is not desirable to run any device scans.)
|
|
|
|
* This release also includes some Red Hat/Fedora specific extensions
|
|
related to FIPS140-2 compliance.
|
|
|
|
In fact, all these patches are more formal changes and are just subset
|
|
of building blocks for FIPS certification. See FAQ for more details
|
|
about FIPS.
|
|
|
|
FIPS extensions are enabled by using --enable-fips configure switch.
|
|
|
|
In FIPS mode (kernel booted with fips=1 and gcrypt in FIPS mode)
|
|
|
|
- it provides library and binary integrity verification using
|
|
libfipscheck (requires pre-generated checksums)
|
|
|
|
- it uses FIPS approved RNG for encryption key and salt generation
|
|
(note that using /dev/random is not formally FIPS compliant RNG).
|
|
|
|
- only gcrypt crypto backend is currently supported in FIPS mode.
|
|
|
|
The FIPS RNG requirement for salt comes from NIST SP 800-132 recommendation.
|
|
(Recommendation for Password-Based Key Derivation. Part 1: Storage Applications.
|
|
http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf)
|
|
LUKS should be aligned to this recommendation otherwise.
|