37 lines
1.3 KiB
Text
37 lines
1.3 KiB
Text
Cryptsetup 2.4.2 Release Notes
|
|
==============================
|
|
Stable bug-fix release.
|
|
|
|
All users of cryptsetup 2.4.1 should upgrade to this version.
|
|
|
|
Changes since version 2.4.1
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
* Fix possible large memory allocation if LUKS2 header size is invalid.
|
|
LUKS2 code read the full header to buffer to verify the checksum.
|
|
The maximal supported header size now limits the memory allocation.
|
|
|
|
* Fix memory corruption in debug message printing LUKS2 checksum.
|
|
|
|
* veritysetup: remove link to the UUID library for the static build.
|
|
|
|
* Remove link to pwquality library for integritysetup and veritysetup.
|
|
These tools do not read passphrases.
|
|
|
|
* OpenSSL3 backend: avoid remaining deprecated calls in API.
|
|
Crypto backend no longer use API deprecated in OpenSSL 3.0
|
|
|
|
|
|
* Check if kernel device-mapper create device failed in an early phase.
|
|
This happens when a concurrent creation of device-mapper devices
|
|
meets in the very early state.
|
|
|
|
* Do not set compiler optimization flag for Argon2 KDF if the memory
|
|
wipe is implemented in libc.
|
|
|
|
* Do not attempt to unload LUKS2 tokens if external tokens are disabled.
|
|
This allows building a static binary with --disable-external-tokens.
|
|
|
|
* LUKS convert: also check sysfs for device activity.
|
|
If udev symlink is missing, code fallbacks to sysfs scan to prevent
|
|
data corruption for the active device.
|