1 files changed, 32 insertions, 0 deletions

diff --git a/debian/cryptsetup.NEWS b/debian/cryptsetup.NEWS
new file mode 100644
index 0000000..be9ffea
--- /dev/null
+++ b/debian/cryptsetup.NEWS
@@ -0,0 +1,32 @@
+cryptsetup (2:2.0.3-2) unstable; urgency=medium
+
+    The 'decrypt_openct' keyscript has been removed, since openct itself
+    is no longer developed and was removed from Debian since Jessie.
+
+    In order to defeat online brute-force attacks, the initramfs boot
+    script sleeps for 1 second after each failed try.  On the other
+    hand, it no longer sleeps for a full minute after exceeding the
+    maximum number of unlocking tries.  This behavior was added in
+    2:1.7.3-2 as an attempt to mitigate CVE-2016-4484; to avoid dropping
+    to the debug shell after exceeding the maximum number of unlocking
+    tries, users need to use the 'panic' boot parameter and lock down
+    their boot loader & BIOS/UEFI.
+
+    The initramfs hook nows uses /proc/mounts instead of /etc/fstab to
+    detect the root device that is to be unlocked at initramfs stage.
+
+    The 'precheck' crypttab(5) option is no longer supported.  The
+    precheck for LUKS devices is still hardcoded to `cryptsetup isLuks`;
+    the script refuses to unlock non-LUKS devices (plain dm-crypt and
+    tcrypt devices) containing a known filesystem (other that swap).
+
+ -- Guilhem Moulin <guilhem@debian.org>  Tue, 22 May 2018 01:47:21 +0200
+
+cryptsetup (2:2.0.3-1) unstable; urgency=medium
+
+    With this version, cryptsetup has been split into cryptsetup-run
+    (init script) and cryptsetup-initramfs (initramfs integration).
+    'cryptsetup' is now a transitional dummy package depending on
+    cryptsetup-run and cryptsetup-initramfs.
+
+ -- Guilhem Moulin <guilhem@debian.org>  Wed, 16 May 2018 23:39:20 +0200