diff options
Diffstat (limited to 'docs/v1.2.0-ReleaseNotes')
-rw-r--r-- | docs/v1.2.0-ReleaseNotes | 126 |
1 files changed, 126 insertions, 0 deletions
diff --git a/docs/v1.2.0-ReleaseNotes b/docs/v1.2.0-ReleaseNotes new file mode 100644 index 0000000..f3061d9 --- /dev/null +++ b/docs/v1.2.0-ReleaseNotes @@ -0,0 +1,126 @@ +Cryptsetup 1.2.0 Release Notes +============================== + +Changes since version 1.2.0-rc1 + + * Fix crypt_activate_by_keyfile() to work with PLAIN devices. + * Fix plain create command to properly handle keyfile size. + * Update translations. + +Changes since version 1.1.3 + +Important changes +~~~~~~~~~~~~~~~~~ + + * Add text version of *FAQ* (Frequently Asked Questions) to distribution. + + * Add selection of random/urandom number generator for luksFormat + (option --use-random and --use-urandom). + + (This affects only long term volume key in *luksFormat*, + not RNG used for salt and AF splitter). + + You can also set the default to /dev/random during compilation with + --enable-dev-random. Compiled-in default is printed in --help output. + + Be very careful before changing default to blocking /dev/random use here. + + * Fix *luksRemoveKey* to not ask for remaining keyslot passphrase, + only for removed one. + + * No longer support *luksDelKey* (replaced with luksKillSlot). + * if you want to remove particular passphrase, use *luksKeyRemove* + * if you want to remove particular keyslot, use *luksKillSlot* + + Note that in batch mode *luksKillSlot* allows removing of any keyslot + without question, in normal mode requires passphrase or keyfile from + other keyslot. + + * *Default alignment* for device (if not overridden by topology info) + is now (multiple of) *1MiB*. + This reflects trends in storage technologies and aligns to the same + defaults for partitions and volume management. + + * Allow explicit UUID setting in *luksFormat* and allow change it later + in *luksUUID* (--uuid parameter). + + * All commands using key file now allows limited read from keyfile using + --keyfile-size and --new-keyfile-size parameters (in bytes). + + This change also disallows overloading of --key-size parameter which + is now exclusively used for key size specification (in bits.) + + * *luksFormat* using pre-generated master key now properly allows + using key file (only passphrase was allowed prior to this update). + + * Add --dump-master-key option for *luksDump* to perform volume (master) + key dump. Note that printed information allows accessing device without + passphrase so it must be stored encrypted. + + This operation is useful for simple Key Escrow function (volume key and + encryption parameters printed on paper on safe place). + + This operation requires passphrase or key file. + + * The reload command is no longer supported. + (Use dmsetup reload instead if needed. There is no real use for this + function except explicit data corruption:-) + + * Cryptsetup now properly checks if underlying device is in use and + disallows *luksFormat*, *luksOpen* and *create* commands on open + (e.g. already mapped or mounted) device. + + * Option --non-exclusive (already deprecated) is removed. + +Libcryptsetup API additions: + + * new functions + * crypt_get_type() - explicit query to crypt device context type + * crypt_resize() - new resize command using context + * crypt_keyslot_max() - helper to get number of supported keyslots + * crypt_get_active_device() - get active device info + * crypt_set/get_rng_type() - random/urandom RNG setting + * crypt_set_uuid() - explicit UUID change of existing device + * crypt_get_device_name() - get underlying device name + + * Fix optional password callback handling. + + * Allow to activate by internally cached volume key immediately after + crypt_format() without active slot (for temporary devices with + on-disk metadata) + + * libcryptsetup is binary compatible with 1.1.x release and still + supports legacy API calls + + * cryptsetup binary now uses only new API calls. + + * Static compilation of both library (--enable-static) and cryptsetup + binary (--enable-static-cryptsetup) is now properly implemented by common + libtool logic. + + Prior to this it produced miscompiled dynamic cryptsetup binary with + statically linked libcryptsetup. + + The static binary is compiled as src/cryptsetup.static in parallel + with dynamic build if requested. + +Other changes +~~~~~~~~~~~~~ + * Fix default plain password entry from terminal in activate_by_passphrase. + * Initialize volume key from active device in crypt_init_by_name() + * Fix cryptsetup binary exit codes. + 0 - success, otherwise fail + 1 - wrong parameters + 2 - no permission + 3 - out of memory + 4 - wrong device specified + 5 - device already exists or device is busy + * Remove some obsolete info from man page. + * Add more regression tests for commands. + * Fix possible double free when handling master key file. + * Fix pkg-config use in automake scripts. + * Wipe iteration and salt after luksKillSlot in LUKS header. + * Rewrite file differ test to C (and fix it to really work). + * Do not query non-existent device twice (cryptsetup status /dev/nonexistent). + * Check if requested hash is supported before writing LUKS header. + * Fix problems reported by clang scan-build. |