blob: be9ffeab91704963c76768c1b3a81c12feefdf5c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
cryptsetup (2:2.0.3-2) unstable; urgency=medium
The 'decrypt_openct' keyscript has been removed, since openct itself
is no longer developed and was removed from Debian since Jessie.
In order to defeat online brute-force attacks, the initramfs boot
script sleeps for 1 second after each failed try. On the other
hand, it no longer sleeps for a full minute after exceeding the
maximum number of unlocking tries. This behavior was added in
2:1.7.3-2 as an attempt to mitigate CVE-2016-4484; to avoid dropping
to the debug shell after exceeding the maximum number of unlocking
tries, users need to use the 'panic' boot parameter and lock down
their boot loader & BIOS/UEFI.
The initramfs hook nows uses /proc/mounts instead of /etc/fstab to
detect the root device that is to be unlocked at initramfs stage.
The 'precheck' crypttab(5) option is no longer supported. The
precheck for LUKS devices is still hardcoded to `cryptsetup isLuks`;
the script refuses to unlock non-LUKS devices (plain dm-crypt and
tcrypt devices) containing a known filesystem (other that swap).
-- Guilhem Moulin <guilhem@debian.org> Tue, 22 May 2018 01:47:21 +0200
cryptsetup (2:2.0.3-1) unstable; urgency=medium
With this version, cryptsetup has been split into cryptsetup-run
(init script) and cryptsetup-initramfs (initramfs integration).
'cryptsetup' is now a transitional dummy package depending on
cryptsetup-run and cryptsetup-initramfs.
-- Guilhem Moulin <guilhem@debian.org> Wed, 16 May 2018 23:39:20 +0200
|
