summaryrefslogtreecommitdiffstats
path: root/docs/v1.6.4-ReleaseNotes
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 08:06:26 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 08:06:26 +0000
commit1660d4b7a65d9ad2ce0deaa19d35579ca4084ac5 (patch)
tree6cf8220b628ebd2ccfc1375dd6516c6996e9abcc /docs/v1.6.4-ReleaseNotes
parentInitial commit. (diff)
downloadcryptsetup-upstream.tar.xz
cryptsetup-upstream.zip
Adding upstream version 2:2.6.1.upstream/2%2.6.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--docs/v1.6.4-ReleaseNotes57
1 files changed, 57 insertions, 0 deletions
diff --git a/docs/v1.6.4-ReleaseNotes b/docs/v1.6.4-ReleaseNotes
new file mode 100644
index 0000000..010ba5f
--- /dev/null
+++ b/docs/v1.6.4-ReleaseNotes
@@ -0,0 +1,57 @@
+Cryptsetup 1.6.4 Release Notes
+==============================
+
+Changes since version 1.6.3
+
+* Implement new erase (with alias luksErase) command.
+
+ The erase cryptsetup command can be used to permanently erase
+ all keyslots and make the LUKS container inaccessible.
+ (The only way to unlock such device is to use LUKS header backup
+ created before erase command was used.)
+
+ You do not need to provide any password for this operation.
+
+ This operation is irreversible.
+
+* Add internal "whirlpool_gcryptbug hash" for accessing flawed
+ Whirlpool hash in gcrypt (requires gcrypt 1.6.1 or above).
+
+ The gcrypt version of Whirlpool hash algorithm was flawed in some
+ situations.
+
+ This means that if you used Whirlpool in LUKS header and upgraded
+ to new gcrypt library your LUKS container become inaccessible.
+
+ Please refer to cryptsetup FAQ for detail how to fix this situation.
+
+* Allow one to use --disable-gcrypt-pbkdf2 during configuration
+ to force use internal PBKDF2 code.
+
+* Require gcrypt 1.6.1 for imported implementation of PBKDF2
+ (PBKDF2 in gcrypt 1.6.0 is too slow).
+
+* Add --keep-key to cryptsetup-reencrypt.
+
+ This allows change of LUKS header hash (and iteration count) without
+ the need to reencrypt the whole data area.
+ (Reencryption of LUKS header only without master key change.)
+
+* By default verify new passphrase in luksChangeKey and luksAddKey
+ commands (if input is from terminal).
+
+* Fix memory leak in Nettle crypto backend.
+
+* Support --tries option even for TCRYPT devices in cryptsetup.
+
+* Support --allow-discards option even for TCRYPT devices.
+ (Note that this could destroy hidden volume and it is not suggested
+ by original TrueCrypt security model.)
+
+* Link against -lrt for clock_gettime to fix undefined reference
+ to clock_gettime error (introduced in 1.6.2).
+
+* Fix misleading error message when some algorithms are not available.
+
+* Count system time in PBKDF2 benchmark if kernel returns no self usage info.
+ (Workaround to broken getrusage() syscall with some hypervisors.)