diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 08:06:26 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 08:06:26 +0000 |
commit | 1660d4b7a65d9ad2ce0deaa19d35579ca4084ac5 (patch) | |
tree | 6cf8220b628ebd2ccfc1375dd6516c6996e9abcc /docs/v2.6.1-ReleaseNotes | |
parent | Initial commit. (diff) | |
download | cryptsetup-upstream.tar.xz cryptsetup-upstream.zip |
Adding upstream version 2:2.6.1.upstream/2%2.6.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'docs/v2.6.1-ReleaseNotes')
-rw-r--r-- | docs/v2.6.1-ReleaseNotes | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/docs/v2.6.1-ReleaseNotes b/docs/v2.6.1-ReleaseNotes new file mode 100644 index 0000000..82012b9 --- /dev/null +++ b/docs/v2.6.1-ReleaseNotes @@ -0,0 +1,50 @@ +Cryptsetup 2.6.1 Release Notes +============================== +Stable bug-fix release with minor extensions. + +All users of cryptsetup 2.6.0 should upgrade to this version. + +Changes since version 2.6.0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* bitlk: Fixes for BitLocker-compatible on-disk metadata parser + (found by new cryptsetup OSS-Fuzz fuzzers). + - Fix a possible memory leak if the metadata contains more than + one description field. + - Harden parsing of metadata entries for key and description entries. + - Fix broken metadata parsing that can cause a crash or out of memory. + +* Fix possible iteration overflow in OpenSSL2 PBKDF2 crypto backend. + OpenSSL2 uses a signed integer for PBKDF2 iteration count. + As cryptsetup uses an unsigned value, this can lead to overflow and + a decrease in the actual iteration count. + This situation can happen only if the user specifies + --pbkdf-force-iterations option. + OpenSSL3 (and other supported crypto backends) are not affected. + +* Fix compilation for new ISO C standards (gcc with -std=c11 and higher). + +* fvault2: Fix compilation with very old uuid.h. + +* verity: Fix possible hash offset setting overflow. + +* bitlk: Fix use of startup BEK key on big-endian platforms. + +* Fix compilation with latest musl library. + Recent musl no longer implements lseek64() in some configurations. + Use lseek() as 64-bit offset is mandatory for cryptsetup. + +* Do not initiate encryption (reencryption command) when the header and + data devices are the same. + If data device reduction is not requsted, this leads to data corruption + since LUKS metadata was written over the data device. + +* Fix possible memory leak if crypt_load() fails. + +* Always use passphrases with a minimal 8 chars length for benchmarking. + Some enterprise distributions decided to set an unconditional check + for PBKDF2 password length when running in FIPS mode. + This questionable change led to unexpected failures during LUKS format + and keyslot operations, where short passwords were used for + benchmarking PBKDF2 speed. + PBKDF2 benchmark calculations should not be affected by this change. |