diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 17:44:13 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 17:44:13 +0000 |
commit | 1103cc2d299a0f29631f9f5322d93efcca8098c7 (patch) | |
tree | 656763a55c9de10b1de70761e3d0b8d44056af1d /debian/cryptsetup.NEWS | |
parent | Adding upstream version 2:2.3.7. (diff) | |
download | cryptsetup-debian.tar.xz cryptsetup-debian.zip |
Adding debian version 2:2.3.7-1+deb11u1.debian/2%2.3.7-1+deb11u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/cryptsetup.NEWS')
-rw-r--r-- | debian/cryptsetup.NEWS | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/debian/cryptsetup.NEWS b/debian/cryptsetup.NEWS new file mode 100644 index 0000000..30f7ae9 --- /dev/null +++ b/debian/cryptsetup.NEWS @@ -0,0 +1,50 @@ +cryptsetup (2:2.1.0-7) unstable; urgency=low + + The 'cryptsetup' and 'cryptsetup-run' packages have been swapped: + 'cryptsetup' now contains init scripts, libraries, keyscripts, etc., + while 'cryptsetup-run' is a transitional dummy package depending on + 'cryptsetup'. + + On systems which do rely on the initramfs integration, one can mark + 'cryptsetup-initramfs' as being manually installed (so APT never + selects it for auto-removal) with the following command: + + apt-mark manual cryptsetup-initramfs + + On the other hand, the 'cryptsetup-initramfs' package can be safely + removed on systems not relying on initramfs integration. + + -- Guilhem Moulin <guilhem@debian.org> Sun, 21 Jul 2019 17:08:52 -0300 + +cryptsetup (2:2.0.3-2) unstable; urgency=medium + + The 'decrypt_openct' keyscript has been removed, since openct itself + is no longer developed and was removed from Debian since Jessie. + + In order to defeat online brute-force attacks, the initramfs boot + script sleeps for 1 second after each failed try. On the other + hand, it no longer sleeps for a full minute after exceeding the + maximum number of unlocking tries. This behavior was added in + 2:1.7.3-2 as an attempt to mitigate CVE-2016-4484; to avoid dropping + to the debug shell after exceeding the maximum number of unlocking + tries, users need to use the 'panic' boot parameter and lock down + their boot loader & BIOS/UEFI. + + The initramfs hook nows uses /proc/mounts instead of /etc/fstab to + detect the root device that is to be unlocked at initramfs stage. + + The 'precheck' crypttab(5) option is no longer supported. The + precheck for LUKS devices is still hardcoded to `cryptsetup isLuks`; + the script refuses to unlock non-LUKS devices (plain dm-crypt and + tcrypt devices) containing a known filesystem (other that swap). + + -- Guilhem Moulin <guilhem@debian.org> Tue, 22 May 2018 01:47:21 +0200 + +cryptsetup (2:2.0.3-1) unstable; urgency=medium + + With this version, cryptsetup has been split into cryptsetup-run + (init script) and cryptsetup-initramfs (initramfs integration). + 'cryptsetup' is now a transitional dummy package depending on + cryptsetup-run and cryptsetup-initramfs. + + -- Guilhem Moulin <guilhem@debian.org> Wed, 16 May 2018 23:39:20 +0200 |