summaryrefslogtreecommitdiffstats
path: root/debian/cryptsetup.NEWS
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 17:44:13 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 17:44:13 +0000
commit1103cc2d299a0f29631f9f5322d93efcca8098c7 (patch)
tree656763a55c9de10b1de70761e3d0b8d44056af1d /debian/cryptsetup.NEWS
parentAdding upstream version 2:2.3.7. (diff)
downloadcryptsetup-debian.tar.xz
cryptsetup-debian.zip
Adding debian version 2:2.3.7-1+deb11u1.debian/2%2.3.7-1+deb11u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/cryptsetup.NEWS')
-rw-r--r--debian/cryptsetup.NEWS50
1 files changed, 50 insertions, 0 deletions
diff --git a/debian/cryptsetup.NEWS b/debian/cryptsetup.NEWS
new file mode 100644
index 0000000..30f7ae9
--- /dev/null
+++ b/debian/cryptsetup.NEWS
@@ -0,0 +1,50 @@
+cryptsetup (2:2.1.0-7) unstable; urgency=low
+
+ The 'cryptsetup' and 'cryptsetup-run' packages have been swapped:
+ 'cryptsetup' now contains init scripts, libraries, keyscripts, etc.,
+ while 'cryptsetup-run' is a transitional dummy package depending on
+ 'cryptsetup'.
+
+ On systems which do rely on the initramfs integration, one can mark
+ 'cryptsetup-initramfs' as being manually installed (so APT never
+ selects it for auto-removal) with the following command:
+
+ apt-mark manual cryptsetup-initramfs
+
+ On the other hand, the 'cryptsetup-initramfs' package can be safely
+ removed on systems not relying on initramfs integration.
+
+ -- Guilhem Moulin <guilhem@debian.org> Sun, 21 Jul 2019 17:08:52 -0300
+
+cryptsetup (2:2.0.3-2) unstable; urgency=medium
+
+ The 'decrypt_openct' keyscript has been removed, since openct itself
+ is no longer developed and was removed from Debian since Jessie.
+
+ In order to defeat online brute-force attacks, the initramfs boot
+ script sleeps for 1 second after each failed try. On the other
+ hand, it no longer sleeps for a full minute after exceeding the
+ maximum number of unlocking tries. This behavior was added in
+ 2:1.7.3-2 as an attempt to mitigate CVE-2016-4484; to avoid dropping
+ to the debug shell after exceeding the maximum number of unlocking
+ tries, users need to use the 'panic' boot parameter and lock down
+ their boot loader & BIOS/UEFI.
+
+ The initramfs hook nows uses /proc/mounts instead of /etc/fstab to
+ detect the root device that is to be unlocked at initramfs stage.
+
+ The 'precheck' crypttab(5) option is no longer supported. The
+ precheck for LUKS devices is still hardcoded to `cryptsetup isLuks`;
+ the script refuses to unlock non-LUKS devices (plain dm-crypt and
+ tcrypt devices) containing a known filesystem (other that swap).
+
+ -- Guilhem Moulin <guilhem@debian.org> Tue, 22 May 2018 01:47:21 +0200
+
+cryptsetup (2:2.0.3-1) unstable; urgency=medium
+
+ With this version, cryptsetup has been split into cryptsetup-run
+ (init script) and cryptsetup-initramfs (initramfs integration).
+ 'cryptsetup' is now a transitional dummy package depending on
+ cryptsetup-run and cryptsetup-initramfs.
+
+ -- Guilhem Moulin <guilhem@debian.org> Wed, 16 May 2018 23:39:20 +0200