diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 17:44:12 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 17:44:12 +0000 |
commit | 1be69c2c660b70ac2f4de2a5326e27e3e60eb82d (patch) | |
tree | bb299ab6f411f4fccd735907035de710e4ec6abc /docs/v1.6.4-ReleaseNotes | |
parent | Initial commit. (diff) | |
download | cryptsetup-1be69c2c660b70ac2f4de2a5326e27e3e60eb82d.tar.xz cryptsetup-1be69c2c660b70ac2f4de2a5326e27e3e60eb82d.zip |
Adding upstream version 2:2.3.7.upstream/2%2.3.7upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | docs/v1.6.4-ReleaseNotes | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/docs/v1.6.4-ReleaseNotes b/docs/v1.6.4-ReleaseNotes new file mode 100644 index 0000000..ebc71cb --- /dev/null +++ b/docs/v1.6.4-ReleaseNotes @@ -0,0 +1,57 @@ +Cryptsetup 1.6.4 Release Notes +============================== + +Changes since version 1.6.3 + +* Implement new erase (with alias luksErase) command. + + The erase cryptsetup command can be used to permanently erase + all keyslots and make the LUKS container inaccessible. + (The only way to unlock such device is to use LUKS header backup + created before erase command was used.) + + You do not need to provide any password for this operation. + + This operation is irreversible. + +* Add internal "whirlpool_gcryptbug hash" for accessing flawed + Whirlpool hash in gcrypt (requires gcrypt 1.6.1 or above). + + The gcrypt version of Whirlpool hash algorithm was flawed in some + situations. + + This means that if you used Whirlpool in LUKS header and upgraded + to new gcrypt library your LUKS container become inaccessible. + + Please refer to cryptsetup FAQ for detail how to fix this situation. + +* Allow to use --disable-gcrypt-pbkdf2 during configuration + to force use internal PBKDF2 code. + +* Require gcrypt 1.6.1 for imported implementation of PBKDF2 + (PBKDF2 in gcrypt 1.6.0 is too slow). + +* Add --keep-key to cryptsetup-reencrypt. + + This allows change of LUKS header hash (and iteration count) without + the need to reencrypt the whole data area. + (Reencryption of LUKS header only without master key change.) + +* By default verify new passphrase in luksChangeKey and luksAddKey + commands (if input is from terminal). + +* Fix memory leak in Nettle crypto backend. + +* Support --tries option even for TCRYPT devices in cryptsetup. + +* Support --allow-discards option even for TCRYPT devices. + (Note that this could destroy hidden volume and it is not suggested + by original TrueCrypt security model.) + +* Link against -lrt for clock_gettime to fix undefined reference + to clock_gettime error (introduced in 1.6.2). + +* Fix misleading error message when some algorithms are not available. + +* Count system time in PBKDF2 benchmark if kernel returns no self usage info. + (Workaround to broken getrusage() syscall with some hypervisors.) |