summaryrefslogtreecommitdiffstats
path: root/debian/cryptsetup.NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'debian/cryptsetup.NEWS')
-rw-r--r--debian/cryptsetup.NEWS62
1 files changed, 62 insertions, 0 deletions
diff --git a/debian/cryptsetup.NEWS b/debian/cryptsetup.NEWS
new file mode 100644
index 0000000..8bf645b
--- /dev/null
+++ b/debian/cryptsetup.NEWS
@@ -0,0 +1,62 @@
+cryptsetup (2:2.5.0~rc1-3) experimental; urgency=medium
+
+ The experimental SSH token handler and cryptsetup-ssh(8) utility are now
+ shipped in a separate binary package 'cryptsetup-ssh'. (They were first
+ included in cryptsetup 2:2.4.0~rc0-1+exp1 so have never been part of a
+ stable Debian release.) No pre-existing binary package in src:cryptsetup
+ declares any dependency on the new binary package so users who need
+ experimental SSH token support need to manually run `apt install
+ cryptsetup-ssh`.
+
+ -- Guilhem Moulin <guilhem@debian.org> Thu, 21 Jul 2022 20:41:20 +0200
+
+cryptsetup (2:2.1.0-7) unstable; urgency=low
+
+ The 'cryptsetup' and 'cryptsetup-run' packages have been swapped:
+ 'cryptsetup' now contains init scripts, libraries, keyscripts, etc.,
+ while 'cryptsetup-run' is a transitional dummy package depending on
+ 'cryptsetup'.
+
+ On systems which do rely on the initramfs integration, one can mark
+ 'cryptsetup-initramfs' as being manually installed (so APT never
+ selects it for auto-removal) with the following command:
+
+ apt-mark manual cryptsetup-initramfs
+
+ On the other hand, the 'cryptsetup-initramfs' package can be safely
+ removed on systems not relying on initramfs integration.
+
+ -- Guilhem Moulin <guilhem@debian.org> Sun, 21 Jul 2019 17:08:52 -0300
+
+cryptsetup (2:2.0.3-2) unstable; urgency=medium
+
+ The 'decrypt_openct' keyscript has been removed, since openct itself
+ is no longer developed and was removed from Debian since Jessie.
+
+ In order to defeat online brute-force attacks, the initramfs boot
+ script sleeps for 1 second after each failed try. On the other
+ hand, it no longer sleeps for a full minute after exceeding the
+ maximum number of unlocking tries. This behavior was added in
+ 2:1.7.3-2 as an attempt to mitigate CVE-2016-4484; to avoid dropping
+ to the debug shell after exceeding the maximum number of unlocking
+ tries, users need to use the 'panic' boot parameter and lock down
+ their boot loader & BIOS/UEFI.
+
+ The initramfs hook nows uses /proc/mounts instead of /etc/fstab to
+ detect the root device that is to be unlocked at initramfs stage.
+
+ The 'precheck' crypttab(5) option is no longer supported. The
+ precheck for LUKS devices is still hardcoded to `cryptsetup isLuks`;
+ the script refuses to unlock non-LUKS devices (plain dm-crypt and
+ tcrypt devices) containing a known filesystem (other that swap).
+
+ -- Guilhem Moulin <guilhem@debian.org> Tue, 22 May 2018 01:47:21 +0200
+
+cryptsetup (2:2.0.3-1) unstable; urgency=medium
+
+ With this version, cryptsetup has been split into cryptsetup-run
+ (init script) and cryptsetup-initramfs (initramfs integration).
+ 'cryptsetup' is now a transitional dummy package depending on
+ cryptsetup-run and cryptsetup-initramfs.
+
+ -- Guilhem Moulin <guilhem@debian.org> Wed, 16 May 2018 23:39:20 +0200
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-07 11:40:19 +0000