1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
cryptsetup (2:2.5.0~rc1-3) experimental; urgency=medium
The experimental SSH token handler and cryptsetup-ssh(8) utility are now
shipped in a separate binary package 'cryptsetup-ssh'. (They were first
included in cryptsetup 2:2.4.0~rc0-1+exp1 so have never been part of a
stable Debian release.) No pre-existing binary package in src:cryptsetup
declares any dependency on the new binary package so users who need
experimental SSH token support need to manually run `apt install
cryptsetup-ssh`.
-- Guilhem Moulin <guilhem@debian.org> Thu, 21 Jul 2022 20:41:20 +0200
cryptsetup (2:2.1.0-7) unstable; urgency=low
The 'cryptsetup' and 'cryptsetup-run' packages have been swapped:
'cryptsetup' now contains init scripts, libraries, keyscripts, etc.,
while 'cryptsetup-run' is a transitional dummy package depending on
'cryptsetup'.
On systems which do rely on the initramfs integration, one can mark
'cryptsetup-initramfs' as being manually installed (so APT never
selects it for auto-removal) with the following command:
apt-mark manual cryptsetup-initramfs
On the other hand, the 'cryptsetup-initramfs' package can be safely
removed on systems not relying on initramfs integration.
-- Guilhem Moulin <guilhem@debian.org> Sun, 21 Jul 2019 17:08:52 -0300
cryptsetup (2:2.0.3-2) unstable; urgency=medium
The 'decrypt_openct' keyscript has been removed, since openct itself
is no longer developed and was removed from Debian since Jessie.
In order to defeat online brute-force attacks, the initramfs boot
script sleeps for 1 second after each failed try. On the other
hand, it no longer sleeps for a full minute after exceeding the
maximum number of unlocking tries. This behavior was added in
2:1.7.3-2 as an attempt to mitigate CVE-2016-4484; to avoid dropping
to the debug shell after exceeding the maximum number of unlocking
tries, users need to use the 'panic' boot parameter and lock down
their boot loader & BIOS/UEFI.
The initramfs hook nows uses /proc/mounts instead of /etc/fstab to
detect the root device that is to be unlocked at initramfs stage.
The 'precheck' crypttab(5) option is no longer supported. The
precheck for LUKS devices is still hardcoded to `cryptsetup isLuks`;
the script refuses to unlock non-LUKS devices (plain dm-crypt and
tcrypt devices) containing a known filesystem (other that swap).
-- Guilhem Moulin <guilhem@debian.org> Tue, 22 May 2018 01:47:21 +0200
cryptsetup (2:2.0.3-1) unstable; urgency=medium
With this version, cryptsetup has been split into cryptsetup-run
(init script) and cryptsetup-initramfs (initramfs integration).
'cryptsetup' is now a transitional dummy package depending on
cryptsetup-run and cryptsetup-initramfs.
-- Guilhem Moulin <guilhem@debian.org> Wed, 16 May 2018 23:39:20 +0200
|
