summaryrefslogtreecommitdiffstats
path: root/docs/v2.6.1-ReleaseNotes
diff options
context:
space:
mode:
Diffstat (limited to 'docs/v2.6.1-ReleaseNotes')
-rw-r--r--docs/v2.6.1-ReleaseNotes50
1 files changed, 50 insertions, 0 deletions
diff --git a/docs/v2.6.1-ReleaseNotes b/docs/v2.6.1-ReleaseNotes
new file mode 100644
index 0000000..82012b9
--- /dev/null
+++ b/docs/v2.6.1-ReleaseNotes
@@ -0,0 +1,50 @@
+Cryptsetup 2.6.1 Release Notes
+==============================
+Stable bug-fix release with minor extensions.
+
+All users of cryptsetup 2.6.0 should upgrade to this version.
+
+Changes since version 2.6.0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* bitlk: Fixes for BitLocker-compatible on-disk metadata parser
+ (found by new cryptsetup OSS-Fuzz fuzzers).
+ - Fix a possible memory leak if the metadata contains more than
+ one description field.
+ - Harden parsing of metadata entries for key and description entries.
+ - Fix broken metadata parsing that can cause a crash or out of memory.
+
+* Fix possible iteration overflow in OpenSSL2 PBKDF2 crypto backend.
+ OpenSSL2 uses a signed integer for PBKDF2 iteration count.
+ As cryptsetup uses an unsigned value, this can lead to overflow and
+ a decrease in the actual iteration count.
+ This situation can happen only if the user specifies
+ --pbkdf-force-iterations option.
+ OpenSSL3 (and other supported crypto backends) are not affected.
+
+* Fix compilation for new ISO C standards (gcc with -std=c11 and higher).
+
+* fvault2: Fix compilation with very old uuid.h.
+
+* verity: Fix possible hash offset setting overflow.
+
+* bitlk: Fix use of startup BEK key on big-endian platforms.
+
+* Fix compilation with latest musl library.
+ Recent musl no longer implements lseek64() in some configurations.
+ Use lseek() as 64-bit offset is mandatory for cryptsetup.
+
+* Do not initiate encryption (reencryption command) when the header and
+ data devices are the same.
+ If data device reduction is not requsted, this leads to data corruption
+ since LUKS metadata was written over the data device.
+
+* Fix possible memory leak if crypt_load() fails.
+
+* Always use passphrases with a minimal 8 chars length for benchmarking.
+ Some enterprise distributions decided to set an unconditional check
+ for PBKDF2 password length when running in FIPS mode.
+ This questionable change led to unexpected failures during LUKS format
+ and keyslot operations, where short passwords were used for
+ benchmarking PBKDF2 speed.
+ PBKDF2 benchmark calculations should not be affected by this change.
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-02 02:29:23 +0000