From 1660d4b7a65d9ad2ce0deaa19d35579ca4084ac5 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 17 Apr 2024 10:06:26 +0200 Subject: Adding upstream version 2:2.6.1. Signed-off-by: Daniel Baumann --- docs/v1.6.4-ReleaseNotes | 57 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 docs/v1.6.4-ReleaseNotes (limited to 'docs/v1.6.4-ReleaseNotes') diff --git a/docs/v1.6.4-ReleaseNotes b/docs/v1.6.4-ReleaseNotes new file mode 100644 index 0000000..010ba5f --- /dev/null +++ b/docs/v1.6.4-ReleaseNotes @@ -0,0 +1,57 @@ +Cryptsetup 1.6.4 Release Notes +============================== + +Changes since version 1.6.3 + +* Implement new erase (with alias luksErase) command. + + The erase cryptsetup command can be used to permanently erase + all keyslots and make the LUKS container inaccessible. + (The only way to unlock such device is to use LUKS header backup + created before erase command was used.) + + You do not need to provide any password for this operation. + + This operation is irreversible. + +* Add internal "whirlpool_gcryptbug hash" for accessing flawed + Whirlpool hash in gcrypt (requires gcrypt 1.6.1 or above). + + The gcrypt version of Whirlpool hash algorithm was flawed in some + situations. + + This means that if you used Whirlpool in LUKS header and upgraded + to new gcrypt library your LUKS container become inaccessible. + + Please refer to cryptsetup FAQ for detail how to fix this situation. + +* Allow one to use --disable-gcrypt-pbkdf2 during configuration + to force use internal PBKDF2 code. + +* Require gcrypt 1.6.1 for imported implementation of PBKDF2 + (PBKDF2 in gcrypt 1.6.0 is too slow). + +* Add --keep-key to cryptsetup-reencrypt. + + This allows change of LUKS header hash (and iteration count) without + the need to reencrypt the whole data area. + (Reencryption of LUKS header only without master key change.) + +* By default verify new passphrase in luksChangeKey and luksAddKey + commands (if input is from terminal). + +* Fix memory leak in Nettle crypto backend. + +* Support --tries option even for TCRYPT devices in cryptsetup. + +* Support --allow-discards option even for TCRYPT devices. + (Note that this could destroy hidden volume and it is not suggested + by original TrueCrypt security model.) + +* Link against -lrt for clock_gettime to fix undefined reference + to clock_gettime error (introduced in 1.6.2). + +* Fix misleading error message when some algorithms are not available. + +* Count system time in PBKDF2 benchmark if kernel returns no self usage info. + (Workaround to broken getrusage() syscall with some hypervisors.) -- cgit v1.2.3