Re: [ANNOUNCE] cryptsetup 1.6.7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I hope you won't mind me mentioning, but the following sections in the FAQ (on Gitlab) still link back to Google Code; 1.1, 1.6 and 9.

In the case of section 1.1 this informs the reader where the latest version can be found - I assume Gitlab will now be the up-to-date version?

My apologies if you have already planned to make the amendments.

p.s. Many thanks for all your hard work in providing this important utility.

Regards

Robert Gilmour

On 23/03/15 17:54, Milan Broz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The stable cryptsetup 1.6.7 release is available at

     https://gitlab.com/cryptsetup/cryptsetup

Please note that release packages are located on kernel.org

     https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/

Feedback and bug reports are welcomed.

Cryptsetup 1.6.7 Release Notes
==============================

Changes since version 1.6.6

* Cryptsetup git and wiki are now hosted on GitLab.
   https://gitlab.com/cryptsetup/cryptsetup

   Repository of stable releases remains on kernel.org site
   https://www.kernel.org/pub/linux/utils/cryptsetup/

   For more info please see README file.

* Cryptsetup TCRYPT mode now supports VeraCrypt devices (TrueCrypt extension).

   The VeraCrypt extension only increases iteration count for the key
   derivation function (on-disk format is the same as TrueCrypt format).

   Note that unlocking of a VeraCrypt device can take very long time if used
   on slow machines.

   To use this extension, add --veracrypt option, for example
     cryptsetup open --type tcrypt --veracrypt <container> <name>

   For use through libcryptsetup, just add CRYPT_TCRYPT_VERA_MODES flag.

* Support keyfile-offset and keyfile-size options even for plain volumes.

* Support keyfile option for luksAddKey if the master key is specified.

* For historic reasons, hashing in the plain mode is not used
   if keyfile is specified (with exception of --key-file=-).
   Print a warning if these parameters are ignored.

* Support permanent device decryption for cryptsetup-reencrypt.
   To remove LUKS encryption from a device, you can now use --decrypt option.

* Allow to use --header option in all LUKS commands.
   The --header always takes precedence over positional device argument.

* Allow luksSuspend without need to specify a detached header.

* Detect if O_DIRECT is usable on a device allocation.
   There are some strange storage stack configurations which wrongly allows
   to open devices with direct-io but fails on all IO operations later.

   Cryptsetup now tries to read the device first sector to ensure it can use
   direct-io.

* Add low-level performance options tuning for dmcrypt (for Linux 4.0 and later).

   Linux kernel 4.0 contains rewritten dmcrypt code which tries to better utilize
   encryption on parallel CPU cores.

   While tests show that this change increases performance on most configurations,
   dmcrypt now provides some switches to change its new behavior.

   You can use them (per-device) with these cryptsetup switches:
      --perf-same_cpu_crypt
      --perf-submit_from_crypt_cpus

   Please use these only in the case of serious performance problems.
   Refer to the cryptsetup man page and dm-crypt documentation
   (for same_cpu_crypt and submit_from_crypt_cpus options).
   https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt

* Get rid of libfipscheck library.
   (Note that this option was used only for Red Hat and derived distributions.)
   With recent FIPS changes we do not need to link to this FIPS monster anymore.
   Also drop some no longer needed FIPS mode checks.

* Many fixes and clarifications to man pages.

* Prevent compiler to optimize-out zeroing of buffers for on-stack variables.

* Fix a crash if non-GNU strerror_r is used.

Cryptsetup API NOTE:
The direct terminal handling for passphrase entry will be removed from
libcryptsetup in next major version (application should handle it itself).

It means that you have to always either provide password in buffer or set
your own password callback function through crypt_set_password_callback().
See API documentation (or libcryptsetup.h) for more info.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVEFM/AAoJENmwV3vZPpj8LJQP/jAexv33vfIVKcpV6XRe+3nm
WloMa9KGgyGJ/b0I/TvEKa/RdWxExv5ZMOGACe+0KhwwudCo+NKfWs6uY8THqLuF
yiev2879MPNLUbQiU4yELOvJA+rt5rhhUqMk4zKcFJv+PO77CtuUTqd7AIJ8Pjb5
htHN6fJp83wZCVO0j0CuQ5LfPajK1nNbGYk2vTuAR4Z0tj6ci5bP2eefPLD3gnhc
DXMT9oS4RypLEtyzzxWUqBmYq+7UnOQqByyrwaPRrZp6fecOamR6Fr9QHVsXO1KM
5ws2OOcjnW+6lvSZZnsykc7TplyxZwMAv9XPkuc8ZtPD2tMMmSp3g0raL+8/YiTZ
nlf0CCPPtp7p5aIlINe0g7sZ1Gax9EnMyPulaifHRE7KprR3A8yYSxRl7gVUupId
EYKNMjrenq7dzIE8DQ2a6qFZukmzBcVAsTCsW//P/5YJXVJnPi0L2XuopGnXBms8
tUj04M25/yi/HU51XbbHY8GaYehFz4yDggAxy3u0041hx66XCGx2tMYc/Y6JJ4jc
HolrCi2ijjx37QePWNftJZ9LyDscPI0VFsGEH+ywA+kN5wueOBXthC4r8g30exDd
TIibtIbg3Yb0YsVnz9Zb/MUhc+8MFEFOnMvS21ib/a1lDSOQNL74idBOKcvghVp3
wdpC6Zx8RlhI6s7tmwep
=OA+S
-----END PGP SIGNATURE-----
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt




[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux