openSUSE Build Service

Ana Guerrero (anag+factory) accepted request 1166583 from

Pedro Monreal Gonzalez (pmonrealgonzalez) 16 days ago (revision 127)

Ana Guerrero (anag+factory) accepted request 1158211 from

Pedro Monreal Gonzalez (pmonrealgonzalez) about 1 month ago (revision 126)

Ana Guerrero (anag+factory) accepted request 1142597 from

Pedro Monreal Gonzalez (pmonrealgonzalez) 3 months ago (revision 125)

Dominique Leuenberger (dimstar_suse) accepted request 1098512 from

Pedro Monreal Gonzalez (pmonrealgonzalez) 10 months ago (revision 124)

Dominique Leuenberger (dimstar_suse) accepted request 1093291 from

Pedro Monreal Gonzalez (pmonrealgonzalez) 10 months ago (revision 123)

Dominique Leuenberger (dimstar_suse) accepted request 1064730 from

Andreas Stieger (AndreasStieger) about 1 year ago (revision 122)

cryptsetup 2.6.1

Dominique Leuenberger (dimstar_suse) accepted request 1055943 from

Andreas Stieger (AndreasStieger) over 1 year ago (revision 121)

- Replace transitional %usrmerged macro with regular version check (boo#1206798)

Dominique Leuenberger (dimstar_suse) accepted request 1038821 from

Ludwig Nussel (lnussel) over 1 year ago (revision 120)

Dominique Leuenberger (dimstar_suse) accepted request 1003455 from

Ludwig Nussel (lnussel) over 1 year ago (revision 119)

Dominique Leuenberger (dimstar_suse) accepted request 999047 from

Ludwig Nussel (lnussel) over 1 year ago (revision 118)

- cryptsetup 2.5.0:
* Split manual pages into per-action pages and use AsciiDoc format.
* Remove cryptsetup-reencrypt tool from the project and move reencryption
to already existing "cryptsetup reencrypt" command.
If you need to emulate the old cryptsetup-reencrypt binary, use simple
wrappers script running "exec cryptsetup reencrypt $@".
* LUKS2: implement --decryption option that allows LUKS removal.
* Fix decryption operation with --active-name option and restrict
it to be used only with LUKS2.
* Do not refresh reencryption digest when not needed.
This should speed up the reencryption resume process.
* Store proper resilience data in LUKS2 reencrypt initialization.
Resuming reencryption now does not require specification of resilience
type parameters if these are the same as during initialization.
* Properly wipe the unused area after reencryption with datashift in
the forward direction.
* Check datashift value against larger sector size.
For example, it could cause an issue if misaligned 4K sector appears
during decryption.
* Do not allow sector size increase reencryption in offline mode.
* Do not allow dangerous sector size change during reencryption.
* Ask the user for confirmation before resuming reencryption.
* Do not resume reencryption with conflicting parameters.
* Add --force-offline-reencrypt option.
* Do not allow nested encryption in LUKS reencrypt.
* Support all options allowed with luksFormat with encrypt action.
* Add resize action to integritysetup.
* Remove obsolete dracut plugin reencryption example.
* Fix possible keyslot area size overflow during conversion to LUKS2.
* Allow use of --header option for cryptsetup close. (forwarded request 999046 from lnussel)

Dominique Leuenberger (dimstar_suse) accepted request 946915 from

Ludwig Nussel (lnussel) over 2 years ago (revision 117)

Dominique Leuenberger (dimstar_suse) accepted request 919547 from

Ludwig Nussel (lnussel) over 2 years ago (revision 116)

- cryptsetup 2.4.1
  * Fix compilation for libc implementations without dlvsym().
  * Fix compilation and tests on systems with non-standard libraries
  * Try to workaround some issues on systems without udev support.
  * Fixes for OpenSSL3 crypto backend (including FIPS mode).
  * Print error message when assigning a token to an inactive keyslot.
  * Fix offset bug in LUKS2 encryption code if --offset option was used.
  * Do not allow LUKS2 decryption for devices with data offset.
  * Fix LUKS1 cryptsetup repair command for some specific problems.

- cryptsetup 2.4.0 (jsc#SLE-20275)

Dominique Leuenberger (dimstar_suse) accepted request 915495 from

Factory Maintainer (factory-maintainer) over 2 years ago (revision 115)

Automatic submission by obs-autosubmit

Dominique Leuenberger (dimstar_suse) accepted request 903414 from

Ludwig Nussel (lnussel) almost 3 years ago (revision 114)

- cryptsetup 2.3.6:
  * integritysetup: Fix possible dm-integrity mapping table truncation.
  * cryptsetup: Backup header can be used to activate TCRYPT device.
    Use --header option to specify the header.
  * cryptsetup: Avoid LUKS2 decryption without detached header.
    This feature will be added later and is currently not supported.
  * Additional fixes and workarounds for common warnings produced
    by some static analysis tools (like gcc-11 analyzer) and additional
    code hardening.
  * Fix standalone libintl detection for compiled tests.
  * Add Blake2b and Blake2s hash support for crypto backends.
    Kernel and gcrypt crypto backend support all variants.
    OpenSSL supports only Blake2b-512 and Blake2s-256.
    Crypto backend supports kernel notation e.g. "blake2b-512".

Richard Brown (RBrownSUSE) accepted request 879091 from

Ludwig Nussel (lnussel) about 3 years ago (revision 113)

Dominique Leuenberger (dimstar_suse) accepted request 853733 from

Ludwig Nussel (lnussel) over 3 years ago (revision 112)

- SLE marker: implements jsc#SLE-5911, bsc#116558, jsc#SLE-145149

Dominique Leuenberger (dimstar_suse) accepted request 849585 from

Ludwig Nussel (lnussel) over 3 years ago (revision 111)

- prepare usrmerge (boo#1029961) (forwarded request 849583 from lnussel)

Dominique Leuenberger (dimstar_suse) accepted request 832027 from

Ludwig Nussel (lnussel) over 3 years ago (revision 110)

Dominique Leuenberger (dimstar_suse) accepted request 810247 from

Ludwig Nussel (lnussel) almost 4 years ago (revision 109)

Dominique Leuenberger (dimstar_suse) accepted request 790921 from

Ludwig Nussel (lnussel) about 4 years ago (revision 108)

- Split translations to -lang package
- New version to 2.3.1
  * Support VeraCrypt 128 bytes passwords.
    VeraCrypt now allows passwords of maximal length 128 bytes
    (compared to legacy TrueCrypt where it was limited by 64 bytes).
  * Strip extra newline from BitLocker recovery keys
    There might be a trailing newline added by the text editor when
    the recovery passphrase was passed using the --key-file option.
  * Detect separate libiconv library.
    It should fix compilation issues on distributions with iconv
    implemented in a separate library.
  * Various fixes and workarounds to build on old Linux distributions.
  * Split lines with hexadecimal digest printing for large key-sizes.
  * Do not wipe the device with no integrity profile.
    With --integrity none we performed useless full device wipe.
  * Workaround for dm-integrity kernel table bug.
    Some kernels show an invalid dm-integrity mapping table
    if superblock contains the "recalculate" bit. This causes
    integritysetup to not recognize the dm-integrity device.
    Integritysetup now specifies kernel options such a way that
    even on unpatched kernels mapping table is correct.
  * Print error message if LUKS1 keyslot cannot be processed.
    If the crypto backend is missing support for hash algorithms
    used in PBKDF2, the error message was not visible.
  * Properly align LUKS2 keyslots area on conversion.
    If the LUKS1 payload offset (data offset) is not aligned
    to 4 KiB boundary, new LUKS2 keyslots area in now aligned properly.
  * Validate LUKS2 earlier on conversion to not corrupt the device
    if binary keyslots areas metadata are not correct.

Places

Revisions of cryptsetup

Places