All of lore.kernel.org
 help / color / mirror / Atom feed
From: Milan Broz <gmazyland@gmail.com>
To: dm-crypt <dm-crypt@saout.de>
Subject: [dm-crypt] [ANNOUNCE] cryptsetup 2.4.1
Date: Wed, 15 Sep 2021 11:58:44 +0200	[thread overview]
Message-ID: <23e036ba-bb02-1157-f5bc-63eb9a0eea7a@gmail.com> (raw)


[-- Attachment #1.1.1: Type: text/plain, Size: 2264 bytes --]

The cryptsetup 2.4.1 stable release is available at

     https://gitlab.com/cryptsetup/cryptsetup

Please note that release packages are located on kernel.org

     https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/

Feedback and bug reports are welcomed.

Cryptsetup 2.4.1 Release Notes
==============================
Stable bug-fix release with minor extensions.

All users of cryptsetup 2.4.0 should upgrade to this version.

Changes since version 2.4.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~

* Fix compilation for libc implementations without dlvsym().

  Some alternative libc implementations (like musl) do not provide
  versioned symbols dlvsym function. Code now fallbacks to dlsym
  operation for dynamic LUKS2 token load.
  It is up to maintainers to ensure that LUKS2 token plugins are
  compiled for the supported version.

* Fix compilation and tests on systems with non-standard libraries
  (standalone argp library, external gettext library, BusyBox
  implementations of standard tools).

* Try to workaround some issues on systems without udev support.
  NOTE: non-udev systems cannot provide all functionality for kernel
  device-mapper, and some operations can fail.

* Fixes for OpenSSL3 crypto backend (including FIPS mode).
  Because cryptsetup still requires some hash functions implemented
  in OpenSSL3 legacy provider, crypto backend now uses its library
  context and tries to load both default and legacy OpenSSL3 providers.

  If FIPS mode is detected, no library context is used, and it is up
  to the OpenSSL system-wide policy to load proper providers.

  NOTE: We still use some deprecated API in the OpenSSL3 backend,
  and there are some known problems in OpenSSL 3.0.0.

* Print error message when assigning a token to an inactive keyslot.

* Fix offset bug in LUKS2 encryption code if --offset option was used.

* Do not allow LUKS2 decryption for devices with data offset.
  Such devices cannot be used after decryption.

* Fix LUKS1 cryptsetup repair command for some specific problems.
  Repair code can now fix wrongly used initialization vector
  specification in ECB mode (that is insecure anyway!) and repair
  the upper-case hash specification in the LUKS1 header.


[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

[-- Attachment #2: Type: text/plain, Size: 147 bytes --]

_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de

                 reply	other threads:[~2021-09-15 10:01 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=23e036ba-bb02-1157-f5bc-63eb9a0eea7a@gmail.com \
    --to=gmazyland@gmail.com \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.