From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=pIsl=KX=saout.de=dm-crypt-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.0 required=3.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,
	SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 530D9C4708C
	for <dm-crypt@archiver.kernel.org>; Fri, 28 May 2021 13:03:37 +0000 (UTC)
Received: from mail.server123.net (mail.server123.net [78.46.64.186])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id C92F1613B4
	for <dm-crypt@archiver.kernel.org>; Fri, 28 May 2021 13:03:36 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C92F1613B4
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=dm-crypt-bounces@saout.de
X-Virus-Scanned: amavisd-new at saout.de
Authentication-Results: mail.server123.net (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::42b; helo=mail-wr1-x42b.google.com; envelope-from=gmazyland@gmail.com; receiver=<UNKNOWN> 
Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by mail.server123.net (Postfix) with ESMTPS
	for <dm-crypt@saout.de>; Fri, 28 May 2021 12:37:45 +0200 (CEST)
Received: by mail-wr1-x42b.google.com with SMTP id n4so2826805wrw.3
        for <dm-crypt@saout.de>; Fri, 28 May 2021 03:37:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:subject:to:message-id:date:user-agent:mime-version;
        bh=3Qz6m9koZSZ/x0PiLQ7bh0pgIVxacPddrpC1D1eksnY=;
        b=O0C1T5SiG5Uc/A4xuL2/xQY1jpbWDBp7mNtx/pvELCvC6pbEv7L+a2NJVMwKNqIskq
         gU+JjXfKaRY9npin8uZGyIYgv2eb3VFG9nZFBatV+mrdv0TuLkMcmJoFmSxGqRaowuRy
         SOts3FpJvvdy3ffHuH6jDzIol/V2SP1dPnb2ykTnjpwZ7oSMn9eriNC46oFHcnMPjFFm
         Hbe41sP4ku+12+9T1a9H3usqp2G9GKajTN6MG1LGzpyu3pbZuE4JfroO0/vnXf9O1Rr4
         689vgrhxfE1oAGOPl/ruAtwCv7yU9J3/OQkmT/TsHXBncq64j5UkQOCl0yiqlrvm2l0A
         eXKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:subject:to:message-id:date:user-agent
         :mime-version;
        bh=3Qz6m9koZSZ/x0PiLQ7bh0pgIVxacPddrpC1D1eksnY=;
        b=gs3po8IKY1sfG17/W7mPkDxoRuN9H/0Tl1CPcLkPeHeGWr60Uoz3Lgq87cCr86I8cO
         74SYtpRjaA/LDn7v631Kf2i18OpNS5T92Mgz5Oz2k9JtyMsQen6aeGYClpqWsY3u7Ayw
         cmaNEgP/+l8TZ26GNcJ1HqKzCQgxZsdXeGauxFqXh7yLQVIywDoZ8B2UyzfQfjtqDDRc
         drktNnzoTL6f2arRUmccwbX7qSkcK7HjwQz2Kc9bq33cBhhgZbeX9pRUvyj/aQcQvouL
         pN1PGjD1+RnMzeKlis/bBhuIO/rqM/sZUXcFL7AdfJ9N3QLDBDg+3caLzmyDV5wz2B0e
         rEKw==
X-Gm-Message-State: AOAM531KioGUr536dKUr46zyngoP9iGuaLEwEzSffycKPdb8oxQ3Vyj8
	8ED4QavUJEWwdXjkFJRvMNFevqDeU9Y=
X-Google-Smtp-Source: ABdhPJyDZFwPoOI7waXGUq9ez0jB7rnJxWfbWpFiM5qSNPE2xO8D/ap39lGeoKBlwPFkUIclKHjJwQ==
X-Received: by 2002:adf:8b4a:: with SMTP id v10mr8009229wra.274.1622198264432;
        Fri, 28 May 2021 03:37:44 -0700 (PDT)
Received: from [192.168.2.27] (39.35.broadband4.iol.cz. [85.71.35.39])
        by smtp.gmail.com with ESMTPSA id g11sm7230177wri.59.2021.05.28.03.37.43
        for <dm-crypt@saout.de>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 28 May 2021 03:37:43 -0700 (PDT)
From: Milan Broz <gmazyland@gmail.com>
To: dm-crypt <dm-crypt@saout.de>
Message-ID: <3309213d-b68d-e7e0-eef3-ce5cee0eef22@gmail.com>
Date: Fri, 28 May 2021 12:37:35 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.10.2
MIME-Version: 1.0
Message-ID-Hash: ZTSR4LKXJ7XB4TIOOP5TFBZMYEDVWKQ7
X-Message-ID-Hash: ZTSR4LKXJ7XB4TIOOP5TFBZMYEDVWKQ7
X-MailFrom: gmazyland@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dm-crypt.saout.de-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header
X-Mailman-Version: 3.3.2
Precedence: list
Subject: [dm-crypt] [ANNOUNCE] cryptsetup 2.3.6
List-Id: <dm-crypt.saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Post: <mailto:dm-crypt@saout.de>
List-Subscribe: <mailto:dm-crypt-join@saout.de>
List-Unsubscribe: <mailto:dm-crypt-leave@saout.de>
Content-Type: multipart/mixed; boundary="===============6233065164538698138=="

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============6233065164538698138==
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="S7GeazNw1e5WETcj4lslMCUkIsN0IkWUr"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--S7GeazNw1e5WETcj4lslMCUkIsN0IkWUr
Content-Type: multipart/mixed; boundary="q0PENJeXBc7I0i4cIU4LcMnNMDFED6lzK";
 protected-headers="v1"
From: Milan Broz <gmazyland@gmail.com>
To: dm-crypt <dm-crypt@saout.de>
Message-ID: <3309213d-b68d-e7e0-eef3-ce5cee0eef22@gmail.com>
Subject: [ANNOUNCE] cryptsetup 2.3.6

--q0PENJeXBc7I0i4cIU4LcMnNMDFED6lzK
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

The cryptsetup 2.3.6 stable release is available at

     https://gitlab.com/cryptsetup/cryptsetup

Please note that release packages are located on kernel.org

     https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/

Feedback and bug reports are welcomed.

Cryptsetup 2.3.6 Release Notes
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
Stable bug-fix release with minor extensions.

All users of cryptsetup 2.x and later should upgrade to this version.

Changes since version 2.3.5
~~~~~~~~~~~~~~~~~~~~~~~~~~~

* integritysetup: Fix possible dm-integrity mapping table truncation.

  While integritysetup in standalone mode (no encryption) was not
  designed to provide keyed (and cryptographically strong) data
  integrity protection, some options can use such algorithms (HMAC).

  If a key is used, it is directly sent to the kernel dm-integrity as
  a mapping table option (no key derivation is performed).
  For HMAC, such a key could be quite long (up to 4096 bytes in
  integritysetup CLI).

  Unfortunately, due to fixed buffers and not correctly checking string
  truncation, some parameter combinations could cause truncation
  of the dm-integrity mapping table.
  In most cases, the table was rejected by the kernel.
  The worst possible case was key truncation for HMAC options
  (internal_hash and journal_mac dm-integrity table options).

  This release fixes possible truncation and also adds more sanity
  checks to reject truncated options.
  Also, integritysetup now mentions maximal allowed key size
  in --help output.

  For old standalone dm-integrity devices where the key length was
  truncated, you have to modify (shorten) --integrity-key-size
  resp. --journal-integrity-key-size option now.

  This bug is _not_ present for dm-crypt/LUKS, LUKS2 (including
  integrity protection), or dm-verity devices; it affects only
  standalone dm-integrity with HMAC integrity protection.

* cryptsetup: Backup header can be used to activate TCRYPT device.
  Use --header option to specify the header.

* cryptsetup: Avoid LUKS2 decryption without detached header.
  This feature will be added later and is currently not supported.

* Additional fixes and workarounds for common warnings produced
  by some static analysis tools (like gcc-11 analyzer) and additional
  code hardening.

* Fix standalone libintl detection for compiled tests.

* Add Blake2b and Blake2s hash support for crypto backends.
  Kernel and gcrypt crypto backend support all variants.
  OpenSSL supports only Blake2b-512 and Blake2s-256.
  Crypto backend supports kernel notation e.g. "blake2b-512".


--q0PENJeXBc7I0i4cIU4LcMnNMDFED6lzK--

--S7GeazNw1e5WETcj4lslMCUkIsN0IkWUr
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmCwx/AACgkQ2bBXe9k+
mPxo3hAAl71gkG5Bo0OhMVgOLNHSitQugcrzf61wto27lLA1pVKswF5f7rhsYcCx
I92COydLEGQ23I2YnNsqmuJt4l9xXSxgRvQPvucKUdqfoviBy6+VAH/6FAK8JP7H
MaUdtnsw6TayYCf/Op4yX9Dk7zKbzaS/u7EUYAHEZEAvgpL65KblQdt1ZZZ2ZidW
3tx/nHdgAcLAEGIK0eikxrpKUAZK1u4StzCInzt2XH0wo+PNN199hGvvcOVwz2M1
rsJIoUAEqbCzxWAAZdeScpubq2ROf4gVELKYtDs7/fHIWih8/9LfZRNI5Ib4NG6Z
b2RyZG1uaJOKyMFkbHqSjlygGbBG4RfCSTZHSL1BxtgZ1K5CR6JdAY+WSQ+lO/6B
pD/vmph3jM4Wzu+LviJS/wfoWrC85kFpsD1/Hvm2CPHYQCavdkEUDmbqu2979KoG
8YDEBAUCFM7L+KRk9bO4CUCMc33tQcM81oiWlSsf6dXmK3nqD7BP3YCdvwkFMEAA
yf9sXDAp+ZZihitb5fjRNXUiXE0lNR1M2vWOl9CeQVKhpuCF61m2nu4JDEdf9A3/
3oMZOOhY3ZSd28ViF8Be8cahrXgte+ABhLf1JNqSP21XBG+jVFmoZQIzirF6l/sZ
On4bytlQWc0hk3mLKjW9rGg4QIvuwmsl7H1j9iD1pIwKxVM1xjc=
=UUe1
-----END PGP SIGNATURE-----

--S7GeazNw1e5WETcj4lslMCUkIsN0IkWUr--

--===============6233065164538698138==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de

--===============6233065164538698138==--