dm-crypt.saout.de archive mirror
 help / color / mirror / Atom feed
* [dm-crypt] [ANNOUNCE] cryptsetup 2.3.1
@ 2020-03-12  9:06 Milan Broz
  0 siblings, 0 replies; only message in thread
From: Milan Broz @ 2020-03-12  9:06 UTC (permalink / raw)
  To: dm-crypt


[-- Attachment #1.1: Type: text/plain, Size: 2090 bytes --]

The cryptsetup 2.3.1 stable release is available at

     https://gitlab.com/cryptsetup/cryptsetup

Please note that release packages are located on kernel.org

     https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/

Feedback and bug reports are welcomed.

Cryptsetup 2.3.1 Release Notes
==============================
Stable bug-fix release.

All users of cryptsetup 2.x should upgrade to this version.

Changes since version 2.3.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~

* Support VeraCrypt 128 bytes passwords.
  VeraCrypt now allows passwords of maximal length 128 bytes
  (compared to legacy TrueCrypt where it was limited by 64 bytes).

* Strip extra newline from BitLocker recovery keys
  There might be a trailing newline added by the text editor when
  the recovery passphrase was passed using the --key-file option.

* Detect separate libiconv library.
  It should fix compilation issues on distributions with iconv
  implemented in a separate library.

* Various fixes and workarounds to build on old Linux distributions.

* Split lines with hexadecimal digest printing for large key-sizes.

* Do not wipe the device with no integrity profile.
  With --integrity none we performed useless full device wipe.

* Workaround for dm-integrity kernel table bug.
  Some kernels show an invalid dm-integrity mapping table
  if superblock contains the "recalculate" bit. This causes
  integritysetup to not recognize the dm-integrity device.
  Integritysetup now specifies kernel options such a way that
  even on unpatched kernels mapping table is correct.

* Print error message if LUKS1 keyslot cannot be processed.
  If the crypto backend is missing support for hash algorithms
  used in PBKDF2, the error message was not visible.

* Properly align LUKS2 keyslots area on conversion.
  If the LUKS1 payload offset (data offset) is not aligned
  to 4 KiB boundary, new LUKS2 keyslots area in now aligned properly.

* Validate LUKS2 earlier on conversion to not corrupt the device
  if binary keyslots areas metadata are not correct.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2020-03-12  9:06 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-12  9:06 [dm-crypt] [ANNOUNCE] cryptsetup 2.3.1 Milan Broz

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).