Change logs for cryptsetup source package in Disco

  • cryptsetup (2:2.1.0-1ubuntu1) disco; urgency=medium
    
      * Merge from Debian unstable. LP: #1815484
      * Remaining changes:
        - debian/control:
          + Recommend plymouth.
          + Invert the "busybox | busybox-static" Recommends, as the latter
            is the one we ship in main as part of the ubuntu-standard task.
        - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
          compatibility. LP: #1651818
    
    cryptsetup (2:2.1.0-1) unstable; urgency=medium
    
      * New upstream release.  Highlights include:
        - The on-disk LUKS format version now defaults to LUKS2 (use `luksFormat
          --type luks1` to use LUKS1 format). Closes: #919725.
        - The cryptographic backend used for LUKS header processing is now libssl
          instead of libgcrypt.
        - LUKS' default key size is now 512 in XTS mode, half of which is used for
          block encryption.  XTS mode uses two internal keys, hence the previous
          default key size (256) caused AES-128 to be used for block encryption,
          while users were expecting AES-256.
    
      [ Guilhem Moulin ]
      * Add docs/Keyring.txt and docs/LUKS2-locking.txt to
        /usr/share/doc/cryptsetup-run.
      * debian/README.Debian: Mention that for non-persistent encrypted swap one
        should also disable the resume device.
      * debian/README.initramfs: Mention that keyscript=decrypt_derived normally
        won't work with LUKS2 sources.  (The volume key of LUKS2 devices is by
        default offloaded to the kernel keyring service, hence not readable by
        userspace.)  Since 2:2.0.3-5 the keyscript loudly fails on such sources.
      * decrypt_keyctl keyscript: Always use our askpass binary for password
        prompt (fail instead of falling back to using stty or `read -s` if askpass
        is not available).  askpass and decrypt_keyctl are both shipped in our
        'cryptsetup-run' and 'cryptsetup-udeb' binary packages, and the cryptsetup
        and askpass binaries are added together to the initramfs image.
      * decrypt_keyctl: Document the identifier used in the user keyring:
        "cryptsetup:$CRYPTTAB_KEY", or merely "cryptsetup" if "$CRYPTTAB_KEY" is
        empty or "none".  The latter improves compatibility with gdm and
        systemd-ask-password(1).
      * debian/*: run wrap-and-sort(1).
      * debian/doc/crypttab.xml: mention `cryptsetup refresh` and the `--persistent`
        option flag.
      * debian/control: Bump Standards-Version to 4.3.0 (no changes necessary).
    
      [ Jonas Meurer ]
      * Update docs about 'discard' option: Mention in manpage, that it's enabled
        per default by Debian Installer. Give advice to add it to new devices in
        /etc/crypttab and add it to crypttab example entries in the docs.
    
     -- Dimitri John Ledkov <email address hidden>  Wed, 13 Feb 2019 21:28:23 +0000
  • cryptsetup (2:2.0.6-1ubuntu1) disco; urgency=medium
    
      * Merge from Debian unstable.
      * Remaining changes:
        - debian/control:
          + Recommend plymouth.
          + Invert the "busybox | busybox-static" Recommends, as the latter
            is the one we ship in main as part of the ubuntu-standard task.
        - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
          compatibility. LP: #1651818
      * Dropped delta sector_size support, merged in Debian.
    
    cryptsetup (2:2.0.6-1) unstable; urgency=medium
    
      * New upstream bugfix release.  Highlights include:
        - Fix support of larger metadata areas in LUKS2 header.
        - Fix checking of device size alignment and hash & AEAD algorithms to
          avoid formatting devices that later cannot be activated.
        - Fix cryptsetup-reencrypt interrupt handling.
        - Allow Adiantum cipher construction (require Linux 4.21 or later).
    
    cryptsetup (2:2.0.5-2) unstable; urgency=medium
    
      * debian/initramfs/hooks/*: Skip call to copy_file() when the target already
        exists (as the function return value 1 in the case).
      * OpenPGP Smartcard support, based on work by Peter Lebbing and Erik
        Nellessen. (Closes: #888916, #903163.)
      * Move header presence check to crypttab_parse_options() from
        unlock_mapping().  Having the presence checks in unlock_mapping() caused
        dummy password prompts in interactive mode when the LUKS header file was
        missing.  Regression since 2:2.0.3-2.  (Closes: #914458.)
    
    cryptsetup (2:2.0.5-1) unstable; urgency=medium
    
      * New upstream release.
      * Remove d/patches/Disable-blockwise-compat-test-as-it-s-FS-dependent.patch
        as the test suite no longer fails on misaligned I/O in O_DIRECT mode.
        (Cf. upstream issue #403.)
    
    cryptsetup (2:2.0.4-3) unstable; urgency=medium
    
      [ Guilhem Moulin ]
      * debian/initramfs/hooks/cryptroot:
        + Make _CRYPTTAB_* variables local to crypttab_find_and_print_entry().
          (Closes: #907243.)
        + Silence the warning that honoring CRYPTSETUP="[y|n]" in the config is
          deprecated when the variable is set to "y".  (Keep the warning when it's
          set to "n" though.)  Closes: #908220.
      * debian/functions: Make get_crypt_type() set variable CRYPTTAB_TYPE to the
        type of crypt device ("luks" / "plain" / "tcrypt").
      * debian/initramfs/scripts/local-top/cryptroot: Don't complain that
        (successful) unlocking of a LUKS device doesn't yield a known file system.
        The check is preserved for plain dm-crypt devices and tcrypt devices.
        (Closes: #906283.)
      * debian/control: Bump Standards-Version to 4.2.1 (no changes necessary).
      * debian/doc/crypttab.xml: Improve formatting.
      * debian/cryptsetup-run.lintian-overrides: Remove unused override
        init.d-script-possible-missing-stop (x2).
      * debian/libcryptsetup12.symbols: Add "Build-Depends-Package:
        libcryptsetup-dev" field.
    
      [ Helmut Grohne ]
      * Fix FTCBFS: Supply $(CC) from dpkg's buildtools.mk. (Closes: #911042)
    
      [ Dimitri John Ledkov ]
      * Implement support for `cryptsetup --sector-size` in crypttab(5).
        LP: #1776626.
    
     -- Dimitri John Ledkov <email address hidden>  Tue, 05 Feb 2019 13:43:25 +0000
  • cryptsetup (2:2.0.4-2ubuntu2) cosmic; urgency=medium
    
      * Implement support for --sector-size cryptsetup plain mode option in
        crypttab. Matching support is also proposed to systemd-cryptsetup as
        well. LP: #1776626
    
     -- Dimitri John Ledkov <email address hidden>  Fri, 31 Aug 2018 17:00:07 +0100