Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libcryptsetup12-2.4.3-1.3 RPM for s390x

From OpenSuSE Ports Tumbleweed for s390x

Name: libcryptsetup12 Distribution: openSUSE:Factory:zSystems
Version: 2.4.3 Vendor: obs://build.opensuse.org/openSUSE:Factory:zSystems
Release: 1.3 Build date: Wed Jun 15 13:00:10 2022
Group: System/Libraries Build host: s390zl25
Size: 476135 Source RPM: cryptsetup-2.4.3-1.3.src.rpm
Url: https://gitlab.com/cryptsetup/cryptsetup/
Summary: Library for setting up dm-crypt Based Encrypted Block Devices
cryptsetup is used to conveniently set up dm-crypt based device-mapper
targets. It allows to set up targets to read cryptoloop compatible
volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot
time via the config file /etc/crypttab.

Provides

Requires

License

LGPL-2.0-or-later AND SUSE-GPL-2.0-with-openssl-exception

Changelog

* Fri Jan 14 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - cryptsetup 2.4.3:
    * Fix possible attacks against data confidentiality through
      LUKS2 online reencryption extension crash recovery
      CVE-2021-4122, boo#1194469
    * Add configure option --disable-luks2-reencryption to completely
      disable LUKS2 reencryption code.
    * Improve internal metadata validation code for reencryption
      metadata
    * Add updated documentation for LUKS2 On-Disk Format
      Specification version 1.1.0
    * Fix support for bitlk (BitLocker compatible) startup key with
      new  metadata entry introduced in Windows 11
    * Fix space restriction for LUKS2 reencryption with data shift
* Thu Nov 18 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - cryptsetup 2.4.2:
    * Fix possible large memory allocation if LUKS2 header size is
      invalid.
    * Fix memory corruption in debug message printing LUKS2
      checksum.
    * veritysetup: remove link to the UUID library for the static
      build.
    * Remove link to pwquality library for integritysetup and
      veritysetup. These tools do not read passphrases.
    * OpenSSL3 backend: avoid remaining deprecated calls in API.
      Crypto backend no longer use API deprecated in OpenSSL 3.0
    * Check if kernel device-mapper create device failed in an early
      phase. This happens when a concurrent creation of device-mapper
      devices meets in the very early state.
    * Do not set compiler optimization flag for Argon2 KDF if the
      memory wipe is implemented in libc.
    * Do not attempt to unload LUKS2 tokens if external tokens are
      disabled. This allows building a static binary with
    - -disable-external-tokens.
    * LUKS convert: also check sysfs for device activity.
      If udev symlink is missing, code fallbacks to sysfs scan to
      prevent data corruption for the active device.
* Thu Sep 16 2021 Ludwig Nussel <lnussel@suse.de>
  - cryptsetup 2.4.1
    * Fix compilation for libc implementations without dlvsym().
    * Fix compilation and tests on systems with non-standard libraries
    * Try to workaround some issues on systems without udev support.
    * Fixes for OpenSSL3 crypto backend (including FIPS mode).
    * Print error message when assigning a token to an inactive keyslot.
    * Fix offset bug in LUKS2 encryption code if --offset option was used.
    * Do not allow LUKS2 decryption for devices with data offset.
    * Fix LUKS1 cryptsetup repair command for some specific problems.
* Wed Aug 25 2021 Ludwig Nussel <lnussel@suse.de>
  - As YaST passes necessary parameters to cryptsetup anyway, we do
    not necessarily need to take grub into consideration. So back to
    Argon2 to see how it goes.
* Tue Aug 03 2021 Ludwig Nussel <lnussel@suse.de>
  - need to use PBKDF2 by default for LUKS2 as grub can't decrypt when
    using Argon.
* Mon Aug 02 2021 Ludwig Nussel <lnussel@suse.de>
  - cryptsetup 2.4.0 (jsc#SLE-20275)
    * External LUKS token plugins
    * Experimental SSH token
    * Default LUKS2 PBKDF is now Argon2id
    * Increase minimal memory cost for Argon2 benchmark to 64MiB.
    * Autodetect optimal encryption sector size on LUKS2 format.
    * Use VeraCrypt option by default and add --disable-veracrypt option.
    * Support --hash and --cipher to limit opening time for TCRYPT type
    * Fixed default OpenSSL crypt backend support for OpenSSL3.
    * integritysetup: add integrity-recalculate-reset flag.
    * cryptsetup: retains keyslot number in luksChangeKey for LUKS2.
    * Fix cryptsetup resize using LUKS2 tokens.
    * Add close --deferred and --cancel-deferred options.
    * Rewritten command-line option parsing to avoid libpopt arguments
      memory leaks.
    * Add --test-args option.
* Mon Aug 02 2021 Fabian Vogt <fvogt@suse.com>
  - Use LUKS2 as default format on Tumbleweed.
    It provides some additional features which other tools
    (e.g. systemd-cryptenroll) rely on. GRUB 2.06 supports unlocking
    LUKS2 volumes meanwhile.
* Thu Jul 01 2021 Ludwig Nussel <lnussel@suse.de>
  - cryptsetup 2.3.6:
    * integritysetup: Fix possible dm-integrity mapping table truncation.
    * cryptsetup: Backup header can be used to activate TCRYPT device.
      Use --header option to specify the header.
    * cryptsetup: Avoid LUKS2 decryption without detached header.
      This feature will be added later and is currently not supported.
    * Additional fixes and workarounds for common warnings produced
      by some static analysis tools (like gcc-11 analyzer) and additional
      code hardening.
    * Fix standalone libintl detection for compiled tests.
    * Add Blake2b and Blake2s hash support for crypto backends.
      Kernel and gcrypt crypto backend support all variants.
      OpenSSL supports only Blake2b-512 and Blake2s-256.
      Crypto backend supports kernel notation e.g. "blake2b-512".
* Sat Mar 13 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - cryptsetup 2.3.5:
    * Fix partial reads of passphrase from an interactive terminal
    * Fix maximum length of password entered through a terminal
    * integritysetup: support new dm-integrity HMAC recalculation
      options
    * integritysetup: display of recalculating sector in dump command
    * veritysetup: fix verity FEC if stored in the same image with
      hashes
    * veritysetup: run FEC repair check even if root hash fails
    * veritysetup: do not process hash image if hash area is empty
    * veritysetup: store verity hash algorithm in superblock in
      lowercase
    * bitlk: fix a crash if the device disappears during BitLocker
      scan
    * bitlk: show a better error when trying to open an NTFS device
    * bitlk: add support for startup key protected VMKs
    * Fix LUKS1 repair code (regression since version 1.7.x)
    * Fix luksKeyChange for LUKS2 with assigned tokens
    * Fix cryptsetup resize using LUKS2 tokens
    * Print a visible error if device resize is not supported
    * Add error message when suspending wrong non-LUKS device
    * Fix default XTS mode key size in reencryption
    * Rephrase missing locking directory warning and move it to
      debug level
    * Many fixes for the use of cipher_null (empty debug cipher)
    * Fixes for libpasswdqc 2.0.x (optional passphrase quality check)
    * Fixes for problems discovered by various tools for code
      analysis
    * Various fixes to man pages
  - silence hmac packaging warnings
* Fri Mar 12 2021 Dirk Müller <dmueller@suse.com>
  - move licenses to licensedir
* Tue Dec 08 2020 Ludwig Nussel <lnussel@suse.de>
  - SLE marker: implements jsc#SLE-5911, bsc#1165580, jsc#SLE-145149
* Wed Nov 04 2020 Ludwig Nussel <lnussel@suse.de>
  - prepare usrmerge (boo#1029961)
* Fri Sep 04 2020 Ludwig Nussel <lnussel@suse.de>
  - Update to 2.3.4:
    * Fix a possible out-of-bounds memory write while validating LUKS2 data
      segments metadata (CVE-2020-14382, boo#1176128).
    * Ignore reported optimal IO size if not aligned to minimal page size.
    * Added support for new no_read/write_wrokqueue dm-crypt options (kernel 5.9).
    * Added support panic_on_corruption option for dm-verity devices (kernel 5.9).
    * Support --master-key-file option for online LUKS2 reencryption
    * Always return EEXIST error code if a device already exists.
    * Fix a problem in integritysetup if a hash algorithm has dash in the name.
    * Fix crypto backend to properly handle ECB mode.
    * TrueCrypt/VeraCrypt compatible mode now supports the activation of devices
      with a larger sector.
    * LUKS2: Do not create excessively large headers.
    * Fix unspecified sector size for BitLocker compatible mode.
    * Fix reading key data size in metadata for BitLocker compatible mode.
* Thu May 28 2020 Andreas Stieger <andreas.stieger@gmx.de>
  - Update to 2.3.3:
    * Fix BitLocker compatible device access that uses native 4kB
      sectors
    * Support large IV count (--iv-large-sectors) cryptsetup option
      for plain device mapping
    * Fix a memory leak in BitLocker compatible handling
    * Allow EBOIV (Initialization Vector algorithm) use
    * LUKS2: Require both keyslot cipher and key size option, do
      not fail silently
  - includes changes from 2.3.2:
    * Add option to dump content of LUKS2 unbound keyslot
    * Add support for discards (TRIM) for standalone dm-integrity
      devices (Kernel 5.7) via --allow-discards, not for LUKS2
    * Fix cryptsetup-reencrypt to work on devices that do not allow
      direct-io device access.
    * Fix a crash in the BitLocker-compatible code error path
    * Fix Veracrypt compatible support for longer (>64 bytes)
      passphrases
* Thu Apr 02 2020 Ludwig Nussel <lnussel@suse.de>
  - Split translations to -lang package
  - New version to 2.3.1
    * Support VeraCrypt 128 bytes passwords.
      VeraCrypt now allows passwords of maximal length 128 bytes
      (compared to legacy TrueCrypt where it was limited by 64 bytes).
    * Strip extra newline from BitLocker recovery keys
      There might be a trailing newline added by the text editor when
      the recovery passphrase was passed using the --key-file option.
    * Detect separate libiconv library.
      It should fix compilation issues on distributions with iconv
      implemented in a separate library.
    * Various fixes and workarounds to build on old Linux distributions.
    * Split lines with hexadecimal digest printing for large key-sizes.
    * Do not wipe the device with no integrity profile.
      With --integrity none we performed useless full device wipe.
    * Workaround for dm-integrity kernel table bug.
      Some kernels show an invalid dm-integrity mapping table
      if superblock contains the "recalculate" bit. This causes
      integritysetup to not recognize the dm-integrity device.
      Integritysetup now specifies kernel options such a way that
      even on unpatched kernels mapping table is correct.
    * Print error message if LUKS1 keyslot cannot be processed.
      If the crypto backend is missing support for hash algorithms
      used in PBKDF2, the error message was not visible.
    * Properly align LUKS2 keyslots area on conversion.
      If the LUKS1 payload offset (data offset) is not aligned
      to 4 KiB boundary, new LUKS2 keyslots area in now aligned properly.
    * Validate LUKS2 earlier on conversion to not corrupt the device
      if binary keyslots areas metadata are not correct.
* Tue Feb 04 2020 Paolo Stivanin <info@paolostivanin.com>
  - Update to 2.3.0 (include release notes for 2.2.0)
    * BITLK (Windows BitLocker compatible) device access
    * Veritysetup now supports activation with additional PKCS7 signature
      of root hash through --root-hash-signature option.
    * Integritysetup now calculates hash integrity size according to algorithm
      instead of requiring an explicit tag size.
    * Integritysetup now supports fixed padding for dm-integrity devices.
    * A lot of fixes to online LUKS2 reecryption.
    * Add crypt_resume_by_volume_key() function to libcryptsetup.
      If a user has a volume key available, the LUKS device can be resumed
      directly using the provided volume key.
      No keyslot derivation is needed, only the key digest is checked.
    * Implement active device suspend info.
      Add CRYPT_ACTIVATE_SUSPENDED bit to crypt_get_active_device() flags
      that informs the caller that device is suspended (luksSuspend).
    * Allow --test-passphrase for a detached header.
      Before this fix, we required a data device specified on the command
      line even though it was not necessary for the passphrase check.
    * Allow --key-file option in legacy offline encryption.
      The option was ignored for LUKS1 encryption initialization.
    * Export memory safe functions.
      To make developing of some extensions simpler, we now export
      functions to handle memory with proper wipe on deallocation.
    * Fail crypt_keyslot_get_pbkdf for inactive LUKS1 keyslot.
    * Add optional global serialization lock for memory hard PBKDF.
    * Abort conversion to LUKS1 with incompatible sector size that is
      not supported in LUKS1.
    * Report error (-ENOENT) if no LUKS keyslots are available. User can now
      distinguish between a wrong passphrase and no keyslot available.
    * Fix a possible segfault in detached header handling (double free).
    * Add integritysetup support for bitmap mode introduced in Linux kernel 5.2.
    * The libcryptsetup now keeps all file descriptors to underlying device
      open during the whole lifetime of crypt device context to avoid excessive
      scanning in udev (udev run scan on every descriptor close).
    * The luksDump command now prints more info for reencryption keyslot
      (when a device is in-reencryption).
    * New --device-size parameter is supported for LUKS2 reencryption.
    * New --resume-only parameter is supported for LUKS2 reencryption.
    * The repair command now tries LUKS2 reencryption recovery if needed.
    * If reencryption device is a file image, an interactive dialog now
      asks if reencryption should be run safely in offline mode
      (if autodetection of active devices failed).
    * Fix activation through a token where dm-crypt volume key was not
      set through keyring (but using old device-mapper table parameter mode).
    * Online reencryption can now retain all keyslots (if all passphrases
      are provided). Note that keyslot numbers will change in this case.
    * Allow volume key file to be used if no LUKS2 keyslots are present.
    * Print a warning if online reencrypt is called over LUKS1 (not supported).
    * Fix TCRYPT KDF failure in FIPS mode.
    * Remove FIPS mode restriction for crypt_volume_key_get.
    * Reduce keyslots area size in luksFormat when the header device is too small.
    * Make resize action accept --device-size parameter (supports units suffix).
* Thu Oct 17 2019 Vítězslav Čížek <vcizek@suse.com>
  - Create a weak dependency cycle between libcryptsetup and
    libcryptsetup-hmac to make sure they are installed together
    (bsc#1090768)
* Fri Feb 15 2019 Jan Engelhardt <jengelh@inai.de>
  - Use noun phrase in summary.
* Fri Feb 15 2019 lnussel@suse.de
  - New version 2.1.0
    * The default size of the LUKS2 header is increased to 16 MB.
      It includes metadata and the area used for binary keyslots;
      it means that LUKS header backup is now 16MB in size.
    * Cryptsetup now doubles LUKS default key size if XTS mode is used
      (XTS mode uses two internal keys). This does not apply if key size
      is explicitly specified on the command line and it does not apply
      for the plain mode.
      This fixes a confusion with AES and 256bit key in XTS mode where
      code used AES128 and not AES256 as often expected.
    * Default cryptographic backend used for LUKS header processing is now
      OpenSSL. For years, OpenSSL provided better performance for PBKDF.
    * The Python bindings are no longer supported and the code was removed
      from cryptsetup distribution. Please use the libblockdev project
      that already covers most of the libcryptsetup functionality
      including LUKS2.
    * Cryptsetup now allows using --offset option also for luksFormat.
    * Cryptsetup now supports new refresh action (that is the alias for
      "open --refresh").
    * Integritysetup now supports mode with detached data device through
      new --data-device option.
  - 2.1.0 would use LUKS2 as default, we stay with LUKS1 for now until
    someone has time to evaluate the fallout from switching to LUKS2.

Files

/usr/lib64/libcryptsetup.so.12
/usr/lib64/libcryptsetup.so.12.7.0


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Aug 9 13:50:54 2022