Hello community, here is the log from the commit of package cryptsetup for openSUSE:Factory checked in at 2020-02-09 21:02:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old) and /work/SRC/openSUSE:Factory/.cryptsetup.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cryptsetup" Sun Feb 9 21:02:18 2020 rev:107 rq:770054 version:2.3.0 Changes: -------- --- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes 2019-12-17 13:29:39.899419748 +0100 +++ /work/SRC/openSUSE:Factory/.cryptsetup.new.26092/cryptsetup.changes 2020-02-09 21:02:38.523361197 +0100 @@ -0,0 +1,57 @@ +------------------------------------------------------------------- +Tue Feb 4 07:59:24 UTC 2020 - Paolo Stivanin <[email protected]> + +- Update to 2.3.0 (include release notes for 2.2.0) + * BITLK (Windows BitLocker compatible) device access + * Veritysetup now supports activation with additional PKCS7 signature + of root hash through --root-hash-signature option. + * Integritysetup now calculates hash integrity size according to algorithm + instead of requiring an explicit tag size. + * Integritysetup now supports fixed padding for dm-integrity devices. + * A lot of fixes to online LUKS2 reecryption. + * Add crypt_resume_by_volume_key() function to libcryptsetup. + If a user has a volume key available, the LUKS device can be resumed + directly using the provided volume key. + No keyslot derivation is needed, only the key digest is checked. + * Implement active device suspend info. + Add CRYPT_ACTIVATE_SUSPENDED bit to crypt_get_active_device() flags + that informs the caller that device is suspended (luksSuspend). + * Allow --test-passphrase for a detached header. + Before this fix, we required a data device specified on the command + line even though it was not necessary for the passphrase check. + * Allow --key-file option in legacy offline encryption. + The option was ignored for LUKS1 encryption initialization. + * Export memory safe functions. + To make developing of some extensions simpler, we now export + functions to handle memory with proper wipe on deallocation. + * Fail crypt_keyslot_get_pbkdf for inactive LUKS1 keyslot. + * Add optional global serialization lock for memory hard PBKDF. + * Abort conversion to LUKS1 with incompatible sector size that is + not supported in LUKS1. + * Report error (-ENOENT) if no LUKS keyslots are available. User can now + distinguish between a wrong passphrase and no keyslot available. + * Fix a possible segfault in detached header handling (double free). + * Add integritysetup support for bitmap mode introduced in Linux kernel 5.2. + * The libcryptsetup now keeps all file descriptors to underlying device + open during the whole lifetime of crypt device context to avoid excessive + scanning in udev (udev run scan on every descriptor close). + * The luksDump command now prints more info for reencryption keyslot + (when a device is in-reencryption). + * New --device-size parameter is supported for LUKS2 reencryption. + * New --resume-only parameter is supported for LUKS2 reencryption. + * The repair command now tries LUKS2 reencryption recovery if needed. + * If reencryption device is a file image, an interactive dialog now + asks if reencryption should be run safely in offline mode + (if autodetection of active devices failed). + * Fix activation through a token where dm-crypt volume key was not + set through keyring (but using old device-mapper table parameter mode). + * Online reencryption can now retain all keyslots (if all passphrases + are provided). Note that keyslot numbers will change in this case. + * Allow volume key file to be used if no LUKS2 keyslots are present. + * Print a warning if online reencrypt is called over LUKS1 (not supported). + * Fix TCRYPT KDF failure in FIPS mode. + * Remove FIPS mode restriction for crypt_volume_key_get. + * Reduce keyslots area size in luksFormat when the header device is too small. + * Make resize action accept --device-size parameter (supports units suffix). + +------------------------------------------------------------------- Old: ---- cryptsetup-2.1.0.tar.sign cryptsetup-2.1.0.tar.xz New: ---- cryptsetup-2.3.0.tar.sign cryptsetup-2.3.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cryptsetup.spec ++++++ --- /var/tmp/diff_new_pack.ZLbVCj/_old 2020-02-09 21:02:40.859362523 +0100 +++ /var/tmp/diff_new_pack.ZLbVCj/_new 2020-02-09 21:02:40.879362534 +0100 @@ -1,7 +1,7 @@ # # spec file for package cryptsetup # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,15 +22,15 @@ %else Name: cryptsetup %endif -Version: 2.1.0 +Version: 2.3.0 Release: 0 Summary: Setup program for dm-crypt Based Encrypted Block Devices License: SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later Group: System/Base -Url: https://gitlab.com/cryptsetup/cryptsetup/ -Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.1/cryptsetup-%{version}.tar.xz +URL: https://gitlab.com/cryptsetup/cryptsetup/ +Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-%{version}.tar.xz # GPG signature of the uncompressed tarball. -Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.1/cryptsetup-%{version}.tar.sign +Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-%{version}.tar.sign Source2: baselibs.conf Source3: cryptsetup.keyring BuildRequires: device-mapper-devel ++++++ cryptsetup-2.1.0.tar.xz -> cryptsetup-2.3.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup-2.1.0.tar.xz /work/SRC/openSUSE:Factory/.cryptsetup.new.26092/cryptsetup-2.3.0.tar.xz differ: char 15, line 1
