"Fossies" - the Fresh Open Source Software Archive

Member "cryptsetup-2.4.3/docs/v1.2.0-ReleaseNotes" (7 Feb 2012, 4852 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 Cryptsetup 1.2.0 Release Notes
    2 ==============================
    3 
    4 Changes since version 1.2.0-rc1
    5 
    6  * Fix crypt_activate_by_keyfile() to work with PLAIN devices.
    7  * Fix plain create command to properly handle keyfile size.
    8  * Update translations.
    9 
   10 Changes since version 1.1.3
   11 
   12 Important changes
   13 ~~~~~~~~~~~~~~~~~
   14 
   15  * Add text version of *FAQ* (Frequently Asked Questions) to distribution.
   16 
   17  * Add selection of random/urandom number generator for luksFormat
   18  (option --use-random and --use-urandom).
   19 
   20  (This affects only long term volume key in *luksFormat*,
   21  not RNG used for salt and AF splitter).
   22 
   23   You can also set the default to /dev/random during compilation with
   24   --enable-dev-random. Compiled-in default is printed in --help output.
   25 
   26   Be very careful before changing default to blocking /dev/random use here.
   27 
   28  * Fix *luksRemoveKey* to not ask for remaining keyslot passphrase,
   29  only for removed one.
   30 
   31  * No longer support *luksDelKey* (replaced with luksKillSlot).
   32   * if you want to remove particular passphrase, use *luksKeyRemove*
   33   * if you want to remove particular keyslot, use *luksKillSlot*
   34 
   35  Note that in batch mode *luksKillSlot* allows removing of any keyslot
   36  without question, in normal mode requires passphrase or keyfile from
   37  other keyslot.
   38 
   39  * *Default alignment* for device (if not overridden by topology info)
   40  is now (multiple of) *1MiB*.
   41  This reflects trends in storage technologies and aligns to the same
   42  defaults for partitions and volume management.
   43 
   44  * Allow explicit UUID setting in *luksFormat* and allow change it later
   45  in *luksUUID* (--uuid parameter).
   46 
   47  * All commands using key file now allows limited read from keyfile using
   48  --keyfile-size and --new-keyfile-size parameters (in bytes).
   49 
   50  This change also disallows overloading of --key-size parameter which
   51  is now exclusively used for key size specification (in bits.)
   52 
   53  * *luksFormat* using pre-generated master key now properly allows
   54  using key file (only passphrase was allowed prior to this update).
   55 
   56  * Add --dump-master-key option for *luksDump* to perform volume (master)
   57  key dump. Note that printed information allows accessing device without
   58  passphrase so it must be stored encrypted.
   59 
   60  This operation is useful for simple Key Escrow function (volume key and
   61  encryption parameters printed on paper on safe place).
   62 
   63  This operation requires passphrase or key file.
   64 
   65  * The reload command is no longer supported.
   66  (Use dmsetup reload instead if needed. There is no real use for this
   67  function except explicit data corruption:-)
   68 
   69  * Cryptsetup now properly checks if underlying device is in use and
   70  disallows *luksFormat*, *luksOpen* and *create* commands on open
   71  (e.g. already mapped or mounted) device.
   72 
   73  * Option --non-exclusive (already deprecated) is removed.
   74 
   75 Libcryptsetup API additions:
   76 
   77  * new functions
   78   * crypt_get_type() - explicit query to crypt device context type
   79   * crypt_resize() - new resize command using context
   80   * crypt_keyslot_max() - helper to get number of supported keyslots
   81   * crypt_get_active_device() - get active device info
   82   * crypt_set/get_rng_type() - random/urandom RNG setting
   83   * crypt_set_uuid() - explicit UUID change of existing device
   84   * crypt_get_device_name() - get underlying device name
   85 
   86  * Fix optional password callback handling.
   87 
   88  * Allow to activate by internally cached volume key immediately after
   89  crypt_format() without active slot (for temporary devices with
   90  on-disk metadata)
   91 
   92  * libcryptsetup is binary compatible with 1.1.x release and still
   93  supports legacy API calls
   94 
   95  * cryptsetup binary now uses only new API calls.
   96 
   97  * Static compilation of both library (--enable-static) and cryptsetup
   98  binary (--enable-static-cryptsetup) is now properly implemented by common
   99  libtool logic.
  100 
  101  Prior to this it produced miscompiled dynamic cryptsetup binary with
  102  statically linked libcryptsetup.
  103 
  104  The static binary is compiled as src/cryptsetup.static in parallel
  105  with dynamic build if requested.
  106 
  107 Other changes
  108 ~~~~~~~~~~~~~
  109  * Fix default plain password entry from terminal in activate_by_passphrase.
  110  * Initialize volume key from active device in crypt_init_by_name()
  111  * Fix cryptsetup binary exit codes.
  112    0 - success, otherwise fail
  113    1 - wrong parameters
  114    2 - no permission
  115    3 - out of memory
  116    4 - wrong device specified
  117    5 - device already exists or device is busy
  118  * Remove some obsolete info from man page.
  119  * Add more regression tests for commands.
  120  * Fix possible double free when handling master key file.
  121  * Fix pkg-config use in automake scripts.
  122  * Wipe iteration and salt after luksKillSlot in LUKS header.
  123  * Rewrite file differ test to C (and fix it to really work).
  124  * Do not query non-existent device twice (cryptsetup status /dev/nonexistent).
  125  * Check if requested hash is supported before writing LUKS header.
  126  * Fix problems reported by clang scan-build.