[dm-crypt] [ANNOUNCE] cryptsetup 1.6.7

wintonian mail at wintonian.org.uk
Mon Mar 23 19:15:53 CET 2015


I hope you won't mind me mentioning, but the following sections in the 
FAQ (on Gitlab) still link back to Google Code; 1.1, 1.6 and 9.

In the case of section 1.1 this informs the reader where the latest 
version can be found - I assume Gitlab will now be the up-to-date version?

My apologies if you have already planned to make the amendments.

p.s. Many thanks for all your hard work in providing this important utility.

Regards

Robert Gilmour

On 23/03/15 17:54, Milan Broz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> The stable cryptsetup 1.6.7 release is available at
>
>      https://gitlab.com/cryptsetup/cryptsetup
>
> Please note that release packages are located on kernel.org
>
>      https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/
>
> Feedback and bug reports are welcomed.
>
> Cryptsetup 1.6.7 Release Notes
> ==============================
>
> Changes since version 1.6.6
>
> * Cryptsetup git and wiki are now hosted on GitLab.
>    https://gitlab.com/cryptsetup/cryptsetup
>
>    Repository of stable releases remains on kernel.org site
>    https://www.kernel.org/pub/linux/utils/cryptsetup/
>
>    For more info please see README file.
>
> * Cryptsetup TCRYPT mode now supports VeraCrypt devices (TrueCrypt extension).
>
>    The VeraCrypt extension only increases iteration count for the key
>    derivation function (on-disk format is the same as TrueCrypt format).
>
>    Note that unlocking of a VeraCrypt device can take very long time if used
>    on slow machines.
>
>    To use this extension, add --veracrypt option, for example
>      cryptsetup open --type tcrypt --veracrypt <container> <name>
>
>    For use through libcryptsetup, just add CRYPT_TCRYPT_VERA_MODES flag.
>
> * Support keyfile-offset and keyfile-size options even for plain volumes.
>
> * Support keyfile option for luksAddKey if the master key is specified.
>
> * For historic reasons, hashing in the plain mode is not used
>    if keyfile is specified (with exception of --key-file=-).
>    Print a warning if these parameters are ignored.
>
> * Support permanent device decryption for cryptsetup-reencrypt.
>    To remove LUKS encryption from a device, you can now use --decrypt option.
>
> * Allow to use --header option in all LUKS commands.
>    The --header always takes precedence over positional device argument.
>
> * Allow luksSuspend without need to specify a detached header.
>
> * Detect if O_DIRECT is usable on a device allocation.
>    There are some strange storage stack configurations which wrongly allows
>    to open devices with direct-io but fails on all IO operations later.
>
>    Cryptsetup now tries to read the device first sector to ensure it can use
>    direct-io.
>
> * Add low-level performance options tuning for dmcrypt (for Linux 4.0 and later).
>
>    Linux kernel 4.0 contains rewritten dmcrypt code which tries to better utilize
>    encryption on parallel CPU cores.
>
>    While tests show that this change increases performance on most configurations,
>    dmcrypt now provides some switches to change its new behavior.
>
>    You can use them (per-device) with these cryptsetup switches:
>       --perf-same_cpu_crypt
>       --perf-submit_from_crypt_cpus
>
>    Please use these only in the case of serious performance problems.
>    Refer to the cryptsetup man page and dm-crypt documentation
>    (for same_cpu_crypt and submit_from_crypt_cpus options).
>    https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt
>
> * Get rid of libfipscheck library.
>    (Note that this option was used only for Red Hat and derived distributions.)
>    With recent FIPS changes we do not need to link to this FIPS monster anymore.
>    Also drop some no longer needed FIPS mode checks.
>
> * Many fixes and clarifications to man pages.
>
> * Prevent compiler to optimize-out zeroing of buffers for on-stack variables.
>
> * Fix a crash if non-GNU strerror_r is used.
>
> Cryptsetup API NOTE:
> The direct terminal handling for passphrase entry will be removed from
> libcryptsetup in next major version (application should handle it itself).
>
> It means that you have to always either provide password in buffer or set
> your own password callback function through crypt_set_password_callback().
> See API documentation (or libcryptsetup.h) for more info.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBCAAGBQJVEFM/AAoJENmwV3vZPpj8LJQP/jAexv33vfIVKcpV6XRe+3nm
> WloMa9KGgyGJ/b0I/TvEKa/RdWxExv5ZMOGACe+0KhwwudCo+NKfWs6uY8THqLuF
> yiev2879MPNLUbQiU4yELOvJA+rt5rhhUqMk4zKcFJv+PO77CtuUTqd7AIJ8Pjb5
> htHN6fJp83wZCVO0j0CuQ5LfPajK1nNbGYk2vTuAR4Z0tj6ci5bP2eefPLD3gnhc
> DXMT9oS4RypLEtyzzxWUqBmYq+7UnOQqByyrwaPRrZp6fecOamR6Fr9QHVsXO1KM
> 5ws2OOcjnW+6lvSZZnsykc7TplyxZwMAv9XPkuc8ZtPD2tMMmSp3g0raL+8/YiTZ
> nlf0CCPPtp7p5aIlINe0g7sZ1Gax9EnMyPulaifHRE7KprR3A8yYSxRl7gVUupId
> EYKNMjrenq7dzIE8DQ2a6qFZukmzBcVAsTCsW//P/5YJXVJnPi0L2XuopGnXBms8
> tUj04M25/yi/HU51XbbHY8GaYehFz4yDggAxy3u0041hx66XCGx2tMYc/Y6JJ4jc
> HolrCi2ijjx37QePWNftJZ9LyDscPI0VFsGEH+ywA+kN5wueOBXthC4r8g30exDd
> TIibtIbg3Yb0YsVnz9Zb/MUhc+8MFEFOnMvS21ib/a1lDSOQNL74idBOKcvghVp3
> wdpC6Zx8RlhI6s7tmwep
> =OA+S
> -----END PGP SIGNATURE-----
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>


More information about the dm-crypt mailing list