| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cryptsetup 2.4.1 Release Notes
==============================
Stable bug-fix release with minor extensions.
All users of cryptsetup 2.4.0 should upgrade to this version.
Changes since version 2.4.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Fix compilation for libc implementations without dlvsym().
Some alternative libc implementations (like musl) do not provide
versioned symbols dlvsym function. Code now fallbacks to dlsym
operation for dynamic LUKS2 token load.
It is up to maintainers to ensure that LUKS2 token plugins are
compiled for the supported version.
* Fix compilation and tests on systems with non-standard libraries
(standalone argp library, external gettext library, BusyBox
implementations of standard tools).
* Try to workaround some issues on systems without udev support.
NOTE: non-udev systems cannot provide all functionality for kernel
device-mapper, and some operations can fail.
* Fixes for OpenSSL3 crypto backend (including FIPS mode).
Because cryptsetup still requires some hash functions implemented
in OpenSSL3 legacy provider, crypto backend now uses its library
context and tries to load both default and legacy OpenSSL3 providers.
If FIPS mode is detected, no library context is used, and it is up
to the OpenSSL system-wide policy to load proper providers.
NOTE: We still use some deprecated API in the OpenSSL3 backend,
and there are some known problems in OpenSSL 3.0.0.
* Print error message when assigning a token to an inactive keyslot.
* Fix offset bug in LUKS2 encryption code if --offset option was used.
* Do not allow LUKS2 decryption for devices with data offset.
Such devices cannot be used after decryption.
* Fix LUKS1 cryptsetup repair command for some specific problems.
Repair code can now fix wrongly used initialization vector
specification in ECB mode (that is insecure anyway!) and repair
the upper-case hash specification in the LUKS1 header.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Without the udevrules cryptsetup luksOpen will be hanging with "Udev
cookie 0xd4de0f6 (semid 5) waiting for zero".
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Otherwise cryptsetup-native depends on the target kernel and thus the
target compiler, as can be seen by:
$ bitbake -g cryptsetup-native
$ grep 'cryptsetup.*linux-yocto' task-depends.dot
"cryptsetup-native.do_build" -> "linux-yocto.do_deploy"
"cryptsetup-native.do_build" -> "linux-yocto.do_package_write_rpm"
"cryptsetup-native.do_populate_sysroot" -> "linux-yocto.do_populate_sysroot"
$ grep 'linux-yocto.*gcc-cross' task-depends.dot
"linux-yocto.do_kernel_configme" -> "gcc-cross-x86_64.do_populate_sysroot"
"linux-yocto.do_prepare_recipe_sysroot" -> "gcc-cross-x86_64.do_populate_sysroot"
This also moves the runtime dependencies to near the end of the recipe,
which is more customary.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
