-
cryptsetup (2:2.5.0-2ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/control:
+ Recommend plymouth.
+ Depend on busybox-initramfs instead of busybox | busybox-static.
+ Move cryptsetup-initramfs back to cryptsetup's Recommends.
+ Do not build cryptsetup-suspend binary package on i386.
- Fix cryptroot-unlock for busybox compatibility.
- Fix warning and error when running on ZFS on root: (LP: #1830110)
- d/functions: Return an empty devno for ZFS devices as they don't have
major:minor device numbers.
- d/initramfs/hooks/cryptroot: Ignore and don't print an error message
when devices don't have a devno.
- debian/patches/decrease_memlock_ulimit.patch
Fixed FTBFS due to a restricted build environment
* Disable failing Debian-tailored cryptroot-* autopkgtests, see bug #1983522
cryptsetup (2:2.5.0-2) unstable; urgency=low
[ Matthias Klose ]
* Add support for 'noudeb' build profile. (Closes: #983318)
[ Christoph Anton Mitterer ]
* initramfs hook: align busybox check on klibc-utils's hook.
[ Benjamin Drung ]
* initramfs hook: Fix broken compatibility with OpenSSL3 when cryptsetup
needs legacy hashes (currently ripemd160 and whirlpool). (LP: #1979159)
[ Guilhem Moulin ]
* New DEP-8 test for crude checks of the initramfs hook.
* Minor changes to the legacy.so inclusion logic.
* DEP-8: Add checks for OpenSSL's legacy.so inclusion.
* d/rules: Inspect DEB_BUILD_* with $(filter ,) not $(findstring ,).
* initramfs boot script: Remove custom LVM handling. Since 2.03.15-1 lvm2
doesn't ship an initramfs boot script anymore and relies solely on udev
rules instead. We therefore don't have to manually activate LVs/VGs
anymore, but cryptsetup-initramfs now conflicts with earlier lvm2
versions. (Closes: #928943)
* Override lintian tag 'conflicts-with-version' given the above.
* initramfs hook: Don't overwrite crypttab(5) source to /dev/mapper/$NAME
for mapped devices. (Closes: #1016455)
* initramfs hook: Preserve crypttab source specifications and devices
starting with /dev/disk/by- or /dev/mapper/.
* d/README.initramfs: Improve section about cryptopts= kernel parameter.
* d/Debian.README: Mention that systemd masks /etc/init.d/cryptdisks.
* Rename systemd_cryptsetup-suspend.conf to systemd/cryptsetup-suspend.conf.
* cryptsetup-suspend-wrapper: Fix grep calls in some corner cases such as
template cgroups.
* cryptsetup-suspend-wrapper: Avoid double slash in cgroup paths.
* cryptsetup-suspend-wrapper: Consolidate style.
(Closes: #1010708)
* d/t/cryptroot-*: Relax the kernel.deb regex to account for release
candidates.
* d/t/cryptroot-*: Add more partition type GUIDs.
* d/t/cryptroot-*: Improve sources.list(5) generation.
* d/t/cryptroot-*: Make APT repository Origin and URI configurable.
* d/t/cryptroot-*: Start udevd before setting up the guest.
* d/t/cryptroot-*: Use a separate /run partition when bootstrapping.
* Run `chmod +x d/t/cryptdisks d/t/utils/init` for consistency.
* d/t/cryptroot-*.d/config: Remove 'cryptsetup' from PKGS_EXTRA as it's only
needed for cryptroot-sysvinit.
* d/t/cryptroot-sysvinit: Rename 'rootfs.key' keyfile to 'homefs.key' which
better describes the purpose of the keyfile.
* d/t/cryptroot-*: Replace /target with '$ROOT'.
* d/t/cryptroot-*: Rename 'testvg' Volume Group to 'cryptvg'.
* d/t/cryptroot-*: Add note about testing cryptsetup-suspend.
* d/t: Add convenience wrapper script for local cryptroot-* test runs.
* New DEP-8 test for LVM-on-MD-on-LUKS2 layout backed by 4 independently
encrypted partitions (all unlocked at initramfs stage).
* New DEP-8 test for a complex nested block device stack.
* Salsa CI: Disable autopkgtest job for now.
-- Benjamin Drung <email address hidden> Wed, 24 Aug 2022 00:56:28 +0200
-
cryptsetup (2:2.5.0-1ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/control:
+ Recommend plymouth.
+ Depend on busybox-initramfs instead of busybox | busybox-static.
+ Move cryptsetup-initramfs back to cryptsetup's Recommends.
+ Do not build cryptsetup-suspend binary package on i386.
- Fix cryptroot-unlock for busybox compatibility.
- Fix warning and error when running on ZFS on root: (LP: #1830110)
- d/functions: Return an empty devno for ZFS devices as they don't have
major:minor device numbers.
- d/initramfs/hooks/cryptroot: Ignore and don't print an error message
when devices don't have a devno.
- debian/patches/decrease_memlock_ulimit.patch
Fixed FTBFS due to a restricted build environment
- Stop building the udeb on request.
* d/initramfs/hooks/cryptroot: Include OpenSSL legacy.so for ripemd160 and
whirlpool hash algorithms (LP: #1979159)
* Disable failing Debian-tailored cryptroot-* autopkgtests, see bug #1983522
cryptsetup (2:2.5.0-1) unstable; urgency=medium
* d/copyright: Fix licence for tokens/ssh/cryptsetup-ssh.c.
* Remove patches applied upstream.
* Rename 'ssh-plugin-test' to 'ssh-test-plugin'.
* Add DEP-8 tests for cryptroot unlocking at early boot stage.
cryptsetup (2:2.5.0~rc1-3) experimental; urgency=medium
* DEP-8: Add 'Features: test-name=' in order to name inline tests.
* d/t/control: Add 'Restrictions: rw-build-tree' to upstream-testsuite.
* d/control: Remove cryptsetup-reencrypt from cryptsetup-bin package
description since the utility was removed upstream in v2.5.0-rc1.
* d/changelog: Retroactively correct 2:2.4.0~rc0-1+exp1 entry.
* Update d/patches with what's landed upstream since v2.5.0-rc1.
* d/patches, d/rules: Pass $(LDFLAGS) when building fake_token_path.so and
no longer silence blhc(1) for test files.
* Move SSH token plugin stuff into new binary package 'cryptsetup-ssh'.
That plugin is arguably not useful for everyone and we can save the
'Depends: libssh-4' on cryptsetup-bin by moving cryptsetup-ssh(8) and
libcryptsetup-token-ssh.so to a separate package. Since LUKS2 SSH token
support was added after the Bullseye release, and since it is still in
experimental stage, we don't let cryptsetup-bin or cryptsetup depend on
the new binary package. Users who need that feature will need to install
it manually.
cryptsetup (2:2.5.0~rc1-2) experimental; urgency=medium
* localtest: Treat skipped tests as failure for full coverage.
* d/watch: Add uversionmangle option for release candidates.
* unit-wipe-test: Skip DIO tests when the file system doesn't support
O_DIRECT. This is needed on the buildds where the source tree appears to
be on a tmpfs.
cryptsetup (2:2.5.0~rc1-1) experimental; urgency=low
* New upstream release candidate 2.5.0. Highlights include:
+ Remove cryptsetup-reencrypt(8) executable, use `cryptsetup reencrypt`
instead (for both LUKS1 and LUKS2).
+ Split manual pages into per-action pages, for instance cryptsetup-open.8
which can be consulted with `man cryptsetup open`.
+ Add LUKS2 encryption removal support with `cryptsetup reencrypt
--decrypt`.
+ Preserve unknown metadata option (features implemented in more recent
cryptsetup releases) during reencryption.
* Salsa CI's deploy stage: Use a Bullseye image.
* Salsa CI's deploy stage: Use apt-get(8) not apt(8).
* Salsa CI's deploy stage: Replace `cp` with `install`.
* Salsa CI's reprotest job: Remove '--no-diffoscope' flag.
* Salsa CI's reprotest job: Update reason for running under 'nocheck' build
profile.
* d/README.source: Update text to reflect current practices.
* DEP-8: Run installed binaries and libraries through the full upstream test
suite (needs machine-level isolation).
* Retroactivately add NEWS.Debian for #949336.
* d/t/control: Add 'Depends: xxd' for 'Tests: cryptdisks' stanza.
* foreach_cryptdev(): Process each device *after* its slaves.
* do_stop(): Remove device holders beforehand. (Closes: #1006802)
* Fix space damage.
* d/u/metadata: Add FAQ URL.
* Refresh lintian overrides to accommodate lintian v2.115.
* d/control: New Build-Depends: asciidoctor (unless under 'nodoc' build
profile).
* d/cryptsetup.docs: Fix FAQ filename.
* Move usr/share/man/*/* glob to debian/*.manpages where it belongs.
* Update d/libcryptsetup12.symbols.
* Bump Standards-Version to 4.6.1 (no changes needed).
* Update d/copyright.
-- Benjamin Drung <email address hidden> Thu, 04 Aug 2022 12:30:02 +0200
-
cryptsetup (2:2.4.3-1ubuntu1) jammy; urgency=low
* Merge from Debian unstable (LP: #1959427). Remaining changes:
- debian/control:
+ Recommend plymouth.
+ Depend on busybox-initramfs instead of busybox | busybox-static.
+ Move cryptsetup-initramfs back to cryptsetup's Recommends.
+ Do not build cryptsetup-suspend binary package on i386.
- Fix cryptroot-unlock for busybox compatibility.
- Fix warning and error when running on ZFS on root: (LP: #1830110)
- d/functions: Return an empty devno for ZFS devices as they don't have
major:minor device numbers.
- d/initramfs/hooks/cryptroot: Ignore and don't print an error message
when devices don't have a devno.
- debian/patches/decrease_memlock_ulimit.patch
Fixed FTBFS due to a restricted build environment
- Stop building the udeb on request.
cryptsetup (2:2.4.3-1) unstable; urgency=high
[ Guilhem Moulin ]
* New upstream security release 2.4.3, with fix for CVE-2021-4122:
decryption through LUKS2 reencryption crash recovery. (Closes: #1003685,
#1003686)
* Remove cryptsetup-initramfs.preinst. (Closes: #1001063)
[ Christoph Anton Mitterer ]
* d/rules: don't expand here-document.
-- Steve Langasek <email address hidden> Fri, 28 Jan 2022 12:14:06 -0800
