Fedora 13 Update: cryptsetup-luks-1.1.3-1.fc13
updates at fedoraproject.org
updates at fedoraproject.org
Tue Jul 13 07:26:24 UTC 2010
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-8664
2010-05-17 17:45:41
--------------------------------------------------------------------------------
Name : cryptsetup-luks
Product : Fedora 13
Version : 1.1.3
Release : 1.fc13
URL : http://cryptsetup.googlecode.com/
Summary : A utility for setting up encrypted filesystems
Description :
This package contains cryptsetup, a utility for setting up
encrypted filesystems using Device Mapper and the dm-crypt target.
--------------------------------------------------------------------------------
Update Information:
For pam_mount: Notes: - see doc/bugs.txt for cryptsetup behavior that impacts
pam_mount users since version 2.0 Fixes: - umount.crypt: fix use of a wrong
field for smtab/cmtab staleness check - umount.crypt had erroneously mounted
instead of umounted - mount.crypt: fix memory scribble crash when crypto device
could not be initialized - mount.crypt: do not fail when unlocking key slot
other than #0 - fusermount is now called with supplementary groups initialized
- rdconf: do not warn about missing fskeyhash when no fskey specified - mount:
prefer sysv mount API over bsd - pmt-ehd: reword help text for -k option -
pmt-ehd: apply default value for -k option - pmt-ehd: fix fskey generation
which was pegged at 256 bits - pmt-ehd: avoid needless
overtruncation/sparsifying - pmt-ehd: zero LUKS header to avoid setup failure
of PLAIN volume Changes: - pmt-ehd: speed up writing random data - pmt-ehd:
reword help text for -k option - mount.crypt: ignore cmtab update errors -
mount.crypt: add support for keyfile passthru using -ofsk_cipher=none - doc:
document mount.crypt's -o hash option - mount.crypt: warn on ignored options
Fixes: - config: rdconf1 static data had unclosed %(if) tags - config: rdconf1
static data had extraneous %(OPTIONS) parameter Changes: - mount.crypt: make
use of libcryptsetup - cmtab is now stored below localstatedir (usually
/var/run) - use HXformat2. This invalidates old constructs like
%(before=\"-o\"...), which need to be replaced with the new syntax. (See
below.) In general, the old syntax was only used by commands Note to
updaters: As the old syntax %(after=...) %(before=...) %(ifempty=...)
%(ifnempty=...) %(lower=...) %(upper=...) only appeared in commands, and
commands are not part of the default config file anymore since v1.0~15^2~15,
there should be little worry. The configuration options in question are
<cifsmount>, <cryptmount>, <cryptumount>, <fd0ssh>, <fsck>, <fusemount>,
<fuseumount>, <lclmount>, <nfsmount>, <ncpmount>, <ncpumount>, <pmvarrun>,
<smbmount>, <smbumount> <umount> and should normally not be needed in
pam_mount.conf.xml. Changes: - cope better with cryptsetup's assumption that
keysize=256 - augment doc/bugs.txt about caveats with cryptsetup create
Fixes: - avoid a mlock(NULL) when there is no auth token Changes: - print
error code when mkmountpoint failed - print warning when cmtab is not creatable
Changes: - update for libHX 3.4 Fixes: - do decrease the login refcount on
logout when no volumes are defined Fixes: - avoid multi-free of auth token
when pam_mount is rerun in a PAM stack - avoid NULL dereference when there is
an empty line in mtab For cryptsetup: - Fix device alignment ioctl calls
parameters. - Fix activate_by_* API calls to handle NULL device name as
documented. - Fix luksFormat/luksOpen reading passphrase from stdin and "-"
keyfile. - Support --key-file/-d option for luksFormat. - Fix description of
--key-file and add --verbose and --debug options to man page. - Add verbose log
level and move unlocking message there. - Remove device even if underlying
device disappeared. - Fix (deprecated) reload device command to accept new
device argument. - Fix luksClose operation for stacked DM devices. - Fix
automatic dm-crypt module loading. - Escape hyphens in man page. - Try to use
pkgconfig for device mapper library. - Detect old dm-crypt module and disable
LUKS suspend/resume. - Fix apitest to work on older systems. - Allow no hash
specification in plain device constructor. - Fix luksOpen reading of passphrase
on stdin (if "-" keyfile specified). - Fix isLuks to initialise crypto backend
(blkid instead is suggested anyway). - Fix package config to use proper package
version. - Avoid class C++ keyword in library header. - Detect and use
devmapper udev support if available (disable by --disable-udev). - Prefer some
device paths in status display. - Support device topology detectionfor data
alignment. - Do not verify unlocking passphrase in luksAddKey command. -
Properly initialise crypto backend in header backup/restore commands. - Fix
udev support for old libdevmapper with not compatible definition.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 3 2010 Milan Broz <mbroz at redhat.com> - 1.1.3-1
- Update to cryptsetup 1.1.3
* Mon Jun 7 2010 Milan Broz <mbroz at redhat.com> - 1.1.2-2
- Fix alignment ioctl use.
- Fix API activation calls to handle NULL device name.
* Sun May 30 2010 Milan Broz <mbroz at redhat.com> - 1.1.2-1
- Update to cryptsetup 1.1.2
- Fix luksOpen handling of new line char on stdin.
* Sun May 23 2010 Milan Broz <mbroz at redhat.com> - 1.1.1-1
- Update to cryptsetup 1.1.1
- Fix luksClose for stacked LUKS/LVM devices.
* Mon May 3 2010 Milan Broz <mbroz at redhat.com> - 1.1.1-0.2
- Update to cryptsetup 1.1.1-rc2.
* Sat May 1 2010 Milan Broz <mbroz at redhat.com> - 1.1.1-0.1
- Update to cryptsetup 1.1.1-rc1.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #608400 - pam_mount-2.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=608400
[ 2 ] Bug #599609 - use mount -t crypt instead of mount.crypt for pam_mount crypt volumes for selinux support
https://bugzilla.redhat.com/show_bug.cgi?id=599609
[ 3 ] Bug #610885 - update cryptsetup-luks to 1.1.2 for pam_mount
https://bugzilla.redhat.com/show_bug.cgi?id=610885
[ 4 ] Bug #570315 - pmt-ehd has problems has problems creating large loopback containers
https://bugzilla.redhat.com/show_bug.cgi?id=570315
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update cryptsetup-luks' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list