Fedora 13 Update: cryptsetup-luks-1.1.3-1.fc13

updates at fedoraproject.org updates at fedoraproject.org
Tue Jul 13 07:26:24 UTC 2010

Fedora Update Notification
2010-05-17 17:45:41

Name        : cryptsetup-luks
Product     : Fedora 13
Version     : 1.1.3
Release     : 1.fc13
URL         : http://cryptsetup.googlecode.com/
Summary     : A utility for setting up encrypted filesystems
Description :
This package contains cryptsetup, a utility for setting up
encrypted filesystems using Device Mapper and the dm-crypt target.

Update Information:

For pam_mount:  Notes:  - see doc/bugs.txt for cryptsetup behavior that impacts
pam_mount users since version 2.0    Fixes:  - umount.crypt: fix use of a wrong
field for smtab/cmtab staleness check  - umount.crypt had erroneously mounted
instead of umounted  - mount.crypt: fix memory scribble crash when crypto device
could    not be initialized  - mount.crypt: do not fail when unlocking key slot
other than #0  - fusermount is now called with supplementary groups initialized
- rdconf: do not warn about missing fskeyhash when no fskey specified  - mount:
prefer sysv mount API over bsd  - pmt-ehd: reword help text for -k option  -
pmt-ehd: apply default value for -k option  - pmt-ehd: fix fskey generation
which was pegged at 256 bits  - pmt-ehd: avoid needless
overtruncation/sparsifying  - pmt-ehd: zero LUKS header to avoid setup failure
of PLAIN volume    Changes:  - pmt-ehd: speed up writing random data  - pmt-ehd:
reword help text for -k option  - mount.crypt: ignore cmtab update errors  -
mount.crypt: add support for keyfile passthru using -ofsk_cipher=none  - doc:
document mount.crypt's -o hash option  - mount.crypt: warn on ignored options
Fixes:  - config: rdconf1 static data had unclosed %(if) tags  - config: rdconf1
static data had extraneous %(OPTIONS) parameter    Changes:  - mount.crypt: make
use of libcryptsetup  - cmtab is now stored below localstatedir (usually
/var/run)  - use HXformat2. This invalidates old constructs like
%(before=\"-o\"...),    which need to be replaced with the new syntax. (See
below.)    In general, the old syntax was only used by commands Note to
updaters: As the  old syntax %(after=...) %(before=...) %(ifempty=...)
%(ifnempty=...)  %(lower=...) %(upper=...) only appeared in commands, and
commands are not part  of the default config file anymore since v1.0~15^2~15,
there should be little  worry. The configuration options in question are
<cifsmount>, <cryptmount>,  <cryptumount>, <fd0ssh>, <fsck>, <fusemount>,
<fuseumount>, <lclmount>,  <nfsmount>, <ncpmount>, <ncpumount>, <pmvarrun>,
<smbmount>, <smbumount>  <umount> and should normally not be needed in
pam_mount.conf.xml.    Changes:  - cope better with cryptsetup's assumption that
keysize=256  - augment doc/bugs.txt about caveats with cryptsetup create
Fixes:  - avoid a mlock(NULL) when there is no auth token  Changes:  - print
error code when mkmountpoint failed  - print warning when cmtab is not creatable
Changes:  - update for libHX 3.4  Fixes:  - do decrease the login refcount on
logout when no volumes are defined    Fixes:  - avoid multi-free of auth token
when pam_mount is rerun in a PAM stack  - avoid NULL dereference when there is
an empty line in mtab    For cryptsetup:  - Fix device alignment ioctl calls
parameters.  - Fix activate_by_* API calls to handle NULL device name as
documented.  - Fix luksFormat/luksOpen reading passphrase from stdin and "-"
keyfile.  - Support --key-file/-d option for luksFormat.  - Fix description of
--key-file and add --verbose and --debug options to man page.  - Add verbose log
level and move unlocking message there.  - Remove device even if underlying
device disappeared.  - Fix (deprecated) reload device command to accept new
device argument.  - Fix luksClose operation for stacked DM devices.  - Fix
automatic dm-crypt module loading.  - Escape hyphens in man page.  - Try to use
pkgconfig for device mapper library.  - Detect old dm-crypt module and disable
LUKS suspend/resume.  - Fix apitest to work on older systems.  - Allow no hash
specification in plain device constructor.  - Fix luksOpen reading of passphrase
on stdin (if "-" keyfile specified).  - Fix isLuks to initialise crypto backend
(blkid instead is suggested anyway).  - Fix package config to use proper package
version.  - Avoid class C++ keyword in library header.  - Detect and use
devmapper udev support if available (disable by --disable-udev).  - Prefer some
device paths in status display.  - Support device topology detectionfor data
alignment.  - Do not verify unlocking passphrase in luksAddKey command.  -
Properly initialise crypto backend in header backup/restore commands.  - Fix
udev support for old libdevmapper with not compatible definition.

* Sat Jul  3 2010 Milan Broz <mbroz at redhat.com> - 1.1.3-1
- Update to cryptsetup 1.1.3
* Mon Jun  7 2010 Milan Broz <mbroz at redhat.com> - 1.1.2-2
- Fix alignment ioctl use.
- Fix API activation calls to handle NULL device name.
* Sun May 30 2010 Milan Broz <mbroz at redhat.com> - 1.1.2-1
- Update to cryptsetup 1.1.2
- Fix luksOpen handling of new line char on stdin.
* Sun May 23 2010 Milan Broz <mbroz at redhat.com> - 1.1.1-1
- Update to cryptsetup 1.1.1
- Fix luksClose for stacked LUKS/LVM devices.
* Mon May  3 2010 Milan Broz <mbroz at redhat.com> - 1.1.1-0.2
- Update to cryptsetup 1.1.1-rc2.
* Sat May  1 2010 Milan Broz <mbroz at redhat.com> - 1.1.1-0.1
- Update to cryptsetup 1.1.1-rc1.

  [ 1 ] Bug #608400 - pam_mount-2.4 is available
  [ 2 ] Bug #599609 - use mount -t crypt instead of mount.crypt for pam_mount crypt volumes for selinux support
  [ 3 ] Bug #610885 - update cryptsetup-luks to 1.1.2 for pam_mount
  [ 4 ] Bug #570315 - pmt-ehd has problems has problems creating large loopback containers

This update can be installed with the "yum" update program.  Use 
su -c 'yum update cryptsetup-luks' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list