1. 15 Jun, 2020 4 commits
    • Sophie Brun's avatar
      Sync with Debian · 55f0d851
      Sophie Brun authored
    • Sophie Brun's avatar
      Merge branch 'debian' into kali/master · b1774151
      Sophie Brun authored
    • Guilhem Moulin's avatar
      Import Debian changes 2:2.3.3-1 · 37a4cd24
      Guilhem Moulin authored
      cryptsetup (2:2.3.3-1) unstable; urgency=medium
        [ Guilhem Moulin ]
        * New upstream bugfix release.
        * d/scripts/decrypt_derived: Remove useless call to `| tr -d '\n'`.
        * d/control: Bump debhelper compatibility level to 13.  Remove
          debian/tmp/lib/$DEB_HOST_MULTIARCH/libcryptsetup.la as we don't install it
        [ Rob Pilling ]
        * d/scripts/decrypt_derived:
          + move an error message to standard error so it's not accidentally used as
            a key
          + exit with a success code when successful
    • Sophie Brun's avatar
      Import Upstream version 2.3.3 · b8d2e8ff
      Sophie Brun authored
  2. 15 May, 2020 4 commits
  3. 21 Apr, 2020 4 commits
  4. 20 Mar, 2020 4 commits
    • Sophie Brun's avatar
      Update debian/changelog · 10b78572
      Sophie Brun authored
    • Sophie Brun's avatar
      Merge branch 'debian' into kali/master · 59b3b69b
      Sophie Brun authored
    • Guilhem Moulin's avatar
      Import Debian changes 2:2.3.0-1 · 0f5e4643
      Guilhem Moulin authored
      cryptsetup (2:2.3.0-1) unstable; urgency=low
        * New upstream release, introducing support for BitLocker-compatible
          devices (BITLK format) used in Windows systems.
          WARNING: crypttab(5) support for these devices is currently *experimental*
          and requires blkid from util-linux >=2.33 (i.e., Buster or later).  These
          devices currently have no keyword to use in the 4th field (unlike 'luks'
          or 'plain'), the device type is inferred from the signature instead.
        * crypttab(5): Make the 4th field (options) optional so we don't have to
          introduce a new keyword for each new device type.  (That field is also
          optional in the systemd implementation.)  Other fields (dm target name,
          source device, and key file) remain required.
        * Install cryptdisks_{start,stop} bash completion scripts to the right
          path/name so they are loaded automatically. This was no longer the case
          since 2:1.7.0-1.  (Closes: #949623)
        * d/*.install: Replace tabs with spaces.
        * d/cryptdisks-functions: Fix broken $FORCE_START handling.  Since
          2:2.0.3-2 the SysV init scripts' "force-start" option was no longer
          overriding noauto/noearly.  (Closes: #933142)
        * Move some functions to d/function from the initramfs hook.
        * SysV init scripts: skip devices holding the root FS and/or /usr during the
          shutdown phase; these file systems are still mounted at this point so any
          attempt to gracefully close the underlying device(s) is bound to fail.
          (Closes: #916649, #918008)
        * Bump Standards-Version to 4.5.0 (no changes necessary).
    • Sophie Brun's avatar
      Import Upstream version 2.3.0 · bb615322
      Sophie Brun authored
  5. 10 Feb, 2020 3 commits
    • Sophie Brun's avatar
      Sync with Debian · a3629068
      Sophie Brun authored
    • Sophie Brun's avatar
      Merge branch 'debian' into kali/master · 6f5f4837
      Sophie Brun authored
    • Guilhem Moulin's avatar
      Import Debian changes 2:2.2.2-3 · ce64546a
      Guilhem Moulin authored
      cryptsetup (2:2.2.2-3) unstable; urgency=high
        * initramfs hook: Workaround fix for the libgcc_s's source location.
          (Closes: #950628, #939766.)  See #950254 for the proper fix.
      cryptsetup (2:2.2.2-2) unstable; urgency=medium
        [ Guilhem Moulin ]
        * d/initramfs/hooks/cryptroot: On initramfs images built with MODULES=dep,
          include the IV generator found in the cipher specification when there is a
          matching kernel module.  On 5.4 kernels ESSIV isn't implemented in
          dm_crypt anymore, but by a dedicated 'essiv' module which thus needs to be
          available in order to unlock dm-crypt target using 'aes-cbc-essiv:sha256'.
          Closes: #948593.
        [ Debian Janitor ]
        * Set debhelper-compat version in Build-Depends.
        * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
  6. 04 Nov, 2019 4 commits
  7. 06 Sep, 2019 5 commits
  8. 23 Aug, 2019 4 commits
    • Sophie Brun's avatar
      Sync with Debian · bff31b1f
      Sophie Brun authored
    • Sophie Brun's avatar
      Merge branch 'debian' into kali/master · 7411e10c
      Sophie Brun authored
    • Sophie Brun's avatar
      Import Upstream version 2.2.0 · 500cbdac
      Sophie Brun authored
    • Guilhem Moulin's avatar
      Import Debian changes 2:2.2.0-2 · b84b906e
      Guilhem Moulin authored
      cryptsetup (2:2.2.0-2) unstable; urgency=medium
        * debian/control: Add 'Multi-Arch: foreign' tag to the transitional dummy
          package 'crytsetup-run'.
        * debian/control, debian/combat: Bump debhelper compatibility level to 12.
        * debian/rules: Remove dh_makeshlibs(1) override; debhelper 12.3's auto
          detection feature subsumes our use of --add-udeb=.  This fixes FTBFS with
          debhelper 12.5.
      cryptsetup (2:2.2.0-1) unstable; urgency=medium
        * New upstream release 2.2.0.  Highlights include:
          + New LUKS2 online reencryption extension, allowing reencryption of
            mounted LUKS2 devices.
          + Optional global serialization lock for memory hard PBKDF, to workaround
            situations when multiple devices are unlocked in parallel, possibly
            exhausting memory and triggering the OOM killer.  (Cf. #924560.)
          + Add integritysetup support for bitmap mode (Linux >=5.2).
          + Reduce keyslots area size in luksFormat when the header device is too
        * Remove d/patches, applied upstream.
      cryptsetup (2:2.1.0-8) unstable; urgency=medium
        * encrypted-boot.md:
          + Clarify partition layout.
          + encrypted-boot.md: New section 'Using a custom keyboard layout'.
        * d/gbp.conf: New section [export-orig] mirroring [buildpackage].
        * d/gitlab-ci.yml: Add 'publish' stage and make yamllint(1) happy.
        * d/patches: Backport upstream commit c03e3fe8 so libcryptsetup's
          crypt_keyslot_add_by_volume_key() also works a on LUKS2 header where all
          bound key slots were deleted, like it does for LUKS1. (Closes: #934715)
      cryptsetup (2:2.1.0-7) unstable; urgency=low
        * debian/cryptsetup.NEWS: Mention the 'cryptsetup' and 'cryptsetup-run'
          package swap.
        * debian/control: Add 'cryptsetup-initramfs' to 'cryptsetup's Recommends:,
          so upgrading systems pull it automatically on upgrade.  (cryptsetup
          <2:2.1.0-6 was a dummy transitional package depending on cryptsetup-run
          and cryptsetup-initramfs.)  Closes: #932643.
        * debian/control: Add 'cryptsetup-run' to 'cryptsetup's Recommends.  This
          avoids it being removed by `apt upgrade --autoremove` from <2:2.1.0-6,
          thus avoids the old cryptsetup-run's prerm script showing a scary (but
          moot) warning.  After upgrading the prerm script is gone and the package
          can be removed without troubles, so we can get rid of it after Bullseye.
          (Closes: #932625.)
        * cryptsetup-initramfs: Add loud warning upon "prerm remove" if there are
          mapped crypt devices (like for cryptsetup.prerm).
        * Thanks to David Prévot for helping with the upgrade path!
      cryptsetup (2:2.1.0-6) unstable; urgency=low
        * debian/control:
          + Add 'Multi-Arch: foreign' tags to 'cryptsetup-bin' and 'crytsetup-run',
            as binaries from these packages are architecture independent.
            (Closes: #930115)
          + Add 'Build-Depends: jq, xxd' as the jq(1) and xxd(1) executables are
            required for some upstream tests (skipped if the executables are not
            found in $PATH).
          + Swap 'cryptsetup' and 'cryptsetup-run' packages: the former now contains
            init scripts, libraries, keyscripts, etc. while the latter is now a
            transitional dummy package.
          + Remove obsolete cryptsetup.maintscript.
          + Bump Standards-Version to 4.4.0 (no changes necessary).
        * debian/*:
          + Fix path names for /usr/share/doc/cryptsetup*/**. (Closes: #904916).
          + Remove compatibility warnings regarding setting 'CRYPTSETUP' in
            the initramfs hook configuration.  The variable is no longer honored,
            and cryptsetup is always integrated to the initramfs when the
            'cryptsetup-initramfs' package is installed.
        * debian/doc/pandoc/encrypted-boot.md: Minor refactoring.
        * debian/gitlab-ci.yml: Adapt pandoc flags to Debian 9 (pass '-S').
        * debian/initramfs/conf-hook: Clarify that KEYFILE_PATTERN isn't expanded
          for crypttab(5) entries with a 'keyscript=' option. (Closes: #930696)
        * debian/doc/crypttab.xml: Point to README.initramfs in the "See Also"
          section. (Closes: #913233)
  9. 19 Jul, 2019 1 commit
  10. 15 Jul, 2019 1 commit
  11. 25 Jun, 2019 6 commits
    • Raphaël Hertzog's avatar
      Make luksAddNuke more lenient towards its arguments · 268c9632
      Raphaël Hertzog authored
      There's no point complaining about a missing argument or a failure to
      lock memory when we are going to just print a string and exit.
    • Raphaël Hertzog's avatar
    • Raphaël Hertzog's avatar
      Update nuke patch to print a deprecation notice · 30625c77
      Raphaël Hertzog authored
      The feature moved to a separate package: cryptsetup-nuke-password.
    • Raphaël Hertzog's avatar
      Add changelog entry · 8107e709
      Raphaël Hertzog authored
    • Raphaël Hertzog's avatar
      Merge branch 'debian' into kali/master · 791d3992
      Raphaël Hertzog authored
    • Guilhem Moulin's avatar
      Import Debian changes 2:2.1.0-5 · dba36458
      Guilhem Moulin authored
      cryptsetup (2:2.1.0-5) unstable; urgency=medium
        [ Jonas Meurer ]
        * debian/README.*: Fix markdown formatting issues
        * Copy https://wiki.debian.org/CryptsetupDebug to debian/README.debug
        [ Guilhem Moulin ]
        * d/README.Debian: New section "Unlocking LUKS devices from GRUB" pointing
          to https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html .
      cryptsetup (2:2.1.0-4) unstable; urgency=medium
        [Guilhem Moulin]
        * d/initramfs/hooks/cryptroot: Always add userspace crypto module
          ('algif_skcipher' kernel module) to the initramfs.  This module is
          required for required for opening LUKS2 devices, and since 2:2.0.2-2 it's
          added to large initramfs (i.e., when the MODULES variable isn't set to
          "dep").  It's now added regardless of the value of $MODULES, as 1/ LUKS2
          is the default LUKS header format version; and 2/ we can't check at
          initramfs creation time whether there are LUKS2 devices to be opened at
          early boot stage (detached headers might not be present then).
          Closes: #929616.
        [Jonathan Dowland]
        * Update package descriptions to reflect the move of luksformat from
          cryptsetup-bin to cryptsetup-run. Closes: #928751.
      cryptsetup (2:2.1.0-3) unstable; urgency=medium
        * d/scripts/decrypt_opensc: Fix standard output poisoning.  Thanks to Nils
          Mueller for the report and patch.  (Closes: #926573.)
        * d/initramfs/hooks/cryptopensc: Ensure that libpcsclite.so is copied to the
          initramfs on non-usrmerge systems.  (Closes: #928263.)
      cryptsetup (2:2.1.0-2) unstable; urgency=medium
        * debian/copyright:
          + Update copyright years.
          + Add OpenSSL linking exception, in accordance with upstream's "COPYING"
            and "COPYING.LGPL" files.  Since 2:2.1.0-1 the cryptsetup binaries and
            library are linked against libssl, which is the new upstream default
            backend for LUKS header processing.
        * debian/askpass.c: in the console backend, clear stdin's end-of-file
          indicator before calling getline() again.  Thanks to Ken Milmore for the
          detailed report and patch.  (Closes: #921906.)