1 Cryptsetup 2.3.1 Release Notes
2 ==============================
3 Stable bug-fix release.
5 All users of cryptsetup 2.x should upgrade to this version.
7 Changes since version 2.3.0
8 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
10 * Support VeraCrypt 128 bytes passwords.
11 VeraCrypt now allows passwords of maximal length 128 bytes
12 (compared to legacy TrueCrypt where it was limited by 64 bytes).
14 * Strip extra newline from BitLocker recovery keys
15 There might be a trailing newline added by the text editor when
16 the recovery passphrase was passed using the --key-file option.
18 * Detect separate libiconv library.
19 It should fix compilation issues on distributions with iconv
20 implemented in a separate library.
22 * Various fixes and workarounds to build on old Linux distributions.
24 * Split lines with hexadecimal digest printing for large key-sizes.
26 * Do not wipe the device with no integrity profile.
27 With --integrity none we performed useless full device wipe.
29 * Workaround for dm-integrity kernel table bug.
30 Some kernels show an invalid dm-integrity mapping table
31 if superblock contains the "recalculate" bit. This causes
32 integritysetup to not recognize the dm-integrity device.
33 Integritysetup now specifies kernel options such a way that
34 even on unpatched kernels mapping table is correct.
36 * Print error message if LUKS1 keyslot cannot be processed.
37 If the crypto backend is missing support for hash algorithms
38 used in PBKDF2, the error message was not visible.
40 * Properly align LUKS2 keyslots area on conversion.
41 If the LUKS1 payload offset (data offset) is not aligned
42 to 4 KiB boundary, new LUKS2 keyslots area in now aligned properly.
44 * Validate LUKS2 earlier on conversion to not corrupt the device
45 if binary keyslots areas metadata are not correct.