From: Milan Broz Date: Sat, 5 Mar 2011 20:33:25 +0000 (+0000) Subject: Add ReleaseNotes texts into distribution. X-Git-Tag: upstream/1.6~519 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=3e6935b7abe5103e6e3998b36b6a67eb0b6b4bdf;p=platform%2Fupstream%2Fcryptsetup.git Add ReleaseNotes texts into distribution. git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@433 36d66b0a-2a48-0410-832c-cd162a569da5 --- diff --git a/Makefile.am b/Makefile.am index 887dd74..bc8300b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,4 +1,4 @@ -EXTRA_DIST = FAQ +EXTRA_DIST = FAQ docs SUBDIRS = \ lib \ src \ diff --git a/docs/v1.0.7-ReleaseNotes b/docs/v1.0.7-ReleaseNotes new file mode 100644 index 0000000..9288c60 --- /dev/null +++ b/docs/v1.0.7-ReleaseNotes @@ -0,0 +1,92 @@ +cryptsetup 1.0.7 Release Notes (2009-07-22) +=========================================== + +Changes since 1.0.7-rc1 +------------------------ +[committer name] + + * Allow removal of last slot in luksRemoveKey +and luksKillSlot. [Milan Broz] + + * Add --disable-selinux option and fix static build if selinux +is required. [Milan Broz] + + * Reject unsupported --offset and --skip options for luksFormat +and update man page. [Milan Broz] + + +Changes since 1.0.6 +-------------------- +[committer name] + +* Various man page fixes. Also merged some Debian/Ubuntu man page +fixes. (thanks to Martin Pitt) [Milan Broz] + +* Set UUID in device-mapper for LUKS devices. [Milan Broz] + +* Retain readahead of underlying device. [Milan Broz] + +* Display device name when asking for password. (thanks to Till +Maas) [Milan Broz] + +* Check device size when loading LUKS header. Remove misleading +error message later. [Milan Broz] + +* Add error hint if dm-crypt mapping failed. (Key size and kernel +version check for XTS and LRW mode for now.) [Milan Broz] + +* Use better error messages if device doesn't exist or is already +used by other mapping. [Milan Broz] + +* Fix make distcheck. (thanks to Mike Kelly) [Milan Broz] + +* Check if all slots are full during luksAddKey. [Clemens Fruhwirth] + +* Fix segfault in set_error (thanks to Oliver Metz). [Clemens Fruhwirth] + +* Remove precompiled pot files. Fix uninitialized return value +variable in setup.c. [Clemens Fruhwirth] + +* Code cleanups. (thanks to Ivan Stankovic) [Clemens Fruhwirth] + +* Remove unnecessary files from po directory. They will be +regenerated by autogen.sh. [Clemens Fruhwirth] + +* Fix wrong output for remaining key at key deletion. Allow deletion +of key slot while other keys have the same key information. [Clemens +Fruhwirth] + +* Add missing AM_PROG_CC_C_O to configure.in [Milan Broz] + +* Remove duplicate sentence in man page (thanks to Till Maas). +[Milan Broz] + +* Wipe start of device (possible fs signature) before +LUKS-formatting. [Milan Broz] + +* Do not process configure.in in hidden directories. [Milan Broz] + +* Return more descriptive error in case of IO or header format +error. [Milan Broz] + +* Use remapping to error target instead of calling udevsettle +for temporary crypt device. [Milan Broz] + +* Check device mapper communication and warn user in case the +communication fails. (thanks to Milan Broz) [Clemens Fruhwirth] + +* Fix signal handler to proper close device. (thanks to Milan Broz) +[Clemens Fruhwirth] + +* write_lseek_blockwise: declare innerCount outside the if block, +add -Wall to the default CFLAGS, * fix some signedness issues +(thanks to Ivan Stankovic) [Clemens Fruhwirth] + +* Error handling improvement. (thanks to Erik Edin) [Clemens Fruhwirth] + +* Add non-exclusive override to interface definition. [Clemens +Fruhwirth] + +* Refactor key slot selection into keyslot_from_option. Either +autoselect next free keyslot or honor user choice (after checking). +[Clemens Fruhwirth] diff --git a/docs/v1.1.0-ReleaseNotes b/docs/v1.1.0-ReleaseNotes new file mode 100644 index 0000000..7ee6dea --- /dev/null +++ b/docs/v1.1.0-ReleaseNotes @@ -0,0 +1,110 @@ +Cryptsetup 1.1.0 Release Notes +============================== + +Changes since version 1.0.7 +---------------------------- + +Important changes: +~~~~~~~~~~~~~~~~~~ + + * IMPORTANT: the default compiled-in cipher parameters changed + plain mode: aes-cbc-essiv:sha256 (default is backward incompatible!). + LUKS mode: aes-cbc-essiv:sha256 (only key size increased) + In both modes is now default key size 256bits. + + * Default compiled-in parameters are now configurable through configure options: + --with-plain-* / --with-luks1-* (see configure --help) + + * If you need backward compatible defaults for distribution use + configure --with-plain-mode=cbc-plain --with-luks1-keybits=128 + + Default compiled-in modes are printed in "cryptsetup --help" output. + + * Change in iterations count (LUKS): + The slot and key digest iteration minimum count is now 1000. + The key digest iteration count is calculated from iteration time (approx 1/8 of req. time). + For more info about above items see discussion here: http://tinyurl.com/yaug97y + + * New libcryptsetup API (documented in libcryptsetup.h). + + The old API (using crypt_options struct) is still available but will remain + frozen and not used for new functions. + Soname of library changed to libcryptsetup.so.1.0.0. + (But only recompilation should be needed for old programs.) + + The new API provides much more flexible operation over LUKS device for + applications, it is preferred that new applications will use libcryptsetup + and not wrapper around cryptsetup binary. + + * New luksHeaderBackup and luksHeaderRestore commands. + + These commands allows binary backup of LUKS header. + Please read man page about possible security issues with backup files. + + * New luksSuspend (freeze device and wipe key) and luksResume (with provided passphrase). + + luksSuspend wipe encryption key in kernel memory and set device to suspend + (blocking all IO) state. This option can be used for situations when you need + temporary wipe encryption key (like suspend to RAM etc.) + Please read man page for more information. + + * New --master-key-file option for luksFormat and luksAddKey. + + User can now specify pre-generated master key in file, which allows regenerating + LUKS header or add key with only master key knowledge. + + * Uses libgcrypt and enables all gcrypt hash algorithms for LUKS through -h luksFormat option. + + Please note that using different hash for LUKS header make device incompatible with + old cryptsetup releases. + + * Introduces --debug parameter. + + Use when reporting bugs (just run cryptsetup with --debug and attach output + to issue report.) Sensitive data are never printed to this log. + + * Moves command successful messages to verbose level. + + * Requires device-mapper library and libgcrypt to build. + + * Uses dm-uuid for all crypt devices, contains device type and name now. + + * Removes support for dangerous non-exclusive option + (it is ignored now, LUKS device must be always opened exclusive) + +Other changes: +~~~~~~~~~~~~~~ + * Fixed localization to work again. Also cryptsetup is now translated by translationproject.org. + * Fix some libcryptsetup problems, including + * exported symbols and versions in libcryptsetup (properly use versioned symbols) + * Add crypt_log library function. + * Add CRYPT_ prefix to enum defined in libcryptsetup.h. + * Move duplicate Command failed message to verbose level (error is printed always). + * Fix several problems in build system + * use autopoint and clean gettext processing. + * Check in configure if selinux libraries are required in static version. + * Fix build for non-standard location of gcrypt library. + * Add temporary debug code to find processes locking internal device. + * Fix error handling during reading passphrase. + * Fail passphrase read if piped input no longer exists. + * Fix man page to not require --size which expands to device size by default. + * Clean up Makefiles and configure script. + * Try to read first sector from device to properly check that device is ready. + * Move memory locking and dm initialization to command layer. + * Increase priority of process if memory is locked. + * Add log macros and make logging more consistent. + * Keyfile now must be provided by path, only stdin file descriptor is used (api only). + * Do not call isatty() on closed keyfile descriptor. + * Move key slot manipulation function into LUKS specific code. + * Replace global options struct with separate parameters in helper functions. + * Implement old API calls using new functions. + * Allow using passphrase provided in options struct for LuksOpen. + * Allow restrict keys size in LuksOpen. + * Fix errors when compiled with LUKS_DEBUG. + * Print error when getline fails. + * Completely remove internal SHA1 implementation code, not needed anymore. + * Pad luks header to 512 sector size. + * Rework read/write blockwise to not split operation to many pieces. + * Use posix_memalign if available. + * Fix segfault if provided slot in luksKillslot is invalid. + * Remove unneeded timeout when remove of temporary device succeeded. diff --git a/docs/v1.1.1-ReleaseNotes b/docs/v1.1.1-ReleaseNotes new file mode 100644 index 0000000..e85107c --- /dev/null +++ b/docs/v1.1.1-ReleaseNotes @@ -0,0 +1,47 @@ +Cryptsetup 1.1.1 Release Notes +============================== + +Changes since version 1.1.1-rc2 +* Fix luksClose error if underlying device is LVM logical volume. + +Changes since version 1.1.1-rc1 +* Fix automatic dm-crypt module loading. + +Changes since version 1.1.0 + +Important changes: +~~~~~~~~~~~~~~~~~~ + +* Detects and use device-mapper udev support if available. + + This should allow synchronisation with udev rules and avoid races with udev. + + If package maintainer want to use old, direct libdevmapper device node creation, + use configure option --disable-udev. + +* Supports device topology detection for data alignment. + + If kernel provides device topology ioctl calls, the LUKS data area + alignment is automatically set to optimal value. + + This means that stacked devices (like LUKS over MD/LVM) + should use the most optimal data alignment. + + (You can still overwrite this calculation using --align-payload option.) + +* Prefers some device paths in status display. + (So status command will try to find top level device name, like /dev/sdb.) + +* Fix package config file to use proper package version. + +Other changes: +~~~~~~~~~~~~~~ +* Fix luksOpen reading of passphrase on stdin (if "-" keyfile specified). +* Fix isLuks to initialise crypto backend (blkid instead is suggested anyway). +* Properly initialise crypto backend in header backup/restore commands. +* Do not verify unlocking passphrase in luksAddKey command. +* Allow no hash specification in plain device constructor - user can provide volume key directly. +* Try to use pkgconfig for device mapper library in configuration script. +* Add some compatibility checks and disable LUKS suspend/resume if not supported. +* Rearrange tests, "make check" now run all available test for package. +* Avoid class C++ keyword in library header. diff --git a/docs/v1.1.2-ReleaseNotes b/docs/v1.1.2-ReleaseNotes new file mode 100644 index 0000000..9931f05 --- /dev/null +++ b/docs/v1.1.2-ReleaseNotes @@ -0,0 +1,33 @@ +== Cryptsetup 1.1.2 Release Notes == + +This release fixes a regression (introduced in 1.1.1 version) in handling +key files containing new line characters (affects only files read from +standard input). + +Cryptsetup can accept passphrase on stdin (standard input). + +Handling of new line (\n) character is defined by input specification: + + * if keyfile is specified as "-" (using --key-file=- of by "-" positional argument + in luksFormat and luksAddKey, like cat file | cryptsetup --key-file=- ), + input is processed as normal binary file and no new line is interpreted. + + * if there is no key file specification (with default input from stdin pipe + like echo passphrase | cryptsetup ) input is processed as input from terminal, + reading will stop after new line is detected. + +Moreover, luksFormat now understands --key-file (in addition to positional key +file argument). + +N.B. Using of standard input and pipes for passphrases should be avoided if possible, +cryptsetup have no control of used pipe buffers between commands in scripts and cannot +guarantee that all passphrase/key-file buffers are properly wiped after use. + +=== changes since version 1.1.1 === + + * Fix luksFormat/luksOpen reading passphrase from stdin and "-" keyfile. + * Support --key-file/-d option for luksFormat. + * Fix description of --key-file and add --verbose and --debug options to man page. + * Add verbose log level and move unlocking message there. + * Remove device even if underlying device disappeared (remove, luksClose). + * Fix (deprecated) reload device command to accept new device argument. diff --git a/docs/v1.1.3-ReleaseNotes b/docs/v1.1.3-ReleaseNotes new file mode 100644 index 0000000..94ee73e --- /dev/null +++ b/docs/v1.1.3-ReleaseNotes @@ -0,0 +1,13 @@ +== Cryptsetup 1.1.3 Release Notes == + +=== changes since version 1.1.2 === + +* Fix device alignment ioctl calls parameters. + (Device alignment code was not working properly on some architectures like ppc64.) + +* Fix activate_by_* API calls to handle NULL device name as documented. + (To enable check of passphrase/keyfile using libcryptsetup without activating the device.) + +* Fix udev support for old libdevmapper with not compatible definition. + +* Added Polish translation file. diff --git a/docs/v1.2.0-ReleaseNotes b/docs/v1.2.0-ReleaseNotes new file mode 100644 index 0000000..f3061d9 --- /dev/null +++ b/docs/v1.2.0-ReleaseNotes @@ -0,0 +1,126 @@ +Cryptsetup 1.2.0 Release Notes +============================== + +Changes since version 1.2.0-rc1 + + * Fix crypt_activate_by_keyfile() to work with PLAIN devices. + * Fix plain create command to properly handle keyfile size. + * Update translations. + +Changes since version 1.1.3 + +Important changes +~~~~~~~~~~~~~~~~~ + + * Add text version of *FAQ* (Frequently Asked Questions) to distribution. + + * Add selection of random/urandom number generator for luksFormat + (option --use-random and --use-urandom). + + (This affects only long term volume key in *luksFormat*, + not RNG used for salt and AF splitter). + + You can also set the default to /dev/random during compilation with + --enable-dev-random. Compiled-in default is printed in --help output. + + Be very careful before changing default to blocking /dev/random use here. + + * Fix *luksRemoveKey* to not ask for remaining keyslot passphrase, + only for removed one. + + * No longer support *luksDelKey* (replaced with luksKillSlot). + * if you want to remove particular passphrase, use *luksKeyRemove* + * if you want to remove particular keyslot, use *luksKillSlot* + + Note that in batch mode *luksKillSlot* allows removing of any keyslot + without question, in normal mode requires passphrase or keyfile from + other keyslot. + + * *Default alignment* for device (if not overridden by topology info) + is now (multiple of) *1MiB*. + This reflects trends in storage technologies and aligns to the same + defaults for partitions and volume management. + + * Allow explicit UUID setting in *luksFormat* and allow change it later + in *luksUUID* (--uuid parameter). + + * All commands using key file now allows limited read from keyfile using + --keyfile-size and --new-keyfile-size parameters (in bytes). + + This change also disallows overloading of --key-size parameter which + is now exclusively used for key size specification (in bits.) + + * *luksFormat* using pre-generated master key now properly allows + using key file (only passphrase was allowed prior to this update). + + * Add --dump-master-key option for *luksDump* to perform volume (master) + key dump. Note that printed information allows accessing device without + passphrase so it must be stored encrypted. + + This operation is useful for simple Key Escrow function (volume key and + encryption parameters printed on paper on safe place). + + This operation requires passphrase or key file. + + * The reload command is no longer supported. + (Use dmsetup reload instead if needed. There is no real use for this + function except explicit data corruption:-) + + * Cryptsetup now properly checks if underlying device is in use and + disallows *luksFormat*, *luksOpen* and *create* commands on open + (e.g. already mapped or mounted) device. + + * Option --non-exclusive (already deprecated) is removed. + +Libcryptsetup API additions: + + * new functions + * crypt_get_type() - explicit query to crypt device context type + * crypt_resize() - new resize command using context + * crypt_keyslot_max() - helper to get number of supported keyslots + * crypt_get_active_device() - get active device info + * crypt_set/get_rng_type() - random/urandom RNG setting + * crypt_set_uuid() - explicit UUID change of existing device + * crypt_get_device_name() - get underlying device name + + * Fix optional password callback handling. + + * Allow to activate by internally cached volume key immediately after + crypt_format() without active slot (for temporary devices with + on-disk metadata) + + * libcryptsetup is binary compatible with 1.1.x release and still + supports legacy API calls + + * cryptsetup binary now uses only new API calls. + + * Static compilation of both library (--enable-static) and cryptsetup + binary (--enable-static-cryptsetup) is now properly implemented by common + libtool logic. + + Prior to this it produced miscompiled dynamic cryptsetup binary with + statically linked libcryptsetup. + + The static binary is compiled as src/cryptsetup.static in parallel + with dynamic build if requested. + +Other changes +~~~~~~~~~~~~~ + * Fix default plain password entry from terminal in activate_by_passphrase. + * Initialize volume key from active device in crypt_init_by_name() + * Fix cryptsetup binary exit codes. + 0 - success, otherwise fail + 1 - wrong parameters + 2 - no permission + 3 - out of memory + 4 - wrong device specified + 5 - device already exists or device is busy + * Remove some obsolete info from man page. + * Add more regression tests for commands. + * Fix possible double free when handling master key file. + * Fix pkg-config use in automake scripts. + * Wipe iteration and salt after luksKillSlot in LUKS header. + * Rewrite file differ test to C (and fix it to really work). + * Do not query non-existent device twice (cryptsetup status /dev/nonexistent). + * Check if requested hash is supported before writing LUKS header. + * Fix problems reported by clang scan-build.