Prepare 1.6.0 release.

diff --git a/configure.ac b/configure.ac
index d07a04a..1286cf9 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 AC_PREREQ([2.67])
-AC_INIT([cryptsetup],[1.6.0-rc1])
+AC_INIT([cryptsetup],[1.6.0])
 
 dnl library version from <major>.<minor>.<release>[-<suffix>]
 LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)

diff --git a/docs/v1.6.0-ReleaseNotes b/docs/v1.6.0-ReleaseNotes
index 2ddd8b3..fe8770d 100644 (file)
--- a/docs/v1.6.0-ReleaseNotes
+++ b/docs/v1.6.0-ReleaseNotes
@@ -1,5 +1,31 @@
-Cryptsetup 1.6.0 Release Notes (RC1)
-====================================
+Cryptsetup 1.6.0 Release Notes
+==============================
+
+Changes since version 1.6.0-rc1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+ * Change LUKS default cipher to to use XTS encryption mode,
+   aes-xts-plain64 (i.e. using AES128-XTS).
+
+   XTS mode becomes standard in hard disk encryption.
+
+   You can still use any old mode:
+    - compile cryptsetup with old default:
+      configure --with-luks1-cipher=aes --with-luks1-mode=cbc-essiv:sha256 --with-luks1-keybits=256
+    - format LUKS device with old default:
+      cryptsetup luksFormat -c aes-cbc-essiv:sha256 -s 256 <device>
+
+
+ * Skip tests and fix error messages if running on old systems (or with old kernel).
+
+ * Rename configure.in to configure.ac and fix issues with new automake and pkgconfig
+   and --disable-kernel_crypto option to allow compilation with old kernel headers.
+
+ * Allow repair of 512 bits key header.
+
+ * Fix status of device if path argument is used and fix double path prefix
+   for non-existent device path.
+
 
 Changes since version 1.5.1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -48,14 +74,17 @@ Important changes
    without need to install 3rd party software. For native Linux installations LUKS
    is the preferred format.
 
-   WARNING: TCRYPT  extension  requires kernel userspace crypto API to be available
-   (kernel af_alg and algif_skcipher modules, introduced in Linux kernel 2.6.38).
+   WARNING: TCRYPT extension requires kernel userspace crypto API to be
+   available (introduced in Linux kernel 2.6.38).
+   If you are configuring kernel yourself, enable "User-space interface
+   for symmetric key cipher algorithms" in "Cryptographic API" section
+   (CRYPTO_USER_API_SKCIPHER .config option).
 
    Because  TCRYPT  header  is encrypted, you have to always provide valid
    passphrase and keyfiles. Keyfiles are handled exactly the same as in original
    format (basically, first 1MB of every keyfile is mixed using CRC32 into pool).
 
-   Cryptsetup should recognize all TCRYPT header variants ever released, except 
+   Cryptsetup should recognize all TCRYPT header variants ever released, except
    legacy  cipher chains  using LRW encryption mode with 64 bits encryption block
    (namely Blowfish in LRW mode is not recognized, this is limitation of kernel
    crypto API).
@@ -91,10 +120,10 @@ Important changes
 
      * Activation of this container
 
-     # cryptsetup tcryptOpen tst tcrypt_dev       
+     # cryptsetup tcryptOpen tst tcrypt_dev
        Enter passphrase: 
       (Chain of dmcrypt devices is activated as /dev/mapper/tcrypt_dev.)
-   
+
      * See status of active TCRYPT device
 
      # cryptsetup status tcrypt_dev
@@ -113,7 +142,7 @@ Important changes
     * And plaintext filesystem now ready to mount
 
     # blkid /dev/mapper/tcrypt_dev
-    /dev/mapper/tcrypt_dev: SEC_TYPE="msdos" UUID="9F33-2954" TYPE="vfat" 
+    /dev/mapper/tcrypt_dev: SEC_TYPE="msdos" UUID="9F33-2954" TYPE="vfat"
 
 
  * Add (optional) support for lipwquality for new LUKS passwords.
@@ -144,8 +173,11 @@ Important changes
 
    See man page for detailed description.
 
-   WARNING: benchmark requires kernel userspace crypto API to be available
-   (kernel af_alg and algif_skcipher modules, introduced in  Linux  kernel 2.6.38).
+   WARNING: benchmark command requires kernel userspace crypto API to be
+   available (introduced in Linux kernel 2.6.38).
+   If you are configuring kernel yourself, enable "User-space interface
+   for symmetric key cipher algorithms" in "Cryptographic API" section
+   (CRYPTO_USER_API_SKCIPHER .config option).
 
    EXAMPLE:
      # cryptsetup benchmark

diff --git a/man/cryptsetup.8 b/man/cryptsetup.8
index 854e5c6..df3cadc 100644 (file)
--- a/man/cryptsetup.8
+++ b/man/cryptsetup.8
@@ -392,8 +392,11 @@ using a native Linux kernel API.
 Header formatting and TCRYPT header change is not supported, cryptsetup
 never changes TCRYPT header on-device.
 
-TCRYPT extension requires kernel userspace crypto API to be available
-(kernel af_alg and algif_skcipher modules, introduced in Linux kernel 2.6.38).
+TCRYPT extension requires kernel userspace
+crypto API to be available (introduced in Linux kernel 2.6.38).
+If you are configuring kernel yourself, enable
+"User-space interface for symmetric key cipher algorithms" in
+"Cryptographic API" section (CRYPTO_USER_API_SKCIPHER .config option).
 
 Because TCRYPT header is encrypted, you have to always provide valid
 passphrase and keyfiles.
@@ -478,8 +481,10 @@ and \fB\-\-key-size\fR options or \fB\-\-hash\fR for KDF test.
 You cannot directly predict real storage encryption speed from it.
 
 For testing block ciphers, this benchmark requires kernel userspace
-crypto API to be available (kernel af_alg and algif_skcipher modules,
-introduced in Linux kernel 2.6.38).
+crypto API to be available (introduced in Linux kernel 2.6.38).
+If you are configuring kernel yourself, enable
+"User-space interface for symmetric key cipher algorithms" in
+"Cryptographic API" section (CRYPTO_USER_API_SKCIPHER .config option).
 
 \fB<options>\fR can be [\-\-cipher, \-\-key-size, \-\-hash].
 .SH OPTIONS