Debian
cryptsetup package

cryptsetup 2:1.7.2-1 source package in Debian

Changelog

cryptsetup (2:1.7.2-1) unstable; urgency=medium

  [ Jonas Meurer ]
  * new upstream release 1.7.2. Highlights include:
    - code now uses kernel crypto API backend according to new changes
      introduced in mainline kernel. (in 1.7.1)
    - cryptsetup now allows special "-" (standard input) keyfile handling
      even for TCRYPT (TrueCrypt and VeraCrypt compatible) devices. (in 1.7.1)
    - Support activation options for error handling modes in Linux kernel
      dm-verity module. (in 1.7.2)
  * debian/cryptdisks.functions: use '--key-file=-' again with the tcrypt
    extension, now that upstream issue #269 is fixed.
  * migrate the packaging repository from SVN to Git:
    - debian/control: Update Vcs-* fields to point to the new git repository.
    - debian/README.source: document new repository structure and release
      handling.
  * debian/README.Debian, debian/NEWS: minor typo fixes.
  * debian/rules: run pod2man --release="$(DEB_VERSION). (Closes: #839352)

  [ Guilhem Moulin ]
  * debian/control: add self to uploaders.
  * debian/cryptdisks.functions: when iterating through the crypttab, don't
    abort after the first disk that fails to be closed.  Regression introduced
    2:1.7.0-1 when the filed is sourced under 'set -e'.
  * debian/cryptdisks.functions: stop using `seq` since cryptsetup doesn't
    depend on busybox.  Instead, try again after 1, 2, 4, 8 and 16s when an
    encrypted disk cannot be closed. (Closes: #811456)
  * debian/cryptsetup.maintscript: add a "rm_conffile" directive to remove
    conffile /etc/bash_completion.d/cryptdisks, obsolete since 2:1.7.0-1.
    (Closes: #810227)
  * debian/README.initramfs: fix typo s/initramfs-update/update-initramfs/.
    Thanks, Stuart Prescott. (Closes: #827263)
  * debian/rules: Add 'hardening=+pie' to DEB_BUILD_MAINT_OPTIONS to compile
    ELF executables as PIEs.
  * debian/control: Bump Standards-Version to 3.9.8 (no changes necessary).
  * debian/cryptsetup.lintian-overrides: Remove unused lintian override
    init.d-script-does-not-source-init-functions.
  * Use /etc/crytsetup-initramfs/conf-hook for initramfs hook script
    configuration.  For backward compatibility setting CRYPTSETUP and
    KEYFILE_PATTERN in /etc/initramfs-tools/initramfs.conf is still supported
    for now, but causes the hook to print a warning.
    This is done following the initramfs-tools maintainers' request (see
    #807527) that hook and boot script configuration files be stored outside
    the /etc/initramfs-tools directory. (Closes: #783393)
  * Print a warning when private key material is to be included in the
    initramfs image (ie, if $KEYFILE_PATTERN is not empty), and the image is
    created with a permissive mode.
  * Add Indonesian debconf templates translation.  Thanks, Izharul Haq for the
    patch. (Closes: #835158)
  * debian/initramfs/cryptroot-hook: Avoid leading space in $rootdevs,
    $resumedevs, etc.
  * Support unlocking devices at initramfs stage using a key file stored on
    the encrypted root FS.  Note however that resume devices won't be unlocked
    this way since the resume boot script is currently run before mounting the
    root FS. (Closes: #776409)
  * debian/initramfs/cryptroot-hook: Avoid undesired effects for target or
    device names containing non-alphanumeric characters such as "." or "-":
    + replace `grep "^$x\b"` by `awk -vx="$x" '$1==x {print}'`; and
    + replace `echo "$x"` by printf '%s' "$x" when the argument might start
      with a dash.
  * debian/initramfs/cryptroot-{hook,script}, debian/cryptdisks.functions:
    ensure slash characters "/" from device labels are escaped when
    constructing symlinks under /dev/disk/by-label.
  * debian/scripts/decrypt_gnupg:
    + Remove --no-mdc-warning to display a warning if the MDC integrity
      protection is missing.
    + Replace "GnuPG key" by "gpg-encrypted key" in messages and
      documentation.
  * debian/initramfs/cryptgnupg-hook: Add support for multiple devices
    encrypted using a gpg-encrypted key.
  * debian/README.gnupg: Indicate that not the only the gpg-encrypted key for
    the root FS is copied onto the initramfs, but also the ones for all
    devices that need to be unlocked at initramfs stage.
  * debian/initramfs/cryptroot-hook: Fix bug for device label starting with
    "UUID=".

  [ Helmut Grohne ]
  * libcryptsetup-dev: move the .pc file to a multiarch location such that
    cross-pkg-config can find it. (closes: #811545)
  * Fix FTCBFS: Use host arch compiler for askpass as well. (closes: #811559)

 -- Jonas Meurer <email address hidden>  Wed, 05 Oct 2016 20:53:09 +0200

Upload details

Uploaded by:
Debian Cryptsetup Team
Uploaded to:
Sid
Original maintainer:
Debian Cryptsetup Team
Architectures:
linux-any
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
cryptsetup_1.7.2-1.dsc 2.6 KiB fb70de4cc25ebc8e12fbf74cd33de8ff553a3943124f1624d517107f7a2f143c
cryptsetup_1.7.2.orig.tar.gz 1.0 MiB 28583176e3858795042f5aafe93afe8aea8b8c787c958fe3343cb1ce66074504
cryptsetup_1.7.2-1.debian.tar.xz 85.3 KiB efbf3560ebc58eb376f128a4567b67b21bda2947294fb644ad7707954826e401

No changes file available.

Binary packages built by this source