-
cryptsetup (2:1.0.5-2ubuntu2.1) gutsy-proposed; urgency=low
* RELIABILITY FIX: lib/libdevmapper.c: Ensure that pending device creation
events are being processed by calling /sbin/udevsettle. Patch based on
OpenSUSE bug #285478, LP: #132373.
-- Reinhard Tartler <email address hidden> Fri, 02 Nov 2007 20:53:31 +0100
-
cryptsetup (2:1.0.5-2ubuntu2) gutsy; urgency=low
* debian/initramfs/cryptroot-script:
- If the supplied password worked, remove the prompt from usplash again,
so that the user has some visual feedback that everything is alright.
(LP: #151305)
- Do not show the UUID device node of the outer physical device. It is
scary ("/dev/disk/by-uuid/1234yadayada") and displaying it does not
improve security at all: If attackers can tamper with your initramfs,
they can also change the prompt, and if the UUID of the physical device
changes, then booting will not even get that far. Now it is a much more
friendly "Enter passphrase for sda5_crypt:" which is still technical,
but it's necessary to point out which device will be unlocked in case
there are several.
-- Martin Pitt <email address hidden> Thu, 11 Oct 2007 19:51:58 +0200
-
cryptsetup (2:1.0.5-2ubuntu1) gutsy; urgency=low
* Merge new debian version. Remaining changes:
- cryptsetup is linked dynamically against libgcrypt and libgpg-error.
This will break systems where /usr is a separate encrypted filesystem
but not have other bad consequences (in particular, systems with
encrypted root are still fine). The upsides include better
security supportability and smaller packages.
- libcryptsetup.so et al removed from the binary packages. They have
no stable ABI and are not suitable for use by other packages, and
were in violation of library policies etc. They're not needed since
the cryptsetup executable statically contains the relevant parts of
libcryptsetup.
- cryptdisks.functions: remove #!/bin/bash as it isn't a script
by itself; it's only sourced by other scripts. This gets rid
of the lintian warning `script-not-executable' for this file.
- stop usplash on user input. LP #62751
- Always output and read from the console. LP #58794.
- Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
bzr on launchpad.
- Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate
libnsl linkage;
- debian/initramfs/cryptroot-hook: (LP: #73862)
Added patch to install aes optimized cypher module
- try to load optimized cypher module in cryptsetup.functions as well,
because cryptroot-hook is only executed when we really have a
cryptoroot.
- apply patch from pitti for allowing UUIDs in /etc/crypttab.
This allowes crypted PVs! LP: #144390.
- remove README.ubuntu, since it contains old and obsolete information.
cryptsetup (2:1.0.5-2) unstable; urgency=low
[ Jonas Meurer ]
* Add libselinux1-dev and libsepol1-dev to build-depends. Detected by
the build daemon from hell by Steinar H. Gunderson. Thanks to Manoj
Srivastava for advice.
* Fix the watchfile
* Fix cryptopensc-hook to honor key=none. Thanks to Daniel Baumann
(closes: #436434)
* Remove outdated README.html and example usbcrypto.* scripts from
documentation. Add example usbcrypto.udev script. Thanks to Volker Sauer
for the update. (closes: #409775)
* Document that stdin is read different with '--key-file=-' than without.
Thanks to Marc Haber. (closes: #418450)
* Document that --timeout is useless in conjunction with --key-file. Thanks
Alexander Zangerl. (closes: #421693)
* [03_check_for_root.dpatch] Check for UID == 0 before actually doing
something. Thanks to Benjamin Seidenberg. (closes: #401766)
* [04_fix_unused_or_unitialized_variables.dpatch] Fix some gcc warnings
about unused or unitialized variables. Thanks to Ludwig Nussel for the
patch.
* [05_segfault_at_nonexisting_device.dpatch] Fix segfault when trying to
open a non existing device. Thanks to Ludwig Nussel for the patch.
(closes: #438198)
* Add CFLAGS="$(CFLAGS)" before ./configure invocation in debian/rules.
This way CFLAGS are passed to the configure script. Thanks to Gordon
Farquharson for the patch. (closes: #438450)
* Add a warning about missing hash option in crypttab to initramfs
cryptoroot hook. Thanks to Sebastian Leske for the patch.
(closes: #438169)
* Add support for openct using data objects on a smartcard as key. Thanks to
Daniel Baumann <email address hidden> for patch and documentation.
(closes: #438473)
* Polish opensc_decrypt and openct_decrypt.
* Add initramfs patch by maximilian attems. Bump depends on initramfs-tools
to (>= 0.91). (closes: #441428)
* several cleanups to make lintian happy:
- remove #!/bin/sh from cryptsetup.functions as it is not executable.
- remove unused-override configure-generated-file-in-source config.log.
- add some hyphen fixes to patches/02_manpage.dpatch
* Filter out the detection of filesystem type 'minix' in checks vol_id and
un_vol_id if checking for any valid filesystem. The minix fs signature
seems short enough to be detected erroneously by /lib/udev/vol_id.
Thanks to Fredrik Olofsson and arno for the bugreport. (closes: #411784)
* Add Homepage field to debian/control.
cryptsetup (2:1.0.5-1ubuntu5) UNRELEASED; urgency=low
* apply patch from pitti for allowing UUIDs in /etc/crypttab.
This allowes crypted PVs! LP: #144390.
* remove README.ubuntu, since it contains old and obsolete information.
-- Reinhard Tartler <email address hidden> Tue, 02 Oct 2007 21:31:28 +0200
-
cryptsetup (2:1.0.5-1ubuntu4) gutsy; urgency=low
[ Stephan Hermann ]
* debian/initramfs/cryptroot-hook: (LP: #73862)
- Added patch to install aes optimized cypher module
[ Reinhard Tartler ]
* re-applying old patch to new package version
* try to load optimized cypher module in cryptsetup.functions as well,
because cryptroot-hook is only executed when we really have a
cryptoroot.
-- Reinhard Tartler <email address hidden> Thu, 27 Sep 2007 19:38:48 +0200
-
cryptsetup (2:1.0.5-1ubuntu3) gutsy; urgency=low
* Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate
libnsl linkage; should finally produce a usable cryptsetup binary for
the udeb.
-- Colin Watson <email address hidden> Wed, 19 Sep 2007 15:28:52 +0100
-
cryptsetup (2:1.0.5-1ubuntu2) gutsy; urgency=low
* Bump libgcrypt11 build-dependency to 1.2.4-2ubuntu1 and rebuild for
proper udeb dependencies.
-- Colin Watson <email address hidden> Wed, 19 Sep 2007 01:37:02 +0100
-
cryptsetup (2:1.0.5-1ubuntu1) gutsy; urgency=low
* Merge new debian version. Remaining changes:
- cryptsetup is linked dynamically against libgcrypt and libgpg-error.
This will break systems where /usr is a separate encrypted filesystem
but not have other bad consequences (in particular, systems with
encrypted root are still fine). The upsides include better
security supportability and smaller packages.
- libcryptsetup.so et al removed from the binary packages. They have
no stable ABI and are not suitable for use by other packages, and
were in violation of library policies etc. They're not needed since
the cryptsetup executable statically contains the relevant parts of
libcryptsetup.
- cryptdisks.functions: remove #!/bin/bash as it isn't a script
by itself; it's only sourced by other scripts. This gets rid
of the lintian warning `script-not-executable' for this file.
- stop usplash on user input. LP #62751
- Always output and read from the console. LP #58794.
* Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
bzr on launchpad.
* UVF exception request granted by Scott Kitterman and Chuck Short
LP: #138295
cryptsetup (2:1.0.5-1) unstable; urgency=low
[ Jonas Meurer ]
* New upstream release, nearly identical to svn snapshot svn29.
* Fix watch file to use cryptsetup instead of cryptsetup-luks.
* Add 01_crypt_luksFormat_libcryptsetup.dpatch - rename luksInit to
luksFormat in libcryptsetup.h.
* Merge some ubuntu changes:
- make luksformat check if filesystem is already mounted to prevent a
strange error message.
- modprobe dm-mod in cryptsetup.functions.
- wait for udev to be settled in initramfs script.
[ David Härdeman ]
* Allow other crypto devices to be setup even if one fails.
(closes: #423100)
* Remove an incorrect warning in postinst.
-- Reinhard Tartler <email address hidden> Sat, 08 Sep 2007 19:04:54 +0200
-
cryptsetup (2:1.0.4+svn29-1ubuntu6) gutsy; urgency=low
* Add notes by Ilkka Tuohela in a new file README.ubuntu.
-- Reinhard Tartler <email address hidden> Sat, 08 Sep 2007 18:43:56 +0200
-
cryptsetup (2:1.0.4+svn29-1ubuntu5) gutsy; urgency=low
* cryptsetup is linked dynamically against libgcrypt and libgpg-error.
This will break systems where /usr is a separate encrypted filesystem
but not have other bad consequences (in particular, systems with
encrypted root are still fine). The upsides include better
security supportability and smaller packages.
* libcryptsetup.so et al removed from the binary packages. They have
no stable ABI and are not suitable for use by other packages, and
were in violation of library policies etc. They're not needed since
the cryptsetup executable statically contains the relevant parts of
libcryptsetup.
* cryptdisks.functions: remove #!/bin/bash as it isn't a script
by itself; it's only sourced by other scripts. This gets rid
of the lintian warning `script-not-executable' for this file.
-- Ian Jackson <email address hidden> Fri, 31 Aug 2007 12:05:33 +0100
-
cryptsetup (2:1.0.4+svn29-1ubuntu4) gutsy; urgency=low
* s/$CRYPTCMD/cryptsetup/ in debian/cryptdisks.functions
(LP: #115617)
-- Reinhard Tartler <email address hidden> Tue, 29 May 2007 17:04:05 +0200
-
cryptsetup (2:1.0.4+svn29-1ubuntu3) gutsy; urgency=low
* make luksformat check if filesystem is already mounted to prevent a
strange error message. thanks to mvo for the patch (LP: #116633)
* remove file debian/initramfs-cryptroot-script from source. it is not
installed anywhere, and a leftover from the last merge.
* add missing hunk of cryptsetup.functions compared to debian package.
* reapply http://librarian.launchpad.net/7329604/bug85640.debdiff to
debian/initramfs/cryptroot-script, since stgraber's patch has been
lost in the last merge. (LP: #85640)
-- Reinhard Tartler <email address hidden> Tue, 29 May 2007 15:02:57 +0200
-
cryptsetup (2:1.0.4+svn29-1ubuntu2) gutsy; urgency=low
* modprobe dm-mod from cryptsetup.functions. (LP: #64625, #91405)
-- Reinhard Tartler <email address hidden> Tue, 29 May 2007 13:31:39 +0200
-
cryptsetup (2:1.0.4+svn29-1ubuntu1) gutsy; urgency=low
* Merge from Debian unstable. Remaining Ubuntu changes:
- stop usplash on user input. Ubuntu: #62751
- Always output and read from the console. Ubuntu: #58794.
- Wait for Udev to be ready to avoid partition non-detection. (LP: #85640)
* Modify Maintainer value to match Debian-Maintainer-Field Spec
cryptsetup (2:1.0.4+svn29-1) unstable; urgency=low
* New upstream svn snapshot with several bugfixes
- remove 01_tries_fix.dpatch, added upstream
cryptsetup (2:1.0.4+svn26-3) unstable; urgency=low
* Add cryptdevice name to prompt before actually starting it. Thanks
to Joerg Jaspert. (closes: #421803)
cryptsetup (2:1.0.4+svn26-2) unstable; urgency=low
[ David Härdeman ]
* Fix typo in crypttab(5), the ext checkscript is called ext2, not
ext3. (closes: #410390)
* Use the initramfs-tools keymap support instead of our own (requires
initramfs-tools >= 0.87)
* Add support for usplash password prompt (closes: #397981)
* Remove the "ssl" and "gpg" options which are supported by keyscripts
since October 2006 (see NEWS for details).
* Spring cleaning of cryptdisks.functions, now supports multiple tries
for keyscripts and uses lsb logging. (closes: #420105, #383808)
[ Jonas Meurer ]
* Add 01_tries_fix.dpatch, makes the --tries commandline option work
again. (closes: #414326, #412064)
* Document the un_vol_id check script, remove the swap check script from
documentation. The swap check indeed is rather useless, thanks to Frank
Engler <email address hidden>. The script itself is kept
for compability issues. (closes: #406837)
* Add smartcard keyscript and initramfs-tools hooks/scripts. This adds
support for disk encryption with smartcards, even for root disks.
Thanks a lot to Gerald Turner <email address hidden> for the patch and a
smartcard reader for testing this. (closes: #416528)
* update copyright file: change "program" to "package", and mention GPL
version 2. add a full disclaimer.
* Add "--showkeys" to the dmsetup invocation in decrypt_derived script.
(closes: #420399)
* Fixes in cryptdisks.functions:
- Don't suppress error messages at mount and unmount and don't break
if 'mount $point' fails.
- Fix handling of checks and prechecks, the vars somehow where mixed
- Really use $CHECKARGS if it's defined
- Rename "stopped" to "stopping" for devices which are shutdown at
'cryptdisks stop' (show a difference to already stopped devices).
-- Andrea Veri <email address hidden> Sun, 6 May 2007 22:33:25 +0200
-
cryptsetup (2:1.0.4+svn26-1ubuntu2) feisty; urgency=low
* Wait for Udev to be ready to avoid partition non-detection. (LP: #85640)
-- Stéphane Graber <email address hidden> Thu, 14 Apr 2007 10:03:41 +0200