-
cryptsetup (2:2.4.3-1ubuntu1.2) jammy; urgency=medium
* Cherry-pick modern support for FIPS enabled backends. LP: #2032659
- cherry-pick v2.6.0 change to correct FIPS mode detection, and
correctly use OpenSSL backend in FIPS-compliant way, if OpenSSL is in
FIPS mode.
- cherry-pick v2.6.0 fixes to benchmark function that works with
OpenSSL in 140-3 FIPS mode.
- Enable the optional runtime FIPS codepath
-- Dimitri John Ledkov <email address hidden> Tue, 22 Aug 2023 18:16:42 +0100
-
cryptsetup (2:2.4.3-1ubuntu1.1) jammy; urgency=medium
* d/initramfs/hooks/cryptroot: Include OpenSSL legacy.so for ripemd160 and
whirlpool hash algorithms (LP: #1979159)
-- Benjamin Drung <email address hidden> Thu, 04 Aug 2022 14:08:01 +0200
-
cryptsetup (2:2.4.3-1ubuntu1) jammy; urgency=low
* Merge from Debian unstable (LP: #1959427). Remaining changes:
- debian/control:
+ Recommend plymouth.
+ Depend on busybox-initramfs instead of busybox | busybox-static.
+ Move cryptsetup-initramfs back to cryptsetup's Recommends.
+ Do not build cryptsetup-suspend binary package on i386.
- Fix cryptroot-unlock for busybox compatibility.
- Fix warning and error when running on ZFS on root: (LP: #1830110)
- d/functions: Return an empty devno for ZFS devices as they don't have
major:minor device numbers.
- d/initramfs/hooks/cryptroot: Ignore and don't print an error message
when devices don't have a devno.
- debian/patches/decrease_memlock_ulimit.patch
Fixed FTBFS due to a restricted build environment
- Stop building the udeb on request.
cryptsetup (2:2.4.3-1) unstable; urgency=high
[ Guilhem Moulin ]
* New upstream security release 2.4.3, with fix for CVE-2021-4122:
decryption through LUKS2 reencryption crash recovery. (Closes: #1003685,
#1003686)
* Remove cryptsetup-initramfs.preinst. (Closes: #1001063)
[ Christoph Anton Mitterer ]
* d/rules: don't expand here-document.
-- Steve Langasek <email address hidden> Fri, 28 Jan 2022 12:14:06 -0800
-
cryptsetup (2:2.4.2-1ubuntu4) jammy; urgency=medium
* Move cryptsetup-initramfs back to cryptsetup's Recommends (from Suggests).
-- Michael Hudson-Doyle <email address hidden> Thu, 09 Dec 2021 12:53:00 +1300
-
cryptsetup (2:2.4.2-1ubuntu3) jammy; urgency=medium
* Fix build on i386.
-- Michael Hudson-Doyle <email address hidden> Tue, 07 Dec 2021 13:17:48 +1300
-
cryptsetup (2:2.4.2-1ubuntu2) jammy; urgency=medium
* Do not build new cryptsetup-suspend binary package on i386.
-- Michael Hudson-Doyle <email address hidden> Tue, 07 Dec 2021 11:47:55 +1300
-
cryptsetup (2:2.4.2-1ubuntu1) jammy; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/control:
+ Recommend plymouth.
+ Depend on busybox-initramfs instead of busybox | busybox-static.
- Fix cryptroot-unlock for busybox compatibility.
- Fix warning and error when running on ZFS on root: (LP: #1830110)
- d/functions: Return an empty devno for ZFS devices as they don't have
major:minor device numbers.
- d/initramfs/hooks/cryptroot: Ignore and don't print an error message when
devices don't have a devno.
Submitted to debian upstream as bug #902449.
- debian/patches/decrease_memlock_ulimit.patch
Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473)
tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
- Thanks Guilherme G. Piccoli.
- Stop building the udeb on request.
* Dropped change, included in Debian:
- Introduce retry logic for external invocations after mdadm (LP: #1879980)
- Currently, if an encrypted rootfs is configured on top of a MD RAID1
array and such array gets degraded (e.g., a member is removed/failed)
the cryptsetup scripts cannot mount the rootfs, and the boot fails.
We fix that issue here by allowing the cryptroot script to be re-run
by initramfs-tools/local-block stage, as mdadm can activate degraded
arrays at that stage.
There is an initramfs-tools counter-part for this fix, but alone the
cryptsetup portion is harmless.
- d/cryptsetup-initramfs.install: ship the new local-bottom script.
- d/functions: declare variables for local-top|block|bottom scripts
(flag that local-block is running and external invocation counter.)
- d/i/s/local-block/cryptroot: set flag that local-block is running.
- d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
- d/i/s/local-top/cryptroot: change the logic from just waiting 180
seconds to waiting 5 seconds first, then allowing initramfs-tools
to run mdadm (to activate degraded arrays) and call back at least
30 times/seconds more.
-- Michael Hudson-Doyle <email address hidden> Thu, 02 Dec 2021 11:58:05 +1300
-
cryptsetup (2:2.3.6-0ubuntu2) jammy; urgency=medium
* No-change rebuild against openssl3
-- Simon Chopin <email address hidden> Thu, 25 Nov 2021 14:22:07 +0200
-
cryptsetup (2:2.3.6-0ubuntu1) impish; urgency=medium
* New upstream release.
-- Matthieu Clemenceau <email address hidden> Fri, 20 Aug 2021 11:32:12 +1200