[ubuntu/disco-proposed] cryptsetup 2:2.1.0-1ubuntu1 (Accepted)

Dimitri John Ledkov xnox at ubuntu.com
Wed Feb 13 21:40:14 UTC 2019


cryptsetup (2:2.1.0-1ubuntu1) disco; urgency=medium

  * Merge from Debian unstable. LP: #1815484
  * Remaining changes:
    - debian/control:
      + Recommend plymouth.
      + Invert the "busybox | busybox-static" Recommends, as the latter
        is the one we ship in main as part of the ubuntu-standard task.
    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
      compatibility. LP: #1651818

cryptsetup (2:2.1.0-1) unstable; urgency=medium

  * New upstream release.  Highlights include:
    - The on-disk LUKS format version now defaults to LUKS2 (use `luksFormat
      --type luks1` to use LUKS1 format). Closes: #919725.
    - The cryptographic backend used for LUKS header processing is now libssl
      instead of libgcrypt.
    - LUKS' default key size is now 512 in XTS mode, half of which is used for
      block encryption.  XTS mode uses two internal keys, hence the previous
      default key size (256) caused AES-128 to be used for block encryption,
      while users were expecting AES-256.

  [ Guilhem Moulin ]
  * Add docs/Keyring.txt and docs/LUKS2-locking.txt to
    /usr/share/doc/cryptsetup-run.
  * debian/README.Debian: Mention that for non-persistent encrypted swap one
    should also disable the resume device.
  * debian/README.initramfs: Mention that keyscript=decrypt_derived normally
    won't work with LUKS2 sources.  (The volume key of LUKS2 devices is by
    default offloaded to the kernel keyring service, hence not readable by
    userspace.)  Since 2:2.0.3-5 the keyscript loudly fails on such sources.
  * decrypt_keyctl keyscript: Always use our askpass binary for password
    prompt (fail instead of falling back to using stty or `read -s` if askpass
    is not available).  askpass and decrypt_keyctl are both shipped in our
    'cryptsetup-run' and 'cryptsetup-udeb' binary packages, and the cryptsetup
    and askpass binaries are added together to the initramfs image.
  * decrypt_keyctl: Document the identifier used in the user keyring:
    "cryptsetup:$CRYPTTAB_KEY", or merely "cryptsetup" if "$CRYPTTAB_KEY" is
    empty or "none".  The latter improves compatibility with gdm and
    systemd-ask-password(1).
  * debian/*: run wrap-and-sort(1).
  * debian/doc/crypttab.xml: mention `cryptsetup refresh` and the `--persistent`
    option flag.
  * debian/control: Bump Standards-Version to 4.3.0 (no changes necessary).

  [ Jonas Meurer ]
  * Update docs about 'discard' option: Mention in manpage, that it's enabled
    per default by Debian Installer. Give advice to add it to new devices in
    /etc/crypttab and add it to crypttab example entries in the docs.

Date: Wed, 13 Feb 2019 21:28:23 +0000
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/cryptsetup/2:2.1.0-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 13 Feb 2019 21:28:23 +0000
Source: cryptsetup
Binary: cryptsetup-run cryptsetup-bin cryptsetup-initramfs cryptsetup libcryptsetup12 libcryptsetup-dev cryptsetup-udeb libcryptsetup12-udeb
Architecture: source
Version: 2:2.1.0-1ubuntu1
Distribution: disco
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Description:
 cryptsetup - transitional dummy package for cryptsetup-{run,initramfs}
 cryptsetup-bin - disk encryption support - command line tools
 cryptsetup-initramfs - disk encryption support - initramfs integration
 cryptsetup-run - disk encryption support - startup scripts
 cryptsetup-udeb - disk encryption support - commandline tools (udeb) (udeb)
 libcryptsetup-dev - disk encryption support - development files
 libcryptsetup12 - disk encryption support - shared library
 libcryptsetup12-udeb - disk encryption support - shared library (udeb) (udeb)
Closes: 919725
Launchpad-Bugs-Fixed: 1651818 1815484
Changes:
 cryptsetup (2:2.1.0-1ubuntu1) disco; urgency=medium
 .
   * Merge from Debian unstable. LP: #1815484
   * Remaining changes:
     - debian/control:
       + Recommend plymouth.
       + Invert the "busybox | busybox-static" Recommends, as the latter
         is the one we ship in main as part of the ubuntu-standard task.
     - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
       compatibility. LP: #1651818
 .
 cryptsetup (2:2.1.0-1) unstable; urgency=medium
 .
   * New upstream release.  Highlights include:
     - The on-disk LUKS format version now defaults to LUKS2 (use `luksFormat
       --type luks1` to use LUKS1 format). Closes: #919725.
     - The cryptographic backend used for LUKS header processing is now libssl
       instead of libgcrypt.
     - LUKS' default key size is now 512 in XTS mode, half of which is used for
       block encryption.  XTS mode uses two internal keys, hence the previous
       default key size (256) caused AES-128 to be used for block encryption,
       while users were expecting AES-256.
 .
   [ Guilhem Moulin ]
   * Add docs/Keyring.txt and docs/LUKS2-locking.txt to
     /usr/share/doc/cryptsetup-run.
   * debian/README.Debian: Mention that for non-persistent encrypted swap one
     should also disable the resume device.
   * debian/README.initramfs: Mention that keyscript=decrypt_derived normally
     won't work with LUKS2 sources.  (The volume key of LUKS2 devices is by
     default offloaded to the kernel keyring service, hence not readable by
     userspace.)  Since 2:2.0.3-5 the keyscript loudly fails on such sources.
   * decrypt_keyctl keyscript: Always use our askpass binary for password
     prompt (fail instead of falling back to using stty or `read -s` if askpass
     is not available).  askpass and decrypt_keyctl are both shipped in our
     'cryptsetup-run' and 'cryptsetup-udeb' binary packages, and the cryptsetup
     and askpass binaries are added together to the initramfs image.
   * decrypt_keyctl: Document the identifier used in the user keyring:
     "cryptsetup:$CRYPTTAB_KEY", or merely "cryptsetup" if "$CRYPTTAB_KEY" is
     empty or "none".  The latter improves compatibility with gdm and
     systemd-ask-password(1).
   * debian/*: run wrap-and-sort(1).
   * debian/doc/crypttab.xml: mention `cryptsetup refresh` and the `--persistent`
     option flag.
   * debian/control: Bump Standards-Version to 4.3.0 (no changes necessary).
 .
   [ Jonas Meurer ]
   * Update docs about 'discard' option: Mention in manpage, that it's enabled
     per default by Debian Installer. Give advice to add it to new devices in
     /etc/crypttab and add it to crypttab example entries in the docs.
Checksums-Sha1:
 f0f8fa3a9f8793f74d40cb455619f11d5f31f345 2942 cryptsetup_2.1.0-1ubuntu1.dsc
 d1c30dc8505ab4fb6da2a8c9998c0cdcc60f1417 10708886 cryptsetup_2.1.0.orig.tar.gz
 2bbe1e19d5d55c01101f9d563d374646e5d096b0 111240 cryptsetup_2.1.0-1ubuntu1.debian.tar.xz
 1e6c328b12d408808da165c14973ca6a819312fe 7333 cryptsetup_2.1.0-1ubuntu1_source.buildinfo
Checksums-Sha256:
 40f8414b5023a488de362ea9096e6a6250ff2ac0f835a435a9af6aff59726164 2942 cryptsetup_2.1.0-1ubuntu1.dsc
 e34b6502a8f72a5d76b0dc25349612c83e81d6d7d59a3feda50d66e6859f669e 10708886 cryptsetup_2.1.0.orig.tar.gz
 03bcc8514c32693ccf33e313cf6bbf1bb996306270f25c3982e36bd37b45d8b0 111240 cryptsetup_2.1.0-1ubuntu1.debian.tar.xz
 8f2c580dd653ae5761cd6eb50c3e9770e66e7c30be7c6314fc7f5f128dc371f6 7333 cryptsetup_2.1.0-1ubuntu1_source.buildinfo
Files:
 71472a3cf9b6659e26aa7e8a18677e76 2942 admin optional cryptsetup_2.1.0-1ubuntu1.dsc
 4d694036d2e0359b564ed1d0f76eebe5 10708886 admin optional cryptsetup_2.1.0.orig.tar.gz
 f0e9b201401fbb3d58f820b3f6b9b39e 111240 admin optional cryptsetup_2.1.0-1ubuntu1.debian.tar.xz
 642d113b611d585230c3db213ccf507a 7333 admin optional cryptsetup_2.1.0-1ubuntu1_source.buildinfo
Original-Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel at alioth-lists.debian.net>

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCgAuFiEE4cdIyvfCPLE8LKqG6OhJCPkDr7UFAlxkjAUQHHhub3hAdWJ1
bnR1LmNvbQAKCRDo6EkI+QOvtbLuEACSKOmQKNkUbbcX9Q5n7RDJz9WsDewIIwCN
YgiThfqc1slkoFKw2v1BDQ5U9TuZs7IL/qempFKXnAAptpIIKmVY6HjhAhnd8gVS
PR3NuefEi+sPyrFiI61UaD6Flaf2VN1JqufeZ2VY9e+R5Ig4nybvKxiCxmjsgyoD
1MsyZ7CMHtMzgGeZM0LSXEBkkMGdAR96338rxwaIoRXVV+HQeoGeSMYEDZDLlXDY
jOhQotySzNEk+tgou7j2vZpSxOvA/RfX64aiqQtv18Ji54s9VF3A5jrzS5Rd61n/
s36LiOdZzzIwpXN88zQ9qPjWlHjetM8c+8/wDZ56AzTpme9HkXiRK1jw8XETNZfN
GPHpmdkMNfB80JEGZEmjEBZg351jr7cFR7OIckQ8vuVBjcZlI0qgegRrH/okYvV9
jUZuLGxtmkySpqKLeW8LHG4Np37Ca6YUhhBQ7eu0RLOIW8tcNPX/tFGWvCcAnJGL
Dki7fILF7soi4NcoQra3aZIzpbsZYV4GVE/SlvUHMWBMQJ16vEdXDoDCRgTNrmyU
5wKtAxwGjLMWenD6exeROtHV/xLNFO2gI2h03m4uHqlYATy+7VR4hJzfxX4348Sf
Tzwum+ZADDJO8X0EH/+EZHXo154mvffqet7HvCm6qhC+i/MmrtRwqs3M3QW6YIlc
OdR4uYvrRA==
=M15y
-----END PGP SIGNATURE-----


More information about the Disco-changes mailing list