[Bug 1781912] Comment bridged from LTC Bugzilla

bugproxy bugproxy at us.ibm.com
Mon Jul 23 07:59:28 UTC 2018 

------- Comment From heinz-werner_seeck at de.ibm.com 2018-07-23 03:56 EDT-------
These are the changes with  2.0.3

f34158250a Update Readme.md.
b7c2465887 Add link to ABI tracker.
a22a24bc98 Support detached header for cryptsetup-reencrypt.
fe058e2c27 Update reencrypt test to use option --type only when really needed.
fa8d5d1769 Remove losetup handling from reencrypt2 test.
2d2acda404 Add crypto backend vectors test.
4e19bc01d5 Fix test vectors test link.
5e0db46f17 Add Reed-Solomon user-space decoding lib.
dc58985ac6 Enable userspace FEC decoding in veritysetup.
5b7b1596a2 Add tests for veritysetup FEC userspace decoding.
3cf2da877f Refactor crypt_activate_by_keyfile_device_offset.
761a472b45 Remove missing digest condition from LUKS2 digest verification.
303fe886b7 Fix misleading param name in prototype.
7bee66fe36 Add new luks2 keyslot validation condition.
1e2ad19d68 Validate LUKS2 keyslot json before opening it.
8d1fb88a20 Fix return code and retry count for bad passphrase and non-tty input.
610c7858d6 Add explicit key conversion command
af0887fb48 Remove no passphrase error message from library.
86f4f4440a Reformat crypt_resize function.
c84983f91e Add simple luksConvertKey test.
fef5121cee veritysetup: add support for --check-at-most-once option.
ed2968e3e8 Add paes to ciphers that cannot be used for LUKS2 keyslot encryption.
103d75f773 configure.ac: fix bashisms
f7ad64a3d3 Move absolute path helper to m4 macro.
187170ec51 Check cipher before writing metadata (LUKS2).
f6f00b98a7 Always convert the whole last keyslot (including alignment).
f21ebaf839 Check LUKS2 conversion for luksmeta header.
23b01621ff Print better debug message for open with write mode.
869767a5cf Move general i/o code to stand-alone utility file.
fee1d659cf Fix wrong digest assignment to new LUKS2 (volume key) keyslot.
35d29b22c0 Move CRYPT_ANY_DIGEST definition.
622763b240 Fix memory leak on error path in cryptsetup-reencrypt.
4caef0dec7 Add new volume key flag to crypt_keyslot_add_by_key.
965e0237a3 Add basic test for CRYPT_VOLUME_KEY_SET flag.
169d45fbdb Move reading master key in command line utilities.
a63db4ab24 Add --master-key-file parameter to cryptsetup-reencrypt.
0891e84bf8 Add reencrypt tests for --master-key-file option.
255c8e8ff4 Avoid pbkdf benchmark on LUKS2 header down conversion.
3616ee50c0 Fix off by one bug in LUKS2 keyslot max id allocation.
48bf08922c Make all LUKS2 key size helpers return negative value on error.
fbf2d64f34 Allow crypt_volume_key_get for unbound keyslots.
eed682c529 Add fixme in luks2->luks1 convert code.
70077db07d Abort conversion when LUKS2 header contains tokens.
b11b11f9b0 Add test for LUKS2 conversion with tokens.
e5f72a0d4f Remove duplicate CRYPT_ANY_TOKEN define.
4eb75f3c80 Add debug message for failed external token validation.
d97302f351 Extend suspend tests for missing header case.
9a72ec366d Move generic ciper backend utilities to separate file.
6f6e1efbc8 Abort conversion when wrapped key cipher is used.
34b8a48252 Add stand-alone device suspend.
0b849985b2 Do not wipe keys for wrapped key enabled ciphers.
09842ce46f Update docs for crypt_keyslot_add_by_key.
f8a7ab1752 Add crypt_get_pbkdf_default() function to get per-type PBKDF default.
1f01754ea6 Update FIPS restrictions on crypt_volume_key_get
0c6129c54e Allow volume key store in a file with cryptsetup.
53dcee6176 Test dump of volume key in a file.
103fa8fa2c Remove redundant check for key file.
38d83c27b4 Add --unbound keyslot option to cryptsetup.
6ddf765d8d Remove example covered by cryptsetup already.
879403a172 Add tests for cryptsetup luksAddKey --unbound.
aa1551c6e8 Introduce CRYPT_SLOT_UNBOUND keyslot status for LUKS2.
08ee50403d Move reading keyslot pbkdf params in helper.
45356f5e12 Split keyslot update in separate functions.
790fdc0aa6 Add crypt_volume_key_get tests for unbound key.
22f10dd8d2 Remove custom made 'contains' helper from keyslot validation.
172af5465d Harden LUKS2 keyslot kdf section validation.
9b635a3e90 Cleanup LUKS2 keyslot specific validation.
6f83822b6e Validate all keyslot implementations after load and before write.
5b6f06b2ac Hide luks2 specific keyslot allocation from internal api.
a054206d25 Suppress useless slash escaping in json lib
dddd30bef8 Add paranoid check for accidental volume key length change.
f6be62ac5f Add repair for known glitches in LUKS2 json.
a702b7ccc5 Add new validation test for keyslot digest bond
7c70e6ce74 Add repair test for keyslot with kdf leftover params.
30754473fc Add API to get integrity current failure count for dm-integrity.
f049f719f8 Fix keyslot validation.
f63e1cfbfc Rename contains() to json_contains().
874c573bd4 Do not allow used block size larger than page size.
487965dc8a Fix LUKS convert on trimmed headers in file.
5a71c6f2eb Set devel version.
181f621a90 urlencode brackets in URL to VeraCrypt PIM docs
6002099288 tcryptDump: fix support for --veracrypt-pim
ef045f9f65 adjust KDF preference to VeraCrypt order
cac84abdd9 Merge branch 'urlencode-veracrypt-docs-link' into 'master'
f97eba6539 Merge branch 'tcryptDump-pim-support' into 'master'
487acbb573 Merge branch 'veracrypt-kdf-preference' into 'master'
1a6183d0c4 Fix non-translated string with default integrity algorithm macro.
0279d8f466 Update po files.
480c7178a8 Do not use trailing period in options help texts.
6997506bb9 Fix error messages and include benchmark string for translators.
10bb78458d Move EOL in tool verbose and error messages to log wrapper.
13796ee4c7 Add --with-default-luks-format configure time option.
19ac1dd393 Fix Veracrypt PIM iteration calculation for system volumes
321e840c1c Fix some signed/unsigned warnings.
e58883c183 Hide return code check fot fallocate (that can silenty fail in this context).
aee55b0595 Use fixed buffer in log function.
b00a87d8fa Remove trailing EOL for verbose and error messages.
daba04d54b Update po files.
a387557970 Introduce crypt_keyslot_get_key_size()
abcd3511bf Fix memory leak in luksKillSlot action.
7fede3ee45 Update po files.
2a1a773777 Fixes and workarounds for some Coverity scan reports.
f87ee5112a Fix check for AEAD cipher.
ddb844226d Run PBKDF2 benchmark always.
14f81cb275 Fix few typos in cryptsetup-reencrypt man page.
6b8e553ecc Remove subcondition for reencryption --keep-key parameter.
2565fedeb7 Add test for stand-alone --keep-key parameter.
1763260578 Update po files.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1781912

Title:
  [18.10 FEAT] Upgrade cryptsetup >= 2.0.3

Status in Ubuntu on IBM z Systems:
  Fix Released
Status in cryptsetup package in Ubuntu:
  Fix Released

Bug description:
  Cryptsetup is utility used to conveniently setup disk encryption based
  on DMCrypt kernel module.

  These include plain dm-crypt volumes, LUKS volumes, loop-AES
  and TrueCrypt (including VeraCrypt extension) format.

  Project also includes veritysetup utility used to conveniently setup
  DMVerity block integrity checking kernel module
  and, since version 2.0,  integritysetup to setup
  DMIntegrity block integrity kernel module.

  Version 2.0.3 include all z code for dm-crypt with protected keys

  Without cryptsetup 2.0.3 (the 3 is important) we won't be able to use
  secure key encryption with LUKS2 and the paes cipher. Only plain mode
  will be usable with cryptsetup version 2.0.1.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1781912/+subscriptions

More information about the foundations-bugs mailing list