[pkg-cryptsetup-devel] cryptsetup_2.1.0-1_source.changes ACCEPTED into unstable

Debian FTP Masters ftpmaster at ftp-master.debian.org
Sat Feb 9 00:34:47 GMT 2019



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 09 Feb 2019 00:40:17 +0100
Source: cryptsetup
Architecture: source
Version: 2:2.1.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel at alioth-lists.debian.net>
Changed-By: Guilhem Moulin <guilhem at debian.org>
Closes: 919725
Changes:
 cryptsetup (2:2.1.0-1) unstable; urgency=medium
 .
   * New upstream release.  Highlights include:
     - The on-disk LUKS format version now defaults to LUKS2 (use `luksFormat
       --type luks1` to use LUKS1 format). Closes: #919725.
     - The cryptographic backend used for LUKS header processing is now libssl
       instead of libgcrypt.
     - LUKS' default key size is now 512 in XTS mode, half of which is used for
       block encryption.  XTS mode uses two internal keys, hence the previous
       default key size (256) caused AES-128 to be used for block encryption,
       while users were expecting AES-256.
 .
   [ Guilhem Moulin ]
   * Add docs/Keyring.txt and docs/LUKS2-locking.txt to
     /usr/share/doc/cryptsetup-run.
   * debian/README.Debian: Mention that for non-persistent encrypted swap one
     should also disable the resume device.
   * debian/README.initramfs: Mention that keyscript=decrypt_derived normally
     won't work with LUKS2 sources.  (The volume key of LUKS2 devices is by
     default offloaded to the kernel keyring service, hence not readable by
     userspace.)  Since 2:2.0.3-5 the keyscript loudly fails on such sources.
   * decrypt_keyctl keyscript: Always use our askpass binary for password
     prompt (fail instead of falling back to using stty or `read -s` if askpass
     is not available).  askpass and decrypt_keyctl are both shipped in our
     'cryptsetup-run' and 'cryptsetup-udeb' binary packages, and the cryptsetup
     and askpass binaries are added together to the initramfs image.
   * decrypt_keyctl: Document the identifier used in the user keyring:
     "cryptsetup:$CRYPTTAB_KEY", or merely "cryptsetup" if "$CRYPTTAB_KEY" is
     empty or "none".  The latter improves compatibility with gdm and
     systemd-ask-password(1).
   * debian/*: run wrap-and-sort(1).
   * debian/doc/crypttab.xml: mention `cryptsetup refresh` and the `--persistent`
     option flag.
   * debian/control: Bump Standards-Version to 4.3.0 (no changes necessary).
 .
   [ Jonas Meurer ]
   * Update docs about 'discard' option: Mention in manpage, that it's enabled
     per default by Debian Installer. Give advice to add it to new devices in
     /etc/crypttab and add it to crypttab example entries in the docs.
Checksums-Sha1:
 5675bab44f08f97cadf9978a79dd8862e805b6f6 2810 cryptsetup_2.1.0-1.dsc
 d1c30dc8505ab4fb6da2a8c9998c0cdcc60f1417 10708886 cryptsetup_2.1.0.orig.tar.gz
 ae8ad8a92a809e7399d5c1124f4aa059aebe9088 101156 cryptsetup_2.1.0-1.debian.tar.xz
 66f198ac835806c4e978ab7476ae3cd826261dcf 9142 cryptsetup_2.1.0-1_amd64.buildinfo
Checksums-Sha256:
 13c24960c3f7b1913361162bc6de315c871c2752e24193df85a52a99ee8b121f 2810 cryptsetup_2.1.0-1.dsc
 e34b6502a8f72a5d76b0dc25349612c83e81d6d7d59a3feda50d66e6859f669e 10708886 cryptsetup_2.1.0.orig.tar.gz
 bd16b3309d755cb39b0db927d886b2a883e2c09bd5447a1939b6c1eee2bf65fa 101156 cryptsetup_2.1.0-1.debian.tar.xz
 062103702b644f47a9cb4c46dca2473f8c7c06eee31f8fbb7e136ad5ddd3cedf 9142 cryptsetup_2.1.0-1_amd64.buildinfo
Files:
 29bc714bd527ef5f10da6ed21cdcd6bf 2810 admin optional cryptsetup_2.1.0-1.dsc
 4d694036d2e0359b564ed1d0f76eebe5 10708886 admin optional cryptsetup_2.1.0.orig.tar.gz
 cb8214118a695feb1ac07a46867c1946 101156 admin optional cryptsetup_2.1.0-1.debian.tar.xz
 d72d73d4eba862816d0a07f319ac49a8 9142 admin optional cryptsetup_2.1.0-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAlxeGFUACgkQ05pJnDwh
pVKzow/7Bl4CFvk85XznjU+AGFs6oKptb9KKxDdVucA9/grFCYcSvQhv+2dAS1Bj
WBhVZFsWf16X5THb1eLbfCCoX9QDmfw0uYviY/vRTAH0wwED+iux7pcOyIcQmI93
fJ62yHGwc/c/eXl50O7ti+nGJBaeMJLZRYnaV4YM3HAGcTyW1iTG7Pjt8RI6eG++
6TAP/1gijY7rtWQM7jJGQwzEj85PJI/FMm62LYMQvrKynd7yO/b9eJJQpIHHPDZC
vUrnq4ZqEinMesElSoAnoAp7VYtQ+Gin/tf2TPmqxUVIb6I9/UWD82Z/8vz5KI3G
wiwzHj9wrSnzABnD7PKweZaiQforOubg4n62qpipIwCtIpcTsdykWB8me4WSzP6K
hjLPSMo9sfmn4iZ5zVdHebVUYNEVCrUcF3yUR7QDsJZWB75yZdyTTCSk/5ARE9+8
rMA9Js4Kyog81TSIU5ls7LzsSlpyDVUlqA1VbQsvk8v5rjsWRXwCNKNU+KM0Twuh
F22XYFB/Uy6158Cm23NmVJMeG92+aZ0suE9ckzSiic96qeFhEIaR9eD4DA4lQbUs
5iAdWd6sjaDKjiu7JAw/UdkAz9Zp3u49LCY4y0RVuRMdEKaYJWW/NhdvqjxJKXUw
suMRjmaTwParpxwlX9Tn2pPRsMHZ5gSGUP76tgHbHO1x9v3+xJE=
=gpIT
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.



More information about the pkg-cryptsetup-devel mailing list