[pkg-cryptsetup-devel] Bug#1065073: cryptsetup: Make the information about changes of default cypher and hash in 2.7.0 more visible

[Jurij Smakov]

Package: cryptsetup
Version: 2:2.7.0-1
Severity: wishlist

Hi,

I recently upgraded my machine running unstable to 2:2.7.0-1, and found that
cryptsetup stopped working for my custom encrypted device. I eventually
tracked this down to the default cipher and hash settings changing in the
latest upstream release. I was specifying the cipher explicitly, but I had
to add '-h ripemd160' flag to my invocation, in order for it to use the
previous default, which restored my setup to working condition.

While this change is mentioned in the upstream release notes, I could not
find any mention of it in the Debian's changelog or NEWS file. Given the
potential for breakage, please consider making this change more visible in
the documentation, before it propagates to testing. I would say that it
should also be mentioned in the upgrade instructions for the next stable
version, to prevent unpleasant surprises.

Thanks.

-- Package-specific info:

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.6.15-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cryptsetup depends on:
ii  cryptsetup-bin         2:2.7.0-1
ii  debconf [debconf-2.0]  1.5.86
ii  dmsetup                2:1.02.196-1
ii  libc6                  2.37-15

cryptsetup recommends no packages.

Versions of packages cryptsetup suggests:
pn  cryptsetup-initramfs    <none>
ii  dosfstools              4.2-1
pn  keyutils                <none>
ii  liblocale-gettext-perl  1.07-6+b1

-- debconf information:
  cryptsetup/prerm_active_mappings: true