Na}{

File Content: `v2.3.4-ReleaseNotes`

Cryptsetup 2.3.4 Release Notes
==============================
Stable bug-fix release with a security fix (32-bit only).

All users of cryptsetup 2.2.x and later should upgrade to this version.

Changes since version 2.3.3
~~~~~~~~~~~~~~~~~~~~~~~~~~~

* Fix a possible out-of-bounds memory write while validating LUKS2 data
  segments metadata (CVE-2020-14382).

  This problem can be triggered only on 32-bit builds (64-bit systems
  are not affected).

  LUKS2 format validation code contains a bug in segments validation code
  where the code does not check for possible overflow on memory allocation.

  Due to the bug, the libcryptsetup can be tricked to expect such allocation
  was successful. Later it may read data from image crafted by an attacker and
  actually write such data beyond allocated memory.

  The bug was introduced in cryptsetup 2.2.0. All later releases until 2.3.4
  are affected.

  If you only backport the fix for this CVE, these master branch git commits
  should be backported:
    52f5cb8cedf22fb3e14c744814ec8af7614146c7
    46ee71edcd13e1dad50815ad65c28779aa6f7503
    752c9a52798f11d3b765b673ebaa3058eb25316e

  Thanks to Tobias Stoeckmann for discovering this issue.

* Ignore reported optimal IO size if not aligned to minimal page size.

  Some USB enclosures report bogus block device topology (see lsblk -t) that
  prevents LUKS2 format with 4k sector size (reported values are not correctly
  aligned). The code now ignores such values and uses the default alignment.

* Added support for new no_read/write_wrokqueue dm-crypt options (kernel 5.9).

  These performance options, introduced in kernel 5.9, configure dm-crypt
  to bypass read or write workqueues and run encryption synchronously.

  Use --perf-no_read_workqueue or --perf-no_write_workqueue cryptsetup arguments
  to use these dm-crypt flags.

  These options are available only for low-level dm-crypt performance tuning,
  use only if you need a change to default dm-crypt behavior.

  For LUKS2, these flags can be persistently stored in metadata with
  the --persistent option.

* Added support panic_on_corruption option for dm-verity devices (kernel 5.9).

  Veritysetup now supports --panic-on-corruption argument that configures
  the dm-verity device to panics kernel if a corruption is detected.

  This option is intended for specific configurations, do not use it in
  standard configurations.

* Support --master-key-file option for online LUKS2 reencryption

  This can be used for reencryption of devices that uses protected key AES cipher
  on some mainframes crypto accelerators.

* Always return EEXIST error code if a device already exists.

  Some libcryptsetup functions (activate_by*) now return EEXIST error code,
  so the caller can distinguish that call fails because some parallel process
  already activated the device.
  Previously all fails returned EINVAL (invalid value).

* Fix a problem in integritysetup if a hash algorithm has dash in the name.

  If users want to use blake2b/blake2s, the kernel algorithm name includes
  a dash (like "blake2s-256").
  These algorithms can now be used for integritysetup devices.

* Fix crypto backend to properly handle ECB mode.

  Even though it should never be used, it should still work for testing :)
  This fixes a bug introduced in cryptsetup version 2.3.2.

* TrueCrypt/VeraCrypt compatible mode now supports the activation of devices
  with a larger sector.

  TrueCrypt/VeraCrypt always uses 512-byte sector for encryption, but for devices
  with a larger native sector, it stores this value in the header.

  This patch allows activation of such devices, basically ignoring
  the mentioned sector size.

* LUKS2: Do not create excessively large headers.

  When creating a LUKS2 header with a specified --offset larger than
  the LUKS2 header size, do not create a larger file than needed.

* Fix unspecified sector size for BitLocker compatible mode.

  Some BitLocker devices can contain zeroed sector size in the header.
  In this case, the 512-byte sector should be used.
  The bug was introduced in version 2.3.3.

* Fix reading key data size in metadata for BitLocker compatible mode.

  Such devices with an unexpected entry in metadata can now be activated.

  Thanks to all users reporting these problems, BitLocker metadata documentation
  is not publicly available, and we depend only on these reports.

* Fix typos in documentation.

Name	Size	Permission
AUTHORS	137 bytes	0644
FAQ.md	142358 bytes	0644
v1.0.7-ReleaseNotes	2921 bytes	0644
v1.1.0-ReleaseNotes	5037 bytes	0644
v1.1.1-ReleaseNotes	1796 bytes	0644
v1.1.2-ReleaseNotes	1594 bytes	0644
v1.1.3-ReleaseNotes	482 bytes	0644
v1.2.0-ReleaseNotes	4856 bytes	0644
v1.3.0-ReleaseNotes	4751 bytes	0644
v1.3.1-ReleaseNotes	421 bytes	0644
v1.4.0-ReleaseNotes	5317 bytes	0644
v1.4.1-ReleaseNotes	889 bytes	0644
v1.4.2-ReleaseNotes	1634 bytes	0644
v1.4.3-ReleaseNotes	2363 bytes	0644
v1.5.0-ReleaseNotes	8610 bytes	0644
v1.5.1-ReleaseNotes	1295 bytes	0644
v1.6.0-ReleaseNotes	9526 bytes	0644
v1.6.1-ReleaseNotes	1041 bytes	0644
v1.6.2-ReleaseNotes	989 bytes	0644
v1.6.3-ReleaseNotes	1859 bytes	0644
v1.6.4-ReleaseNotes	2040 bytes	0644
v1.6.5-ReleaseNotes	2483 bytes	0644
v1.6.6-ReleaseNotes	1093 bytes	0644
v1.6.7-ReleaseNotes	3341 bytes	0644
v1.6.8-ReleaseNotes	2065 bytes	0644
v1.7.0-ReleaseNotes	3101 bytes	0644
v1.7.1-ReleaseNotes	1371 bytes	0644
v1.7.2-ReleaseNotes	1487 bytes	0644
v1.7.3-ReleaseNotes	811 bytes	0644
v1.7.4-ReleaseNotes	661 bytes	0644
v1.7.5-ReleaseNotes	833 bytes	0644
v2.0.0-ReleaseNotes	26631 bytes	0644
v2.0.1-ReleaseNotes	4864 bytes	0644
v2.0.2-ReleaseNotes	4171 bytes	0644
v2.0.3-ReleaseNotes	5340 bytes	0644
v2.0.4-ReleaseNotes	5018 bytes	0644
v2.0.5-ReleaseNotes	4407 bytes	0644
v2.0.6-ReleaseNotes	4264 bytes	0644
v2.1.0-ReleaseNotes	8901 bytes	0644
v2.2.0-ReleaseNotes	11884 bytes	0644
v2.2.1-ReleaseNotes	1413 bytes	0644
v2.2.2-ReleaseNotes	2151 bytes	0644
v2.3.0-ReleaseNotes	7982 bytes	0644
v2.3.1-ReleaseNotes	1770 bytes	0644
v2.3.2-ReleaseNotes	1503 bytes	0644
v2.3.3-ReleaseNotes	1396 bytes	0644
v2.3.4-ReleaseNotes	4431 bytes	0644
v2.3.5-ReleaseNotes	7419 bytes	0644
v2.3.6-ReleaseNotes	2316 bytes	0644
v2.4.0-ReleaseNotes	11885 bytes	0644
v2.4.1-ReleaseNotes	1942 bytes	0644
v2.4.2-ReleaseNotes	1375 bytes	0644
v2.4.3-ReleaseNotes	4752 bytes	0644
v2.5.0-ReleaseNotes	11549 bytes	0644
v2.6.0-ReleaseNotes	8724 bytes	0644
v2.6.1-ReleaseNotes	2112 bytes	0644
v2.7.0-ReleaseNotes	17826 bytes	0644
v2.7.1-ReleaseNotes	1146 bytes	0644
v2.7.2-ReleaseNotes	1175 bytes	0644

File Content: v2.3.4-ReleaseNotes

File Content: `v2.3.4-ReleaseNotes`