Opening a new bug for 1.1.x series, as told at #277990. Please add this to portage tree, too. Changes compared to 1.0.7: 2009-11-14 Milan Broz <mbroz@redhat.com> * Add CRYPT_ prefix to enum defined in libcryptsetup.h. * Fix status call to fail when running as non-root user. * Check in configure if selinux libraries are required in static version. * Add temporary debug code to find processes locking internal device. * Simplify build system, use autopoint and clean gettext processing. * Use proper NLS macros and detection (so the message translation works again). * Version 1.1.0-rc3. 2009-09-30 Milan Broz <mbroz@redhat.com> * Fix exported symbols and versions in libcryptsetup. * Do not use internal lib functions in cryptsetup. * Add crypt_log to library. * Fix crypt_remove_device (remove, luksClose) implementation. * Move dm backend initialisation to library calls. * Move duplicate Command failed message to verbose level (error is printed always). * Add some password and used algorithms notes to man page. * Version 1.1.0-rc2. 2009-09-28 Milan Broz <mbroz@redhat.com> * Add luksHeaderBackup and luksHeaderRestore commands. * Fail passphrase read if piped input no longer exists. * Version 1.1.0-rc1. 2009-09-15 Milan Broz <mbroz@redhat.com> * Initialize crypto library before LUKS header load. * Fix manpage to not require --size which expands to device size by default. 2009-09-10 Milan Broz <mbroz@redhat.com> * Clean up Makefiles and configure script. * Version 1.1.0-test0. 2009-09-08 Milan Broz <mbroz@redhat.com> * Use dm-uuid for all crypt devices, contains device type and name now. * Try to read first sector from device to properly check that device is ready. 2009-09-02 Milan Broz <mbroz@redhat.com> * Add luksSuspend (freeze device and wipe key) and luksResume (with provided passphrase). 2009-08-30 Milan Broz <mbroz@redhat.com> * Require device device-mapper to build and do not use backend wrapper for dm calls. * Move memory locking and dm initialization to command layer. * Increase priority of process if memory is locked. * Add log macros and make logging modre consitent. * Move command successful messages to verbose level. * Introduce --debug parameter. * Move device utils code and provide context parameter (for log). * Keyfile now must be provided by path, only stdin file descriptor is used (api only). * Do not call isatty() on closed keyfile descriptor. * Run performance check for PBKDF2 from LUKS code, do not mix hash algoritms results. * Add ability to provide pre-generated master key and UUID in LUKS header format. * Add LUKS function to verify master key digest. * Move key slot manuipulation function into LUKS specific code. * Replace global options struct with separate parameters in helper functions. * Add new libcryptsetup API (documented in libcryptsetup.h). * Implement old API calls using new functions. * Remove old API code helper functions. * Add --master-key-file option for luksFormat and luksAddKey. 2009-08-17 Milan Broz <mbroz@redhat.com> * Fix PBKDF2 speed calculation for large passhrases. * Allow using passphrase provided in options struct for LuksOpen. * Allow restrict keys size in LuksOpen. 2009-07-30 Milan Broz <mbroz@redhat.com> * Fix errors when compiled with LUKS_DEBUG. * Print error when getline fails. * Remove po/cryptsetup-luks.pot, it's autogenerated. * Return ENOENT for empty keyslots, EINVAL will be used later for other type of error. * Switch PBKDF2 from internal SHA1 to libgcrypt, make hash algorithm not hardcoded to SHA1 here. * Add required parameters for changing hash used in LUKS key setup scheme. * Do not export simple XOR helper now used only inside AF functions. * Completely remove internal SHA1 implementanion code, not needed anymore. * Enable hash algorithm selection for LUKS through -h luksFormat option. 2009-07-28 Milan Broz <mbroz@redhat.com> * Pad luks header to 512 sector size. * Rework read/write blockwise to not split operation to many pieces. * Use posix_memalign if available. 2009-07-22 Milan Broz <mbroz@redhat.com> * Fix segfault if provided slot in luksKillslot is invalid. * Remove unneeded timeout when remove of temporary device succeeded.
rc4 released http://code.google.com/p/cryptsetup/wiki/Cryptsetup110rc
Here is the link to the new release of cryptsetup (1.1.0) http://code.google.com/p/cryptsetup/wiki/Cryptsetup110
If someone is interested I found one: https://www.pentoo.ch/pentoo/browser/portage/trunk/sys-fs/cryptsetup/cryptsetup-1.1.0_rc3.ebuild
InCVS, please test.
(In reply to comment #4) > InCVS, please test. Thanks! Works fine for me.
Please add BIG WARN to ebuild about it: * IMPORTANT: the default compiled-in cipher parameters changed o plain mode: aes-cbc-essiv:sha256 (default is backward incompatible!). o LUKS mode: aes-cbc-essiv:sha256 (only key size increased) o In both modes is now default key size 256bits. o Default compiled-in parameters are now cofigurable through configure options: --with-plain-* / --with-luks1-* (see configure --help) o If you need backward compatible defaults for distribution use configure --with-plain-mode=cbc-plain --with-luks1-keybits=128 * Default compiled-in modes are printed in "cryptsetup --help" output. Hope this helps someone else, not just me
