Cryptsetup 2.6.1 Release Notes
==============================
Stable bug-fix release with minor extensions.
All users of cryptsetup 2.6.0 should upgrade to this version.
Changes since version 2.6.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* bitlk: Fixes for BitLocker-compatible on-disk metadata parser
(found by new cryptsetup OSS-Fuzz fuzzers).
- Fix a possible memory leak if the metadata contains more than
one description field.
- Harden parsing of metadata entries for key and description entries.
- Fix broken metadata parsing that can cause a crash or out of memory.
* Fix possible iteration overflow in OpenSSL2 PBKDF2 crypto backend.
OpenSSL2 uses a signed integer for PBKDF2 iteration count.
As cryptsetup uses an unsigned value, this can lead to overflow and
a decrease in the actual iteration count.
This situation can happen only if the user specifies
--pbkdf-force-iterations option.
OpenSSL3 (and other supported crypto backends) are not affected.
* Fix compilation for new ISO C standards (gcc with -std=c11 and higher).
* fvault2: Fix compilation with very old uuid.h.
* verity: Fix possible hash offset setting overflow.
* bitlk: Fix use of startup BEK key on big-endian platforms.
* Fix compilation with latest musl library.
Recent musl no longer implements lseek64() in some configurations.
Use lseek() as 64-bit offset is mandatory for cryptsetup.
* Do not initiate encryption (reencryption command) when the header and
data devices are the same.
If data device reduction is not requsted, this leads to data corruption
since LUKS metadata was written over the data device.
* Fix possible memory leak if crypt_load() fails.
* Always use passphrases with a minimal 8 chars length for benchmarking.
Some enterprise distributions decided to set an unconditional check
for PBKDF2 password length when running in FIPS mode.
This questionable change led to unexpected failures during LUKS format
and keyslot operations, where short passwords were used for
benchmarking PBKDF2 speed.
PBKDF2 benchmark calculations should not be affected by this change.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Remove downstream patch 004-missing-includes.patch which was merged
upstream in version 2.03.19
LVM2 changelog since version 2.03.17
version 2.03.22 - 02nd August 2023
==================================
Fix pv_major/pv_minor report field types so they are integers, not strings.
Add lvmdevices --delnotfound to delete entries for missing devices.
Always use cachepool name for metadata backup LV for lvconvert --repair.
Make metadata backup LVs read-only after pool's lvconvert --repair.
Improve VDO and Thin support with lvmlockd.
Handle 'lvextend --usepolicies' for pools for all activation variants.
Fix memleak in vgchange autoactivation setup.
Update py-compile building script.
Support conversion from thick to fully provisioned thin LV.
Cache/Thin-pool can use error and zero volumes for testing.
Individual thin volume can be cached, but cannot take snapshot.
Better internal support for handling error and zero target (for testing).
Resize COW above trimmed maximal size is does not return error.
Support parsing of vdo geometry format version 4.
Add lvm.conf thin_restore and cache_restore settings.
Handle multiple mounts while resizing volume with a FS.
Handle leading/trailing spaces in sys_wwid and sys_serial used by deivce_id.
Enhance lvm_import_vdo and use snapshot when converting VDO volume.
Fix parsing of VDO metadata.
Fix failing -S|--select for non-reporting cmds if using LV info/status fields.
Allow snapshots of raid+integrity LV.
Fix multisegment RAID1 allocator to prevent using single disk for more legs.
version 2.03.21 - 21st April 2023
=================================
Fix activation of vdo-pool for with 0 length headers (converted pools).
Avoid printing internal init messages when creation integration devices.
Allow (write)cache over raid+integrity LV.
version 2.03.20 - 21st March 2023
=================================
Fix segfault if using -S|--select with log/report_command_log=1 setting.
Configure now fails when requested lvmlockd dependencies are missing.
Add some configure Gentoo enhancements for static builds.
version 2.03.19 - 21st February 2023
====================================
Configure supports --with-systemd-run executed from udev rules.
Enhancement for build with MuslC systemd and non-bash system shells (dash).
Do not reset SYSTEMD_READY variable in udev for PVs on MD and loop devices.
Ensure udev is processing origin LV before its thick snapshots LVs.
Fix and improve runtime memory size detection for VDO volumes.
version 2.03.18 - 22nd December 2022
====================================
Fix issues reported by coverity scan.
Fix warning for thin pool overprovisioning on lvextend (2.03.17).
Add support for writecache metadata_only and pause_writeback settings.
Fix missing error messages in lvmdbusd.
DM changelog since version 1.02.187:
Version 1.02.196 - 02nd August 2023
===================================
Version 1.02.195 - 21st April 2023
==================================
Version 1.02.193 - 21st March 2023
==================================
Version 1.02.191 - 21st February 2023
=====================================
Improve parallel creation of /dev/mapper/control device node.
Import previous ID_FS_* udev records in 13-dm-disk.rules for suspended DM dev.
Remove NAME="mapper/control" rule from 10-dm.rules to avoid udev warnings.
Version 1.02.189 - 22nd December 2022
=====================================
Improve 'dmsetup create' without given table line with new kernels.
(Version 1.02.188 is missing)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
If 'collectd-mod-smart' is not enabled, the use of lubudev does not need
to be explicitly disabled. This library could be a dependency for other
modules in the future. If this is explicitly disabled, then the other
module cannot be built.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
I've noticed my AppleTV's refresh their leases ever minute unless
I explicitly force their renewal time higher, because it doesn't
default to 50% of the lease time.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
libudev-zero bump to 1.0.3. Resolves bug with USBIP.
Error behavior with USBIP attach:
libusbip: error: no available ports
usbip: error: open vhci_driver
usbip: error: list imported devices
Expected behaviour - USBIP:
root@OpenWrt:~# usbip port
Imported USB devices
Signed-off-by: Taylor Brown <taylorami@hotmail.com>
This loads the module, which should return the path of the CA bundle
and verifies that the file exists.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
mqtt plugin is already built and shipped in
collectd-mod-mqtt, however it is not possible to configure it via
uci currently, instead having to rely on populating the config file manually.
Add support by adding 2 functions, process_mqtt() and
process_mqtt_block(). First one just enables/disables the plugin.
The second one, in the spirit of the curl plugin, adds support for
populating multiple <Publish> and <Subscribe> blocks under <Plugin mqtt>
with support for some parameters. Those are:
* blocktype. Publish or Subscribe. Mandatory
* name. The name of the block. Mandatory
* Host. Mandatory
* Port. Optional
* User. Optional
* Password. Optional
* ClientId. Optional
* QoS. Optional
* Prefix. Optional
* Retain. Optional
* StoreRates. Optional
* CleanSession. Optional
* Topic. Optional
Bump PKG_RELEASE per comments in PR
Signed-off-by: Alexandros Kosiaris <akosiaris@gmail.com>
This commit updates openvpn to version 2.6.5 and add DCO support.
There are several changes:
- Starting with version 2.6.0, the sources are only provided as .tar.gz
file.
- removed OPENVPN_<variant>_ENABLE_MULTIHOME:
multihome support is always included and cannot be disabled anymore
with 2.6.x.
- removed OPENVPN_<variant>_ENABLE_DEF_AUTH:
deferred auth support is always included and cannot be disabled
anymore with 2.6.x.
- removed OPENVPN_<variant>_ENABLE_PF:
PF (packet filtering) support was removed in 2.6.x.
- The internal lz4 library was removed in 2.6.x; we now use the liblz4
package if needed
- To increase reproducibility, _DATE_ is only used for development
builds and not in release builds in 2.6.x.
- wolfSSL support was integrated into upstream openvpn
- DES support was removed from openvpn
The first two wolfSSL patches were created following these 2 commits:
4cf01c8e43028b501734
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
OpenVPN 2.6.2+ changes the way OpenVPN control packets are handled on
Linux when DCO is active, fixing the lockups observed with 2.6.0/2.6.1
under high client connect/disconnect activity. This is an INCOMPATIBLE
change and therefore an ovpn-dco kernel module older than v0.2.20230323
(commit ID 726fdfe0fa21) will not work anymore and must be upgraded.
The kernel module was renamed to "ovpn-dco-v2.ko" in order to highlight
this change and ensure that users and userspace software could easily
understand which version is loaded. Attempting to use the old ovpn-dco
with 2.6.2+ will lead to disabling DCO at runtime.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
This renames the source package to python-sqlparse to match other Python
packages.
This also updates the build dependencies; package now uses the flit-core
build backend.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
