Version: 0.11.3-bp155.1.8
* Fri Oct 14 2022 Fabian Vogt <fvogt@suse.com>
- Update to v0.11.3:
* Fixed build issue on systems with libfmt 9.0
* Fixed build issue on Apple Silicon Macs
* Fixed build issue on systems that only have python3 but no
python executable
- Use python3-base instead of python for building
- Use %autosetup
* Mon Aug 01 2022 Andreas Stieger <andreas.stieger@gmx.de>
- add upstream signing key and verify source signature
* Tue Feb 22 2022 Paolo Stivanin <info@paolostivanin.com>
- Update to v0.11.2:
* Time to mount a file system was very long because the build
didn't correctly use OpenMP. This is now fixed and file systems
should open faster again.
* Fix building of the range-v3 dependency. The conan remote URL
for this dependency changed and we have to use the new URL.
* Update to CryptoPP 8.6. This fixes a rare bug where
CryptoPP 8.5 encrypts data wrongly.
* cryfs-unmount correctly unmounts paths that contain spaces.
* Updated to DokanY 1.2.2.1001.
* Sun Oct 03 2021 Andreas Stieger <andreas.stieger@gmx.de>
- remove cryptopp build dependency, library is bundled
* Mon Sep 27 2021 munix9@googlemail.com
- Update to upstream version 0.11.0
* Backwards Compatibility:
- Filesystems created with CryFS 0.10.x can be mounted without
requiring a migration.
- Filesystems created with CryFS 0.11.x can be mounted by CryFS
0.10.x if you configure it to use a cipher supported by CryFS
0.10.x, e.g. AES-256-GCM. The new default, XChaCha20-Poly1305,
is not supported by CryFS 0.10.x.
* Security:
- Added the XChaCha20-Poly1305 encryption cipher. For new
filesystems, this will be the default, but you're still able
to create a filesystem with the previous default of AES-256-GCM
by saying "no" to the "use default settings?" question when
creating the file system. Also, old filesystems will not be
automatically converted and will keep using AES-256-GCM.
XChaCha20-Poly1305 is significantly slower than AES-256-GCM
on modern CPUs, but it is more secure for large filesystems
(>64GB).
For AES-256-GCM, it is recommended to encrypt at most 2^32
blocks, which at the CryFS default block size of 16KB would
be 64GB. The more the filesystem grows above that, the more
likely it gets that a nonce gets reused and the two
corresponding blocks become decryptable by an adversary.
Other blocks would not be affected, but an adversary being
able to access those two blocks (i.e. 64KB of the stored data)
is bad enough. See Section 8.3 in
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf
XChaCha20-Poly1305 does not suffer from this constraint and
stays secure even if the filesystem gets very large.
* New platforms:
- CryFS now works on devices with Apple M1 silicon
* Build changes:
- Switch to Conan package manager
- Allow an easy way to modify how the dependencies are found.
This is mostly helpful for package maintainers. See "Using
local dependencies" in the README.
- Build with macFUSE instead of osxfuse on OSX
- Now requires CMake 3.10 or later, and GCC 7 or later,
or Clang 7 or later
- Fix a build issue on Gentoo systems
- Fix a build issue when building with boost 1.77
* Improvements:
- Display the file system configuration when mounting a file system
- Now shows a better error message when failing to load the config
file that distinguishes between "wrong password" and "config file
not found".
* New features:
- Add support for atime mount options (noatime, strictatime,
relatime, atime, nodiratime).
- The new default is now noatime (in 0.10.x is was relatime).
Noatime reduces the amount of writes necessary and with that
reduces the probability of synchronization conflicts, and the
probability of corrupted file systems if a power outage
happens while writing.
- Add an --immediate flag to cryfs-unmount that tries to unmount
immediately and doesn't wait for processes to release their
locks on the file system.
- Add a --create-missing-basedir and --create-missing-mountpoint
flag to create the base directory and mount directory respectively,
if they don't exist, skipping the confirmation prompt.
* Other:
- Updated to spdlog 1.8.5
- Updated to ranges-v3 0.11.0
- Updated to boost 1.75
- Updated to crypto++ 8.5
* Clean up spec file
* Tue May 12 2020 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Enable '-msse4.1' only on x86 and x86_64
* Thu Oct 17 2019 Richard Brown <rbrown@suse.com>
- Remove obsolete Groups tag (fate#326485)
* Wed Aug 14 2019 Michel Normand <normand@linux.vnet.ibm.com>
- Add _constraints for PowerPC for 4G disk space to avoid
"No space left on device" error
* Thu Aug 01 2019 Michel Normand <normand@linux.vnet.ibm.com>
- disable lto for ppc64 bypass boo#1142574
* Sun Jul 07 2019 Klaas Freitag <opensuse@freisturz.de>
- Update to upstream version 0.10.2
* Fix occasional crash in mkdir() on Windows
* Fix a race condition when a file descriptor is closed while there's
read/write requests for that file being processed.
* Better logging when local state can't be loaded
* Other fixes from version 0.10.1
* Fri Jul 05 2019 Michel Normand <normand@linux.vnet.ibm.com>
- Do not set DCMAKE_CXX_FLAGS="-msse4.1" for PowerPC
* Fri Mar 22 2019 Klaas Freitag <opensuse@freisturz.de>
- Update to upstream version 0.10.0, selected changes are:
* Integrity checks ensure you notice when someone modifies your file system.
* File system nodes (files, directories, symlinks) store a parent
pointer to the directory that contains them. This information can
be used in later versions to resolve some synchronization conflicts.
* Allow mounting using system mount tool and /etc/fstab
* Performance improvements
* Use relatime instead of strictatime (further performance improvement)
* cryfs-unmount tool to unmount filesystems-
* Sat Feb 02 2019 Klaas Freitag <opensuse@freisturz.de>
- Update to upstream version 0.9.10
* Fixed occasional deadlock (#64)
* Fix for reading empty files out of bounds
* Fixed race condition (#224 and #243)
* Tue Feb 27 2018 jengelh@inai.de
- Trim cleaning of buildroot, this is already implicit.
- Update description.