8000 Releases · cryfs/cryfs · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Releases: cryfs/cryfs

1.0.1

24 Nov 12:20
Compare
Choose a tag to compare

Fixes

  • On Windows, don't error but just show a warning when the -f flag is provided. This re-establishes backwards compatibility with cryfs 0.11.

Dependency Updates

  • range-v3 cci.20240905

1.0.0

09 Nov 02:33
Compare
Choose a tag to compare

Backwards Compatibility:

  • Filesystems created with CryFS 0.11.x and CryFS 1.0.0 are fully compatible with each other. The storage format hasn't changed.
  • This means filesystems created with 0.10.x or 0.11.x can be mounted without requiring a migration.
  • Filesystems created with 1.0.0 or 0.11.x can be mounted by CryFS 0.10.x, but only if you configure it to use a cipher supported by CryFS 0.10.x, e.g. AES-256-GCM. The new default, XChaCha20-Poly1305, is not supported by CryFS 0.10.x.

Fixes/Improvements

  • Added a man page for cryfs-unmount
  • Fixed small inaccuracy in calculation of free space in statvfs
  • Fix an issue when using -o atime mount options
  • On Windows
    • when the wrong DokanY version is installed, or DokanY is not installed, show an error instead of letting it look like mounting succeeded.
    • remove '-f' flag and always run CryFS in foreground mode. Background mode didn't work anyways but attempting to use it would swallow logs and errors. Now they show up correctly.
    • show better error message when attempting to mount to a non-drive mount path
    • libcurl now uses SChannel for SSL instead of OpenSSL. OpenSSL used to have problems finding certificate authorities, but with SChannel, things work fine.
  • Fix some Windows build issues when using Visual Studio 2022. Visual Studio 2019 worked fine but 2022 introduced some breaking changes.
  • Fix some MacOS build issues

Build changes

  • Requires CMake 3.25
  • Remove Windows 32bit build, only 64bit remains supported
  • Remove MacOS gcc build, only clang remains supported
  • Migrate build from Conan 1.x to Conan 2.x
  • There is now an easier way to opt-out of conan. CMake now works directly and without conan if the necessary dependencies are already installed.
  • Remove apt.cryfs.org from the .deb package generation process since that repository isn't being used anymore
  • We now only link to libcurl if CRYFS_UPDATE_CHECKS is enabled. If the compile time flag is disabled,
    that already disabled update checks in previous versions, but needlessly still linked to libcurl.
    Now the flag will fully remove the libcurl dependency from the build.

Dependency Updates

  • Fuse 2.9
  • DokanY 2.2.0.1000
  • Crypto++ 8.9
  • range-v3 0.12.0
  • boost 1.84
  • spdlog 1.14.1
  • gtest 1.15.0
  • Use libcurl dependency from conan instead of requiring it to be preinstalled. Cut away most of it to minimize dependencies, only keep the minimum needed for querying Cryfs release information.
  • Use gtest dependency from conan instead of having it in the vendor/ directory of the repository

1.0.0-rc1

02 Oct 21:33
Compare
Choose a tag to compare
1.0.0-rc1 Pre-release
Pre-release

PRE-RELEASE

Backwards Compatibility

  • Filesystems created with CryFS 0.11.x and CryFS 1.0.0 are fully compatible with each other. The storage format hasn't changed.
  • This means filesystems created with 0.10.x or 0.11.x can be mounted without requiring a migration.
  • Filesystems created with 1.0.0 or 0.11.x can be mounted by CryFS 0.10.x, but only if you configure it to use a cipher supported by CryFS 0.10.x, e.g. AES-256-GCM. The new default, XChaCha20-Poly1305, is not supported by CryFS 0.10.x.

Fixes/Improvements

  • Added a man page for cryfs-unmount
  • Fixed small inaccuracy in calculation of free space in statvfs
  • Fix an issue when using -o atime mount options
  • On Windows
    • when the wrong DokanY version is installed, or DokanY is not installed, show an error instead of letting it look like mounting succeeded.
    • remove '-f' flag and always run CryFS in foreground mode. Background mode didn't work anyways but attempting to use it would swallow logs and errors. Now they show up correctly.
    • show better error message when attempting to mount to a non-drive mount path
    • libcurl now uses SChannel for SSL instead of OpenSSL. OpenSSL used to have problems finding certificate authorities, but with SChannel, things work fine.
  • Fix some Windows build issues when using Visual Studio 2022. Visual Studio 2019 worked fine but 2022 introduced some breaking changes.
  • Fix some MacOS build issues

Build changes

  • Requires CMake 3.25
  • Remove Windows 32bit build, only 64bit remains supported
  • Remove MacOS gcc build, only clang remains supported
  • Migrate build from Conan 1.x to Conan 2.x
  • There is now an easier way to opt-out of conan. CMake now works directly and without conan if the necessary dependencies are already installed.
  • Remove apt.cryfs.org from the .deb package generation process since that repository isn't being used anymore
  • We now only link to libcurl if CRYFS_UPDATE_CHECKS is enabled. If the compile time flag is disabled,
    that already disabled update checks in previous versions, but needlessly still linked to libcurl.
    Now the flag will fully remove the libcurl dependency from the build.

Dependency Updates

  • Fuse 2.9
  • DokanY 2.2.0.1000
  • Crypto++ 8.9
  • range-v3 0.12.0
  • boost 1.84
  • spdlog 1.14.1
  • gtest 1.15.0
  • Use libcurl dependency from conan instead of requiring it to be preinstalled. Cut away most of it to minimize dependencies, only keep the minimum needed for querying Cryfs release information.
  • Use gtest dependency from conan instead of having it in the vendor/ directory of the repository

0.11.4

20 Jul 05:33
Compare
Choose a tag to compare
  • Fixed build issue with GCC 13 (see #448 )
  • Fixed build issue with Python 3.12 (see #459 )

0.11.3

12 Oct 19:49
Compare
Choose a tag to compare
  • Fixed build issue on systems with libfmt 9.0 (see #432 )
  • Fixed build issue on Apple Silicon Macs (see cryfs/homebrew-tap#10 )
  • Fixed build issue on systems that only have python3 but no python executable (see cryfs/homebrew-tap#12 )

0.11.2

22 Feb 05:25
Compare
Choose a tag to compare

Bugfix:

  • Time to mount a file system was very long because the build didn't correctly use OpenMP. This is now fixed and file systems should open faster again.
8000

0.11.1

23 Dec 08:18
Compare
Choose a tag to compare

Bugfix:

  • Fix building of the range-v3 dependency. The conan remote URL for this dependency changed and we have to use the new URL. See #398
  • Update to CryptoPP 8.6. This fixes a rare bug where CryptoPP 8.5 encrypts data wrongly, see weidai11/cryptopp#1069
  • cryfs-unmount correctly unmounts paths that contain spaces, see #372
  • Updated to DokanY 1.2.2.1001

0.11.0

22 Aug 17:27
ca6c14d
Compare
Choose a tag to compare

Backwards Compatibility:

  • Filesystems created with CryFS 0.10.x can be mounted without requiring a migration.
  • Filesystems created with CryFS 0.11.x can be mounted by CryFS 0.10.x if you configure it to use a cipher supported by CryFS 0.10.x, e.g. AES-256-GCM. The new default, XChaCha20-Poly1305, is not supported by CryFS 0.10.x.

Security:

  • Added the XChaCha20-Poly1305 encryption cipher. For new filesystems, this will be the default, but you're still able to create a filesystem with the previous default of AES-256-GCM
    by saying "no" to the "use default settings?" question when creating the file system. Also, old filesystems will not be automatically converted and will keep using AES-256-GCM.
    XChaCha20-Poly1305 is significantly slower than AES-256-GCM on modern CPUs, but it is more secure for large filesystems (>64GB).
    For AES-256-GCM, it is recommended to encrypt at most 2^32 blocks, which at the CryFS default block size of 16KB would be 64GB. The more the filesystem grows above that, the
    more likely it gets that a nonce gets reused and the two corresponding blocks become decryptable by an adversary. Other blocks would not be affected, but an adversary being
    able to access those two blocks (i.e. 64KB of the stored data) is bad enough. See Section 8.3 in https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf
    XChaCha20-Poly1305 does not suffer from this constraint and stays secure even if the filesystem gets very large.

New platforms:

  • CryFS now works on devices with Apple M1 silicon

Build changes:

  • Switch to Conan package manager
  • Allow an easy way to modify how the dependencies are found. This is mostly helpful for package maintainers. See "Using local dependencies" in the README.
  • Build with macFUSE instead of osxfuse on OSX
  • Now requires CMake 3.10 or later, and GCC 7 or later, or Clang 7 or later
  • Fix a build issue on Gentoo systems
  • Fix a build issue when building with boost 1.77

Improvements:

  • Display the file system configuration when mounting a file system
  • Now shows a better error message when failing to load the config file that distinguishes between "wrong password" and "config file not found".

New features:

  • Add support for atime mount options (noatime, strictatime, relatime, atime, nodiratime).
  • The new default is now noatime (in 0.10.x is was relatime).
    Noatime reduces the amount of writes necessary and with that reduces the probability of synchronization conflicts,
    and the probability of corrupted file systems if a power outage happens while writing.
  • Add an --immediate flag to cryfs-unmount that tries to unmount immediately and doesn't wait for processes to release their locks on the file system.
  • Add a --create-missing-basedir and --create-missing-mountpoint flag to create the base directory and mount directory respectively, if they don't exist, skipping the confirmation prompt.

Other:

  • Updated to spdlog 1.8.5
  • Updated to ranges-v3 0.11.0
  • Updated to boost 1.75
  • Updated to crypto++ 8.5

0.10.4

22 Aug 17:17
Compare
Choose a tag to compare

Fixed bugs:

  • Fixed an issue when compiling with GCC 11, see #389

0.11.0 Release Candidate 1

21 Jun 17:27
b0c29d6
Compare
Choose a tag to compare
Pre-release

Version 0.11.0

Security:

  • Added the XChaCha20-Poly1305 encryption cipher. For new filesystems, this will be the default, but you're still able to create a filesystem with the previous default of AES-256-GCM
    by saying "no" to the "use default settings?" question when creating the file system. Also, old filesystems will not be automatically converted and will keep using AES-256-GCM.
    XChaCha20-Poly1305 is significantly slower than AES-256-GCM on modern CPUs, but it is more secure for large filesystems (>64GB).
    For AES-256-GCM, it is recommended to encrypt at most 2^32 blocks, which at the CryFS default block size of 16KB would be 64GB. The more the filesystem grows above that, the
    more likely it gets that a nonce gets reused and the two corresponding blocks become decryptable by an adversary. Other blocks would not be affected, but an adversary being
    able to access those two blocks (i.e. 64KB of the stored data) is bad enough. See Section 8.3 in https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf
    XChaCha20-Poly1305 does not suffer from this constraint and stays secure even if the filesystem gets very large.

New platforms:

  • CryFS now works on devices with Apple M1 silicon

Build changes:

  • Switch to Conan package manager
  • Allow an easy way to modify how the dependencies are found. This is mostly helpful for package maintainers.
  • Build with macFUSE instead of osxfuse on OSX
  • Now requires CMake 3.10 or later, and GCC 7 or later, or Clang 7 or later

Improvements:

  • Display the file system configuration when mounting a file system
  • Now shows a better error message when failing to load the config file that distinguishes between "wrong password" and "config file not found".

New features:

  • Add support for atime mount options (noatime, strictatime, relatime, atime, nodiratime).
  • The new default is now noatime (in 0.10.x is was relatime).
    Noatime reduces the amount of writes necessary and with that reduces the probability of synchronization conflicts,
    and the probability of corrupted file systems if a power outage happens while writing.
  • Add an --immediate flag to cryfs-unmount that tries to unmount immediately and doesn't wait for processes to release their locks on the file system.
  • Add a --create-missing-basedir and --create-missing-mountpoint flag to create the base directory and mount directory respectively, if they don't exist, skipping the confirmation prompt.

Other:

  • Updated to spdlog 1.8.5
  • Updated to ranges-v3 0.11.0
  • Updated to boost 1.75
  • Updated to crypto++ 8.5
0