diff --git a/README.md b/README.md index c2011af..af26567 100644 --- a/README.md +++ b/README.md @@ -196,7 +196,7 @@ RM: 2,367 Changelog --------- -v2.2.0, IN PROGRESS +#### v2.2.0, IN PROGRESS * **`-deterministic-names`: new option for `-init`**, both for reverse and forward mode. Disables file name randomisation & `gocryptfs.diriv` files ([#151](https://github.com/rfjakob/gocryptfs/issues/151), [#402](https://github.com/rfjakob/gocryptfs/issues/402), [#592](https://github.com/rfjakob/gocryptfs/pull/592)) @@ -219,7 +219,7 @@ v2.2.0, IN PROGRESS the [Go module versioning](https://golang.org/doc/modules/version-numbers) convention. Later releases will also follow the convention. -v2.1, 2021-08-18 +#### v2.1, 2021-08-18 * `-fido2`: do not request PIN on `gocryptfs -init` fixing `FIDO_ERR_UNSUPPORTED_OPTION` with YubiKey ([#571](https://github.com/rfjakob/gocryptfs/issues/571)) * `-sharedstorage`: present stable inode numbers, fixing getcwd failures @@ -238,19 +238,19 @@ v2.1, 2021-08-18 * Drop support for Go 1.11 & Go 1.12 ([commit](https://github.com/rfjakob/gocryptfs/commit/a5f88e86d186cdbc67e1efabd7aacf389775e027)) * You must have Go 1.13 or newer now -v2.0.1, 2021-06-07 +#### v2.0.1, 2021-06-07 * Fix symlink creation reporting the wrong size, causing git to report it as modified ([#574](https://github.com/rfjakob/gocryptfs/issues/574)) -v2.0, 2021-06-05 +#### v2.0, 2021-06-05 * Fix a few [issues discovered by xfstests](https://github.com/rfjakob/fuse-xfstests/wiki/results_2021-05-19) * Biggest change: rewrite SEEK_HOLE / SEEK_DATA logic (now emulates 4k alignment) -v2.0-beta4, 2021-05-15 +#### v2.0-beta4, 2021-05-15 * **Make ACLs *actually* work (pass `-acl` to enable)** ([#536](https://github.com/rfjakob/gocryptfs/issues/536)) * Blocklist `RENAME_EXCHANGE` and `RENAME_WHITEOUT` (broken as discovered by [fuse-xfstest/gocryptfs-2019-12](https://github.com/rfjakob/fuse-xfstests/tree/gocryptfs-2019-12)) -v2.0-beta3, 2021-04-24 +#### v2.0-beta3, 2021-04-24 * MANPAGE: Split options into sections acc. to where they apply ([#517](https://github.com/rfjakob/gocryptfs/issues/517)) * `-idle`: count cwd inside the mount as busy ([#533](https://github.com/rfjakob/gocryptfs/issues/533)) * Make `gocryptfs.diriv` and `gocryptfs.xxx.name` files world-readable to make encrypted backups easier @@ -269,11 +269,11 @@ v2.0-beta3, 2021-04-24 * Add directory fd caching for 2x - 3x speed boost in small file ops compared to v2.0-beta2 ([performance numbers](https://github.com/rfjakob/gocryptfs/blob/5cb1e55714aa92a848c0fb5fc3fa7b91625210fe/Documentation/performance.txt#L73)) -v2.0-beta2, 2020-11-14 +#### v2.0-beta2, 2020-11-14 * Improve [performance](Documentation/performance.txt#L69) * Fix [GETATTR panic](https://github.com/rfjakob/gocryptfs/issues/519#issuecomment-718790790) in reverse mode -v2.0-beta1, 2020-10-15 +#### v2.0-beta1, 2020-10-15 * **Switch to the improved go-fuse [v2 API](https://pkg.go.dev/github.com/hanwen/go-fuse/v2@v2.0.3/fs)** * This is a big change, a lot of code has been reorganized or rewritten to fit the v2 API model. @@ -292,7 +292,7 @@ v2.0-beta1, 2020-10-15 ([go-fuse #276](https://github.com/hanwen/go-fuse/issues/276), [gocryptfs commit ec74d1d](https://github.com/rfjakob/gocryptfs/commit/ec74d1d2f4217a9a337d1db9902f32ae2aecaf33)) -v1.8.0, 2020-05-09 +#### v1.8.0, 2020-05-09 * Enable ACL support ([#453](https://github.com/rfjakob/gocryptfs/issues/453)) * **Warning 2021-02-07**: This feature is incomplete! Do not use ACLs before gocryptfs v2.0 final! Reading and writing ACLs works, but they are not enforced or inherited ([#542](https://github.com/rfjakob/gocryptfs/issues/542)) @@ -317,7 +317,7 @@ v1.8.0, 2020-05-09 * Has been disabled since v1.7 due to issues a third-party module. * Please use FIDO2 instead (gocryptfs v2.0) -v1.7.1, 2019-10-06 +#### v1.7.1, 2019-10-06 * Support wild cards in reverse mode via `--exclude-wildcard` ([#367](https://github.com/rfjakob/gocryptfs/pull/367)). Thanks @ekalin! * Create `gocryptfs.diriv` files with 0440 permissions to make it easier to @@ -338,7 +338,7 @@ v1.7.1, 2019-10-06 * tests: use /var/tmp instead of /tmp by default ([commit 8c4429](https://github.com/rfjakob/gocryptfs/commit/8c4429408716d9890a98a48c246d616dbfea7e31)) -v1.7, 2019-03-17 +#### v1.7, 2019-03-17 * **Fix possible symlink race attacks in forward mode** when using allow_other + plaintextnames * If you use *both* `-allow_other` *and* `-plaintextnames`, you should upgrade. Malicious users could trick gocryptfs into modifying files outside of `CIPHERDIR`, @@ -371,11 +371,11 @@ v1.7, 2019-03-17 * Trezor support has been broken since Sept 2018 due to issues in a third-party module ([#261](https://github.com/rfjakob/gocryptfs/issues/261)) -v1.6.1, 2018-12-12 +#### v1.6.1, 2018-12-12 * Fix "Operation not supported" chmod errors on Go 1.11 ([#271](https://github.com/rfjakob/gocryptfs/issues/271)) -v1.6, 2018-08-18 +#### v1.6, 2018-08-18 * **Add `-e` / `-exclude` option** for reverse mode ([#235](https://github.com/rfjakob/gocryptfs/issues/235), [commit](https://github.com/rfjakob/gocryptfs/commit/ec2fdc19cf9358ae7ba09c528a5807b6b0760f9b)) @@ -389,7 +389,7 @@ v1.6, 2018-08-18 * Fall back to buffered IO even when passed `O_DIRECT` ([commit](https://github.com/rfjakob/gocryptfs/commit/893e41149ed353f355047003b89eeff456990e76)) -v1.5, 2018-06-12 +#### v1.5, 2018-06-12 * **Support extended attributes (xattr)** in forward mode ([#217](https://github.com/rfjakob/gocryptfs/issues/217)). Older gocryptfs versions will ignore the extended attributes. @@ -409,7 +409,7 @@ v1.5, 2018-06-12 * Stop printing the help text on a "flag provided but not defined" error ([commit](https://github.com/rfjakob/gocryptfs/commit/5ad26495fc86527bbfe75ac6b46528d49a373676)) -v1.4.4, 2018-03-18 +#### v1.4.4, 2018-03-18 * Overwrite secrets in memory with zeros as soon as possible ([#211](https://github.com/rfjakob/gocryptfs/issues/211)) * Fix Getdents problems on i386 and mips64le @@ -422,7 +422,7 @@ v1.4.4, 2018-03-18 [commit](https://github.com/hanwen/go-fuse/commit/a9ddcb8a4b609500fc59c89ccc9ee05f00a5fefd)) * Fix various test issues on MacOS -v1.4.3, 2018-01-21 +#### v1.4.3, 2018-01-21 * **Fix several symlink race attacks** in connection with reverse mode and allow_other. Thanks to @slackner for reporting and helping to fix the issues: @@ -440,7 +440,7 @@ v1.4.3, 2018-01-21 * MacOS: let OSXFuse create the mountpoint if it does not exist ([issue #194](https://github.com/rfjakob/gocryptfs/issues/194)) -v1.4.2, 2017-11-01 +#### v1.4.2, 2017-11-01 * Add `Gopkg.toml` file for `dep` vendoring and reproducible builds ([issue #142](https://github.com/rfjakob/gocryptfs/issues/142)) * MacOS: deal with `.DS_Store` files inside CIPHERDIR @@ -453,7 +453,7 @@ v1.4.2, 2017-11-01 * Fix a startup hang when `$PATH` contains the mountpoint ([issue #146](https://github.com/rfjakob/gocryptfs/issues/146)) -v1.4.1, 2017-08-21 +#### v1.4.1, 2017-08-21 * **Use memory pools for buffer handling** ( [3c6fe98](https://github.com/rfjakob/gocryptfs/commit/3c6fe98), [b2a23e9](https://github.com/rfjakob/gocryptfs/commit/b2a23e9), @@ -477,7 +477,7 @@ v1.4.1, 2017-08-21 * Enable writing to write-only files ([issue #125](https://github.com/rfjakob/gocryptfs/issues/125)) -v1.4, 2017-06-20 +#### v1.4, 2017-06-20 * **Switch to static binary releases** * From gocryptfs v1.4, I will only release statically-built binaries. These support all Linux distributions but cannot use OpenSSL. @@ -502,7 +502,7 @@ v1.4, 2017-06-20 ([commit 80516ed](https://github.com/rfjakob/gocryptfs/commit/80516ed3351477793eec882508969b6b29b69b0a)) * Add `-info` option to pretty-print infos about a filesystem. -v1.3, 2017-04-29 +#### v1.3, 2017-04-29 * **Use HKDF to derive separate keys for GCM and EME** * New feature flag: `HKDF` (enabled by default) * This is a forwards-compatible change. gocryptfs v1.3 can mount @@ -525,14 +525,14 @@ v1.3, 2017-04-29 that were compiled without Large File Support. * Passing "--" now also blocks "-o" parsing -v1.2.1, 2017-02-26 +#### v1.2.1, 2017-02-26 * Add an integrated speed test, `gocryptfs -speed` * Limit password size to 1000 bytes and reject trailing garbage after the newline * Make the test suite work on [Mac OS X](https://github.com/rfjakob/gocryptfs/issues/15) * Handle additional corner cases in `-ctlsock` path sanitization * Use dedicated exit code 12 on "password incorrect" -v1.2, 2016-12-04 +#### v1.2, 2016-12-04 * Add a control socket interface. Allows to encrypt and decrypt filenames. For details see [backintime#644](https://github.com/bit-team/backintime/issues/644#issuecomment-259835183). * New command-line option: `-ctlsock` @@ -551,14 +551,14 @@ v1.2, 2016-12-04 * Preserve owner for symlinks an device files (fixes bug [#64](https://github.com/rfjakob/gocryptfs/issues/64)) * Include rendered man page `gocryptfs.1` in the release tarball -v1.1.1, 2016-10-30 +#### v1.1.1, 2016-10-30 * Fix a panic on setting file timestamps ([go-fuse#131](https://github.com/hanwen/go-fuse/pull/131)) * Work around an issue in tmpfs that caused a panic in xfstests generic/075 ([gocryptfs#56](https://github.com/rfjakob/gocryptfs/issues/56)) * Optimize NFS streaming writes ([commit](https://github.com/rfjakob/gocryptfs/commit/a08d55f42d5b11e265a8617bee16babceebfd026)) -v1.1, 2016-10-19 +#### v1.1, 2016-10-19 * **Add reverse mode ([#19](https://github.com/rfjakob/gocryptfs/issues/19))** * AES-SIV (RFC5297) encryption to implement deterministic encryption securely. Uses the excellent @@ -584,7 +584,7 @@ v1.1, 2016-10-19 * Enable changing the password when you only know the master key ([#28](https://github.com/rfjakob/gocryptfs/issues/28)) -v1.0, 2016-07-17 +#### v1.0, 2016-07-17 * Deprecate very old filesystems, stage 3/3 * Filesystems created by v0.6 can no longer be mounted * Drop command-line options `-gcmiv128`, `-emenames`, `-diriv`. These @@ -598,7 +598,7 @@ v1.0, 2016-07-17 * Experimental Mac OS X support. See [ticket #15](https://github.com/rfjakob/gocryptfs/issues/15) for details. -v0.12, 2016-06-19 +#### v0.12, 2016-06-19 * Deprecate very old filesystems, stage 2/3 * Filesystems created by v0.6 and older can only be mounted read-only * A [message](https://github.com/rfjakob/gocryptfs/blob/v0.12/internal/configfile/config_file.go#L120) @@ -607,7 +607,7 @@ v0.12, 2016-06-19 * Mounts the filesystem read-only * Accept password from stdin as well ([ticket #30](https://github.com/rfjakob/gocryptfs/issues/30)) -v0.11, 2016-06-10 +#### v0.11, 2016-06-10 * Deprecate very old filesystems, stage 1/3 * Filesystems created by v0.6 and older can still be mounted but a [warning](https://github.com/rfjakob/gocryptfs/blob/v0.11/internal/configfile/config_file.go#L120) @@ -619,7 +619,7 @@ v0.11, 2016-06-10 * Build release binaries with Go 1.6.2 * Big speedup for CPUs with AES-NI, see [ticket #23](https://github.com/rfjakob/gocryptfs/issues/23) -v0.10, 2016-05-30 +#### v0.10, 2016-05-30 * **Replace `spacemonkeygo/openssl` with `stupidgcm`** * gocryptfs now has its own thin wrapper to OpenSSL's GCM implementation called `stupidgcm`. @@ -639,7 +639,7 @@ v0.10, 2016-05-30 * Fix a fsstress [failure](https://github.com/hanwen/go-fuse/issues/106) in the go-fuse library. -v0.9, 2016-04-10 +#### v0.9, 2016-04-10 * **Long file name support** * gocryptfs now supports file names up to 255 characters. * This is a forwards-compatible change. gocryptfs v0.9 can mount filesystems @@ -652,25 +652,25 @@ v0.9, 2016-04-10 * `-d`: Alias for `-debug` * `-q`: Alias for `-quiet` -v0.8, 2016-01-23 +#### v0.8, 2016-01-23 * Redirect output to syslog when running in the background * New command-line option: * `-memprofile`: Write a memory allocation debugging profile the specified file -v0.7.2, 2016-01-19 +#### v0.7.2, 2016-01-19 * **Fix performance issue in small file creation** * This brings performance on-par with EncFS paranoia mode, with streaming writes significantly faster * The actual [fix](https://github.com/hanwen/go-fuse/commit/c4b6b7949716d13eec856baffc7b7941ae21778c) is in the go-fuse library. There are no code changes in gocryptfs. -v0.7.1, 2016-01-09 +#### v0.7.1, 2016-01-09 * Make the `build.bash` script compatible with Go 1.3 * Disable fallocate on OSX (system call not available) * Introduce pre-built binaries for Fedora 23 and Debian 8 -v0.7, 2015-12-20 +#### v0.7, 2015-12-20 * **Extend GCM IV size to 128 bit from Go's default of 96 bit** * This pushes back the birthday bound to make IV collisions virtually impossible @@ -679,7 +679,7 @@ v0.7, 2015-12-20 * New command-line option: * `-gcmiv128`: Use 128-bit GCM IVs (default true) -v0.6, 2015-12-08 +#### v0.6, 2015-12-08 * **Wide-block filename encryption using EME + DirIV** * EME (ECB-Mix-ECB) provides even better security than CBC as it fixes the prefix leak. The used Go EME implementation is @@ -690,11 +690,11 @@ v0.6, 2015-12-08 * New command-line option: * `-emenames`: Enable EME filename encryption (default true) -v0.5.1, 2015-12-06 +#### v0.5.1, 2015-12-06 * Fix a rename regression caused by DirIV and add test case * Use fallocate to guard against out-of-space errors -v0.5, 2015-12-04 +#### v0.5, 2015-12-04 * **Stronger filename encryption: DirIV** * Each directory gets a random 128 bit file name IV on creation, stored in `gocryptfs.diriv` @@ -710,7 +710,7 @@ v0.5, 2015-12-04 can be used for faster mounting at the cost of lower brute-force resistance. It was mainly added to speed up the automated tests. -v0.4, 2015-11-15 +#### v0.4, 2015-11-15 * New command-line options: * `-plaintextnames`: disables filename encryption, added on user request * `-extpass`: calls an external program for prompting for the password @@ -721,15 +721,15 @@ v0.4, 2015-11-15 format changes. The first user is `-plaintextnames`. * On-disk format 2 -v0.3, 2015-11-01 +#### v0.3, 2015-11-01 * **Add a random 128 bit file header to authenticate file->block ownership** * This is an on-disk-format change * On-disk format 1 -v0.2, 2015-10-11 +#### v0.2, 2015-10-11 * Replace bash daemonization wrapper with native Go implementation * Better user feedback on mount failures -v0.1, 2015-10-07 +#### v0.1, 2015-10-07 * First release * On-disk format 0