diff options
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r-- | ChangeLog.txt | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index cabbb0122..79e15a88c 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,42 @@ +Sun Sep 26 18:57:07 UTC 2021 +a/kernel-generic-5.14.8-x86_64-1.txz: Upgraded. +a/kernel-huge-5.14.8-x86_64-1.txz: Upgraded. +a/kernel-modules-5.14.8-x86_64-1.txz: Upgraded. +ap/itstool-2.0.7-x86_64-1.txz: Upgraded. +d/kernel-headers-5.14.8-x86-1.txz: Upgraded. +k/kernel-source-5.14.8-noarch-1.txz: Upgraded. +l/libmtp-1.1.19-x86_64-1.txz: Upgraded. +n/getmail-6.18.4-x86_64-1.txz: Upgraded. +n/openssh-8.8p1-x86_64-1.txz: Upgraded. + Please note "Potentially-incompatible changes" from the release notes: + This release disables RSA signatures using the SHA-1 hash algorithm + by default. This change has been made as the SHA-1 hash algorithm is + cryptographically broken, and it is possible to create chosen-prefix + hash collisions for <USD$50K [1] + For most users, this change should be invisible and there is + no need to replace ssh-rsa keys. OpenSSH has supported RFC8332 + RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys + will automatically use the stronger algorithm where possible. + Incompatibility is more likely when connecting to older SSH + implementations that have not been upgraded or have not closely tracked + improvements in the SSH protocol. For these cases, it may be necessary + to selectively re-enable RSA/SHA1 to allow connection and/or user + authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms + options. For example, the following stanza in ~/.ssh/config will enable + RSA/SHA1 for host and user authentication for a single destination host: + Host old-host + HostkeyAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + We recommend enabling RSA/SHA1 only as a stopgap measure until legacy + implementations can be upgraded or reconfigured with another key type + (such as ECDSA or Ed25519). + [1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and + Application to the PGP Web of Trust" Leurent, G and Peyrin, T + (2020) https://eprint.iacr.org/2020/014.pdf +isolinux/initrd.img: Rebuilt. +kernels/*: Upgraded. +usb-and-pxe-installers/usbboot.img: Rebuilt. ++--------------------------+ Sat Sep 25 19:32:08 UTC 2021 a/coreutils-9.0-x86_64-2.txz: Rebuilt. DIR_COLORS: Add support for .tzst, .zst, .flv, and .m2t extensions. |