summaryrefslogtreecommitdiffstats
path: root/ChangeLog.txt
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r--ChangeLog.txt39
1 files changed, 39 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt
index cabbb0122..79e15a88c 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,42 @@
+Sun Sep 26 18:57:07 UTC 2021
+a/kernel-generic-5.14.8-x86_64-1.txz: Upgraded.
+a/kernel-huge-5.14.8-x86_64-1.txz: Upgraded.
+a/kernel-modules-5.14.8-x86_64-1.txz: Upgraded.
+ap/itstool-2.0.7-x86_64-1.txz: Upgraded.
+d/kernel-headers-5.14.8-x86-1.txz: Upgraded.
+k/kernel-source-5.14.8-noarch-1.txz: Upgraded.
+l/libmtp-1.1.19-x86_64-1.txz: Upgraded.
+n/getmail-6.18.4-x86_64-1.txz: Upgraded.
+n/openssh-8.8p1-x86_64-1.txz: Upgraded.
+ Please note "Potentially-incompatible changes" from the release notes:
+ This release disables RSA signatures using the SHA-1 hash algorithm
+ by default. This change has been made as the SHA-1 hash algorithm is
+ cryptographically broken, and it is possible to create chosen-prefix
+ hash collisions for <USD$50K [1]
+ For most users, this change should be invisible and there is
+ no need to replace ssh-rsa keys. OpenSSH has supported RFC8332
+ RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys
+ will automatically use the stronger algorithm where possible.
+ Incompatibility is more likely when connecting to older SSH
+ implementations that have not been upgraded or have not closely tracked
+ improvements in the SSH protocol. For these cases, it may be necessary
+ to selectively re-enable RSA/SHA1 to allow connection and/or user
+ authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
+ options. For example, the following stanza in ~/.ssh/config will enable
+ RSA/SHA1 for host and user authentication for a single destination host:
+ Host old-host
+ HostkeyAlgorithms +ssh-rsa
+ PubkeyAcceptedAlgorithms +ssh-rsa
+ We recommend enabling RSA/SHA1 only as a stopgap measure until legacy
+ implementations can be upgraded or reconfigured with another key type
+ (such as ECDSA or Ed25519).
+ [1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
+ Application to the PGP Web of Trust" Leurent, G and Peyrin, T
+ (2020) https://eprint.iacr.org/2020/014.pdf
+isolinux/initrd.img: Rebuilt.
+kernels/*: Upgraded.
+usb-and-pxe-installers/usbboot.img: Rebuilt.
++--------------------------+
Sat Sep 25 19:32:08 UTC 2021
a/coreutils-9.0-x86_64-2.txz: Rebuilt.
DIR_COLORS: Add support for .tzst, .zst, .flv, and .m2t extensions.