summaryrefslogtreecommitdiff
path: root/ChangeLog.txt
diff options
context:
space:
mode:
authorPatrick J Volkerding <volkerdi@slackware.com>2021-09-26 18:57:07 +0000
committerEric Hameleers <alien@slackware.com>2021-09-27 08:59:56 +0200
commitd66220bda595fffe9e5d8bf506be65e4a3dc7e50 (patch)
treeb6c19580b97d459e5b323987cfa1c083a2aa2aef /ChangeLog.txt
parent9e03634d298a015561dfa94c2f6ba892487e3f38 (diff)
downloadcurrent-d66220bda595fffe9e5d8bf506be65e4a3dc7e50.tar.gz
Sun Sep 26 18:57:07 UTC 202120210926185707
a/kernel-generic-5.14.8-x86_64-1.txz: Upgraded. a/kernel-huge-5.14.8-x86_64-1.txz: Upgraded. a/kernel-modules-5.14.8-x86_64-1.txz: Upgraded. ap/itstool-2.0.7-x86_64-1.txz: Upgraded. d/kernel-headers-5.14.8-x86-1.txz: Upgraded. k/kernel-source-5.14.8-noarch-1.txz: Upgraded. l/libmtp-1.1.19-x86_64-1.txz: Upgraded. n/getmail-6.18.4-x86_64-1.txz: Upgraded. n/openssh-8.8p1-x86_64-1.txz: Upgraded. Please note "Potentially-incompatible changes" from the release notes: This release disables RSA signatures using the SHA-1 hash algorithm by default. This change has been made as the SHA-1 hash algorithm is cryptographically broken, and it is possible to create chosen-prefix hash collisions for <USD$50K [1] For most users, this change should be invisible and there is no need to replace ssh-rsa keys. OpenSSH has supported RFC8332 RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys will automatically use the stronger algorithm where possible. Incompatibility is more likely when connecting to older SSH implementations that have not been upgraded or have not closely tracked improvements in the SSH protocol. For these cases, it may be necessary to selectively re-enable RSA/SHA1 to allow connection and/or user authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms options. For example, the following stanza in ~/.ssh/config will enable RSA/SHA1 for host and user authentication for a single destination host: Host old-host HostkeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa We recommend enabling RSA/SHA1 only as a stopgap measure until legacy implementations can be upgraded or reconfigured with another key type (such as ECDSA or Ed25519). [1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust" Leurent, G and Peyrin, T (2020) https://eprint.iacr.org/2020/014.pdf isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r--ChangeLog.txt39
1 files changed, 39 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt
index cabbb012..79e15a88 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,42 @@
+Sun Sep 26 18:57:07 UTC 2021
+a/kernel-generic-5.14.8-x86_64-1.txz: Upgraded.
+a/kernel-huge-5.14.8-x86_64-1.txz: Upgraded.
+a/kernel-modules-5.14.8-x86_64-1.txz: Upgraded.
+ap/itstool-2.0.7-x86_64-1.txz: Upgraded.
+d/kernel-headers-5.14.8-x86-1.txz: Upgraded.
+k/kernel-source-5.14.8-noarch-1.txz: Upgraded.
+l/libmtp-1.1.19-x86_64-1.txz: Upgraded.
+n/getmail-6.18.4-x86_64-1.txz: Upgraded.
+n/openssh-8.8p1-x86_64-1.txz: Upgraded.
+ Please note "Potentially-incompatible changes" from the release notes:
+ This release disables RSA signatures using the SHA-1 hash algorithm
+ by default. This change has been made as the SHA-1 hash algorithm is
+ cryptographically broken, and it is possible to create chosen-prefix
+ hash collisions for <USD$50K [1]
+ For most users, this change should be invisible and there is
+ no need to replace ssh-rsa keys. OpenSSH has supported RFC8332
+ RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys
+ will automatically use the stronger algorithm where possible.
+ Incompatibility is more likely when connecting to older SSH
+ implementations that have not been upgraded or have not closely tracked
+ improvements in the SSH protocol. For these cases, it may be necessary
+ to selectively re-enable RSA/SHA1 to allow connection and/or user
+ authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
+ options. For example, the following stanza in ~/.ssh/config will enable
+ RSA/SHA1 for host and user authentication for a single destination host:
+ Host old-host
+ HostkeyAlgorithms +ssh-rsa
+ PubkeyAcceptedAlgorithms +ssh-rsa
+ We recommend enabling RSA/SHA1 only as a stopgap measure until legacy
+ implementations can be upgraded or reconfigured with another key type
+ (such as ECDSA or Ed25519).
+ [1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
+ Application to the PGP Web of Trust" Leurent, G and Peyrin, T
+ (2020) https://eprint.iacr.org/2020/014.pdf
+isolinux/initrd.img: Rebuilt.
+kernels/*: Upgraded.
+usb-and-pxe-installers/usbboot.img: Rebuilt.
++--------------------------+
Sat Sep 25 19:32:08 UTC 2021
a/coreutils-9.0-x86_64-2.txz: Rebuilt.
DIR_COLORS: Add support for .tzst, .zst, .flv, and .m2t extensions.