From c75b7fcc7f4794c79d73278a7cdecc60b21fbd6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= Date: Thu, 15 Feb 2024 16:08:30 +0100 Subject: OTP-26.2.1 --- early-plugins.mk | 4 +- release-notes/OTP-26.2.1.README.txt | 101 ++++++++++++++++++++++++++++++++++++ 2 files changed, 103 insertions(+), 2 deletions(-) create mode 100644 release-notes/OTP-26.2.1.README.txt diff --git a/early-plugins.mk b/early-plugins.mk index d2aaff8..b7a2ffa 100644 --- a/early-plugins.mk +++ b/early-plugins.mk @@ -20,7 +20,7 @@ OTP-22 := OTP-22.0.7 OTP-22.1.8 OTP-22.2.8 OTP-22.3.4.26 OTP-23 := OTP-23.0.4 OTP-23.1.5 OTP-23.2.7.3 OTP-23.3.4.19 OTP-24 := OTP-24.0.6 OTP-24.1.7 OTP-24.2.2 OTP-24.3.4.16 OTP-25 := OTP-25.0.4 OTP-25.1.2.1 OTP-25.2.3 OTP-25.3.2.9 -OTP-26 := OTP-26.0.2 OTP-26.1.2 OTP-26.2 +OTP-26 := OTP-26.0.2 OTP-26.1.2 OTP-26.2.1 OTP-18+ := $(OTP-18) $(OTP-19) $(OTP-20) $(OTP-21) $(OTP-22) $(OTP-23) $(OTP-24) $(OTP-25) $(OTP-26) OTP-19+ := $(OTP-19) $(OTP-20) $(OTP-21) $(OTP-22) $(OTP-23) $(OTP-24) $(OTP-25) $(OTP-26) @@ -112,7 +112,7 @@ OTP-25-DROPPED := OTP-25.0-rc1 OTP-25.0-rc2 OTP-25.0-rc3 OTP-25.0 \ OTP-25.2.1 OTP-25.2.2 OTP-25.3 OTP-25.3.1 OTP-25.3.2 OTP-25.3.2.1 OTP-25.3.2.2 \ OTP-25.3.2.3 OTP-25.3.2.4 OTP-25.3.2.5 OTP-25.3.2.6 OTP-25.3.2.7 OTP-25.3.2.8 OTP-26-DROPPED := OTP-26.0-rc3 \ - OTP-26.0 OTP-26.0.1 OTP-26.1 OTP-26.1.1 + OTP-26.0 OTP-26.0.1 OTP-26.1 OTP-26.1.1 OTP-26.2 OTP-DROPPED := $(OTP-18-DROPPED) $(OTP-19-DROPPED) $(OTP-20-DROPPED) \ $(OTP-21-DROPPED) $(OTP-22-DROPPED) $(OTP-23-DROPPED) $(OTP-24-DROPPED) diff --git a/release-notes/OTP-26.2.1.README.txt b/release-notes/OTP-26.2.1.README.txt new file mode 100644 index 0000000..cced400 --- /dev/null +++ b/release-notes/OTP-26.2.1.README.txt @@ -0,0 +1,101 @@ +Patch Package: OTP 26.2.1 +Git Tag: OTP-26.2.1 +Date: 2023-12-18 +Trouble Report Id: OTP-18897, OTP-18902, OTP-18903 +Seq num: +System: OTP +Release: 26 +Application: erts-14.2.1, ssh-5.1.1 +Predecessor: OTP 26.2 + + Check out the git tag OTP-26.2.1, and build a full OTP system + including documentation. Apply one or more applications from this + build as patches to your installation using the 'otp_patch_apply' + tool. For information on install requirements, see descriptions for + each application version below. + + --------------------------------------------------------------------- + --- POTENTIAL INCOMPATIBILITIES ------------------------------------- + --------------------------------------------------------------------- + + OTP-18897 Application(s): ssh + + With this change (being response to CVE-2023-48795), + ssh can negotiate "strict KEX" OpenSSH extension with + peers supporting it; also + 'chacha20-poly1305@openssh.com' algorithm becomes a + less preferred cipher. + + If strict KEX availability cannot be ensured on both + connection sides, affected encryption modes(CHACHA and + CBC) can be disabled with standard ssh configuration. + This will provide protection against vulnerability, but + at a cost of affecting interoperability. See + Configuring algorithms in SSH. + + + --------------------------------------------------------------------- + --- OTP-26.2.1 ------------------------------------------------------ + --------------------------------------------------------------------- + + --- Fixed Bugs and Malfunctions --- + + OTP-18903 Application(s): otp + + Updated copyright and license information. + + + --------------------------------------------------------------------- + --- erts-14.2.1 ----------------------------------------------------- + --------------------------------------------------------------------- + + The erts-14.2.1 application can be applied independently of other + applications on a full OTP 26 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-18902 Application(s): erts + + Removed unnecessary PCRE source tar-ball. + + + Full runtime dependencies of erts-14.2.1: kernel-9.0, sasl-3.3, + stdlib-4.1 + + + --------------------------------------------------------------------- + --- ssh-5.1.1 ------------------------------------------------------- + --------------------------------------------------------------------- + + The ssh-5.1.1 application can be applied independently of other + applications on a full OTP 26 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-18897 Application(s): ssh + + *** POTENTIAL INCOMPATIBILITY *** + + With this change (being response to CVE-2023-48795), + ssh can negotiate "strict KEX" OpenSSH extension with + peers supporting it; also + 'chacha20-poly1305@openssh.com' algorithm becomes a + less preferred cipher. + + If strict KEX availability cannot be ensured on both + connection sides, affected encryption modes(CHACHA and + CBC) can be disabled with standard ssh configuration. + This will provide protection against vulnerability, but + at a cost of affecting interoperability. See + Configuring algorithms in SSH. + + + Full runtime dependencies of ssh-5.1.1: crypto-5.0, erts-14.0, + kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0, + stdlib-5.0 + + + --------------------------------------------------------------------- + --------------------------------------------------------------------- + --------------------------------------------------------------------- + -- cgit v1.2.3