V9.14.000.2026.06.07

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

upgrades/dropbear/SHA512SUM.asc

@@ -1,24 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-eb16a13aa44732cab4db009bd55903e45f8756598683377bfe55185fbf0e3265  CHANGES
-738b7f358547f0c64c3e1a56bbc5ef98d34d9ec6adf9ccdf01dc0bf2caa2bc8d  dropbear-2025.87.tar.bz2
-af24198895f604c2e114abe29a2f0c3fe30831e6db26e0f93fd5f78e734b61be  dropbear-2025.87.tar.bz2.asc
-783f50ea27b17c16da89578fafdb6decfa44bb8f6590e5698a4e4d3672dc53d4  dropbear-2025.88.tar.bz2
-fe40fd8f40a7c5498025cc2058eaecbcd9e649a833d6cdecdab35f1156f4d411  dropbear-2025.88.tar.bz2.asc
+16be820347723271b0fea6049ffeed6d6680d7429c65406d8af37776393a0250  dropbear-2026.90.tar.bz2
+594ac6bd51f361890f6bd829bfe1ce92d241e5f8662d595c13a789e31563f5f7  dropbear-2026.90.tar.bz2.asc
+defa924475abf6bc1e74abc00173e46bfdc804bd47caafa14f5a4ef0cc76da34  dropbear-2026.91.tar.bz2
+26888fbc9cca8ae8026ea754d711edeb5fdbde0a31f897164695bf59035693fb  dropbear-2026.91.tar.bz2.asc
 -----BEGIN PGP SIGNATURE-----
 
-iQIzBAEBCgAdFiEE9zR+8u4uB6JnYoypRJMUlPKcZ3MFAmgbUOIACgkQRJMUlPKc
-Z3OS6w//bPQkIfs5ErkEBNRJDkYCDGekydYur0e2KtA2FX+vgPYI289FM4tXaD5f
-hlBBT5oBQ740ekTLWMMnKcJV3Ut0QYnaXwiH2dHKtT4OEgRQIYqFlbAimpNPMZOL
-IiBv+v9g71XJ3MrFyJSUo00mryIIIeuVQEWl8zxzsG8sf5usOUDwiJNWPul3fOJL
-Ur+vTmCr7XYuq9kFG4YdJNLPLwDZ68e2u1fEpxpsnBmYFx5VS/WvD+qyuUfkR81h
-HmcDgQJUJgx6Taq0OQJa4KnE4+HWjMd6V6JsDTsfYp4CjASO6HP2bON4zJWyphqL
-cyrHAxiADtfU3RO59+XQ6AhTzhtGpZRgHLqetv40DjGN2lOGOdRk3TbE3/dbDl4W
-f9zaPFGXyTA49iiVMMz2GVWlydpjs9HKsIKwwO7vU/EIi4S/USNJRI9wKUji3qKH
-HO09YNoO0XuWzIpeGwfqbeaQ+SCPRPAMQMM0a2Mt10VzympY6w2kHAVbMV48kJ2i
-AMtkgsxLUFdptDSdGKc/KHkbWRR22YCSSUXr1lxCA3fuCUWkS/2pAGzfbd+sd9BS
-QkAiGVCWeFQML61aaoNxMT2+MbS80zrOWm8fjXblg3wCU6F3+TTmmDUNKI3NFi8z
-4TVeAM0oGqeI+PX4hP7pyBy06dGiWiYEAGMiyno6vRXWJrwTVzI=
-=/DnI
+iQIzBAEBCgAdFiEE9zR+8u4uB6JnYoypRJMUlPKcZ3MFAmoAZXsACgkQRJMUlPKc
+Z3NxYA//TmgdzpN6Jh8zNCL3cjK9J3IgJWIxgtPnoPDb0GxMt5rSME9uAQLggVut
+310OAJ9CCfVYyCECm9ZpgbaeXPHP02Xx6sccpU7bU3nMa1W+Pu0dea3ToFWGFv5i
+52INS0UGP+R58JJzGlxlwm1oRNXoG3tfJHR7FHof5G0a60jdcxqjW2JfkN4x28kR
+RLXCqCWfJOjVMIVVQLsVmjZQlBkXLuykg2rbocqBu2dNH4nOuekDWFUpLXoGm2Zd
+OhdFmWGIJfLFybPersLBGSO6LJFhzi5KoloeesaCQ26X2ld8R+cu6rKae2f0zDQi
+O63yQIg7Oxr4XUnthziZdYA4karVrUdx97I39xTP9ioYxnEWHSdWk2iwKWsLhrPd
+X9TEcsmTMia0RSNqarNlsnXiloWFIRKuxlEBO1SMHG45Fr5mXsPxFLc81acQlGtl
+Kvwl3O5vxaa8Qd46EtLJXsNQW09tW0j1yM3JyAoLZs69/N8iB5lk74nYT+jZhI0b
+9/+tfHLRoa+ccJdNfCdfWzCTZpFxG0D6ah6SJY8CgMMvITBT5OfYTR4tvSbt1Sa4
+y65YOPB4QabxuaUC6p0JQ57STUX6D8NtvJwpoZUDb6XDovpXsVb3T0di9eKKYQSv
+/TsSRvf57OiCL9u/C5bIV2g0N5pkN9Bsddye0wUqfEdYH/NwXBs=
+=OTzQ
 -----END PGP SIGNATURE-----

upgrades/dropbear/dropbear-2025.88.tar.bz2.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEE9zR+8u4uB6JnYoypRJMUlPKcZ3MFAmgbTlUACgkQRJMUlPKc
-Z3PY2xAAkSmMipofQkVDE8owIY1VrXGICpFFby7oIzog1oiWrTWlqjGPBwxrLEAa
-W5qXPez0mu9CMs0eGgqHnpUCOR2OJKXzlllSwWcO2Q9Ioi+fSYB//A/+FRK5Jyvf
-P3H6Iq4N4vCbOGS0zHwmlAhTMh1ezKuqnjCrP9z6gvOj6hiiI0DtX2YtYfXml4o8
-Xgvv+w3uReC/Pf7Z7Zia18tWlLIC1DoVC18CmLmnnyqE032Cn8HsE/scboTehgJd
-SKfpztf8/9IjAJpkoeuh3VEXeq5gUjdaW13cBvaPBg798+GsnY7ot7g2PLgnpc7w
-Y1Npg2QZebKE2KHSEGhvIfHeGC6uSEekQnNbck6/ge8ytRzvfzxtTFCMWlGVdgd4
-dFLNajFRt1VOYXMgm7w725cndXYjpvi7zNgGI/kuOQG92hGR8ZaQYYHUTI+B9sr1
-Fit8VmaOsLN7ES8UcNlWeRPHAlvkhdfjltcCSVBziJWGW5rYsuT03X/gbjSiflA5
-kwB/5A2Bf5DHtORbdtx9kfd5yqsnWaLczEKRjyikJqDUXW6CcclbEiucWIgR75cS
-Ee9cf8ILKn/Dr6z+h60y0VQ+1gUcVDnK9yxoqywS5/QoUFXltzu032ZmhyDdgfex
-93NbacgaVtges8t0S0s7PgfzpUSLgNte6aHOYwl5mDAh0zLGpoo=
-=uS3y
------END PGP SIGNATURE-----

upgrades/dropbear/dropbear-2026.90.tar.bz2.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE9zR+8u4uB6JnYoypRJMUlPKcZ3MFAmn22d8ACgkQRJMUlPKc
+Z3Ndlg//Vj21j/hlAIPD0AOAgYYLvudvR2bA1gJBHrlAQB4FQSWWgW+C0xdHks7X
+YUkKFhLMMP8twemA2EApfMtEp+YayfN/djiwCTfhrCI2ObTZJZU6FwyKiENviKGo
+hH7rFeh1HdSJuU+HExF9bCq+1oGFjhpOKh982R0hasLzKgN2PmF1v/jEqNpibyIc
+o7/7xXFGne39xTrwIuvhjl44iCrIKrcqpObt2cHKRx3D5E1b5nz1JriceCQr4zPa
+tRBXyvl7Ub/N0xZ0K81LA5cDuP2h5H1W1X0BEVTMi+4vIJhaFfOCZhFp9vjlKuuW
+vLhPJWakaLOM2o0PawHW3pVQfq9vOPOGUYcQoSCjgplEsvySbIHS33/nHrPq9ncb
+S6kYQnXtNmWOuWoZfUmGNSBItzd9aOWJ/CukhtovJHRCvM9W68GhR4kqNhZpfvhY
+NL35NC3IydxvzZUZzW6OvaBzGnAVshILyVnlrGkI9ikc8BJUY6GllcMopD5+vCbt
+YYKZhThckaHmtZL4bkyA1v8KN7uVprCKQSgC56lbXD+fr7qM/sjNLmp+UVCnjTuU
+XDFnS7dELDZCXweTmxIowwPetaDtnfBPuYWmGtSezG63Zbsv32/UMAy3YCT7vg/V
+9dzK0h2/EG6GCZ9UfYj/uYCuvb8HhbVji0fMYbzo1eT4NAJwPpY=
+=/+S8
+-----END PGP SIGNATURE-----

upgrades/dropbear/dropbear-2026.91.tar.bz2.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE9zR+8u4uB6JnYoypRJMUlPKcZ3MFAmoAZREACgkQRJMUlPKc
+Z3P87g//ZamgpADh+1CziP9UJ8iiQSi+6lGDcNmkLwNfw1dXA7zAJ2L10uz1We5V
+ercshPNSurf/rYCQJIvav1JE2x4oHXAgnzO1pnrIDriBmCa17EJD2udDHImE1A4K
+KP6JxeaaZTkPYCQftIh3bj7kyJnjpRIptN41GHLeyfQ9bD/ikpGm7uVVqOv1y08O
+Z1pBlZ4IeKrdN7ghHclTTS7+w9nDcYuP62B+KOg7U2oE6+hTfO6PZnHxumUqFlck
+iDEOpdjWixp62ju5ad2o+qWsV4QDg5y/smb51ZDIiFkQh3BJKs6qS83ZNBseGdCX
+vtfKLBSpH/k28WlIwzNq3xiwD7xLR1niX4IrNFUF71eFZhFt6FAMk7oBhSse86qs
+TUUDsssQBAGgNbyRAGSkjBKQ9hdrGXuqV7r8PnDGo+n+EF7pRBJTObM29jshgnjm
+CZ8zMu8LB5cCzWJCXUhNX9HqcW4LIDPGI6v24ychxGqLS5ekKHbv7Pr/xguHyVJq
+U7HXsUtA43HAXnk1RaVYV3I9CzLinJ9Cs3sNBRpcIEKQfpYXTDL58lEg/mJRloqC
+EIBgb9pB8EvFbIz3mbOayvrLnMzmyL1ujsc1CYUcEti1MV6IrgOjGxi/kUrcrZaQ
+1kPA/eRcG1iRpyYk19/cD1JyI477HRnRQDeqMPRO9VTeCMOXO2s=
+=PPW+
+-----END PGP SIGNATURE-----

upgrades/dropbear/localoptions.h

@@ -1,12 +1,12 @@
 /* # SPDX-Version: 3.0 */
-/* # SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev> */
-/* # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git */
+/* # SPDX-CreationInfo: 2025-11-10; WEIDNER, Marc S.; <msw@coresecret.dev> */
+/* # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git */
 /* # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency */
 /* # SPDX-FileCopyrightText: 2024-2025; ZIMNOL, Andre H.; <git.cs@physnet.eu> */
 /* # SPDX-FileType: SOURCE */
-/* # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 */
+/* # SPDX-License-Identifier: LicenseRef-CNCL-1.1 OR LicenseRef-CCLA-1.1  */
 /* # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. */
-/* # SPDX-PackageName: CISS.debian.installer */
+/* # SPDX-PackageName: CISS.debian.live.builder */
 /* # SPDX-Security-Contact: security@coresecret.eu */
 
 #ifndef DROPBEAR_LOCALOPTIONS_H_

upgrades/linux-image/linux_image_clang_options.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu
 
+# ToDo: Update to the latest Kernel Version.
+
 ### https://kspp.github.io/
 
 set   -o errexit

upgrades/secure-boot/ciss-sb-pki.cnf

@@ -9,6 +9,8 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu
 
+# ToDo: Update to the latest version of the CISS PKI.
+
 # Keep the corresponding ROOT CA strict offline, offsite and air-gapped and maybe in a HSM or at least encrypted in a vault.
 #
 # The firmware does not check "whether KEK originates from PK in terms of certificate logic." It only checks whether the
@@ -87,7 +89,7 @@ clearance_max					          = 64
 serialNumber					          = QSCD Serial Number
 serialNumber_max				        = 64
 ############################### = 1234567890123456789012345678901234567890123456789012345678901234
-commonName_default				      = CISS Secure Boot Root CA 2025 RSA 4096
+commonName_default				      = CISS Secure Boot Root CA 2026 RSA 4096
 organizationName_default        = Centurion Intelligence Consulting Agency
 organizationalUnitName_default 	= CISO
 organizationIdentifier_default	= VATPT-307086887
@@ -104,7 +106,7 @@ subjectKeyIdentifier            = hash
 authorityKeyIdentifier          = keyid:always,issuer
 authorityInfoAccess		          = @ciss_sb_pki
 certificatePolicies		          = 2.5.29.32.0, @ciss_sb_policy
-nsComment                       = "CISS Secure Boot Root CA 2025 RSA 4096"
+nsComment                       = "CISS Secure Boot Root CA 2026 RSA 4096"
 
 [ v3_pk ]
 basicConstraints                = critical, CA:true, pathlen:0
@@ -147,6 +149,4 @@ CPS.0				                    = "https://policy.quantumsign.eu/"
 fullname                        = URI:https://crl.quantumign.eu/
 reasons                         = keyCompromise, CACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold, privilegeWithdrawn, AACompromise
 
-
-
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf