Committeradam (1)
BranchesHEAD (1)


NetBSD/pkgsrc 3yEx8yesecurity/py-paramiko distinfo PLIST, security/py-paramiko/patches patch-paramiko_ssh__gss.py

by adam on ⎇🏷
   py-paramiko: updated to 2.4.2

   2.4.2:
   Fix exploit (CVE pending) in Paramiko’s server mode (not client mode) where hostile clients could trick the server into thinking they were authenticated without actually submitting valid authentication.

   Specifically, steps have been taken to start separating client and server related message types in the message handling tables within Transport and AuthHandler; this work is not complete but enough has been performed to close off this particular exploit (which was the only obvious such exploit for this particular channel).

   Modify protocol message handling such that Transport does not respond to MSG_UNIMPLEMENTED with its own MSG_UNIMPLEMENTED. This behavior probably didn’t cause any outright errors, but it doesn’t seem to conform to the RFCs and could cause (non-infinite) feedback loops in some scenarios (usually those involving Paramiko on both ends).
   Add *.pub files to the MANIFEST so distributed source packages contain some necessary test assets. Credit: Alexander Kapshuna.
   Backport pytest support and application of the black code formatter (both of which previously only existed in the 2.4 branch and above) to everything 2.0 and newer. This makes back/forward porting bugfixes significantly easier.
   Backport changes from 979 (added in Paramiko 2.3) to Paramiko 2.0-2.2, using duck-typing to preserve backwards compatibility. This allows these older versions to use newer Cryptography sign/verify APIs when available, without requiring them (as is the case with Paramiko 2.3+).
VersionDeltaFile
1.20+6-6security/py-paramiko/distinfo
1.2+3-3security/py-paramiko/patches/patch-paramiko_ssh__gss.py
1.16+1-4security/py-paramiko/PLIST
1.34+2-2security/py-paramiko/Makefile
+12-154 files

UnifiedSplitRaw