Tuesday 9th October 2018
Fedora Project
Updated python-paramiko to 2.4.2 in F-28, F-29 and Rawhide:
Fix exploit (GH#1283, CVE-2018-1000805) in Paramiko’s server mode (not client mode) where hostile clients could trick the server into thinking they were authenticated without actually submitting valid authentication
Modify protocol message handling such that Transport does not respond to MSG_UNIMPLEMENTED with its own MSG_UNIMPLEMENTED; this behaviour probably didn’t cause any outright errors, but it doesn’t seem to conform to the RFCs and could cause (non-infinite) feedback loops in some scenarios (usually those involving Paramiko on both ends)
Add *.pub files to the MANIFEST so distributed source packages contain some necessary test assets (GH#1262)
Updated python-paramiko to 2.3.3 in F-27:
Fix exploit (GH#1283, CVE-2018-1000805) in Paramiko’s server mode (not client mode) where hostile clients could trick the server into thinking they were authenticated without actually submitting valid authentication
Modify protocol message handling such that Transport does not respond to MSG_UNIMPLEMENTED with its own MSG_UNIMPLEMENTED; this behaviour probably didn’t cause any outright errors, but it doesn’t seem to conform to the RFCs and could cause (non-infinite) feedback loops in some scenarios (usually those involving Paramiko on both ends)
Add *.pub files to the MANIFEST so distributed source packages contain some necessary test assets (GH#1262)
Backport pytest support and application of the black code formatter (both of which previously only existed in the 2.4 branch and above) to everything 2.0 and newer, which makes back/forward porting bugfixes significantly easier (GH#1291)
Local Packages
Updated perl-File-Slurp to 9999.21:
Fixed spelling mistakes in POD (CPAN RT#85251)
Fixed a typo in an example (CPAN RT#72116, CPAN RT#80279)
Remove documentation mentions of Perl < 5.006 as that's required
- Fix POD coverage tests by adding a few more ignored functions
Added t/00-report-prereqs.t and t/edit_file.t
Move the POD tests to xt/author and added more xt/author tests
Fix all trailing whitespace in accordance with xt/author/eol.t
Updated the Makefile.PL to get all of the prereqs in there
Add CI testing via TravisCI and AppVeyor
Get rid of assumption of . in @INC in tests
Remove t/TestDriver.pm
Add t/lib/FileSlurpTest.pm
- Make sure all tests use a properly acquired temporary file
- Clean up prereqs a bit further
Document all failure cases in the 01-error* tests
Moved the CORE:: function overrides to their own test class to only be included when overriding is necessary
Unset $^W in a few strategic places to silence warnings when Test::Harness or ExtUtils::MakeMaker turn them on
Got rid of a few MYMETA leftovers in the MANIFEST
Add Git repository info to the Makefile
- Add a contributors list for display on metacpan