#acl PaulHowarth:read,write,admin,revert,delete All:read === Tuesday 9th October 2018 === ==== Fedora Project ==== * Updated `python-paramiko` to 2.4.2 in F-28, F-29 and Rawhide: * Fix exploit ([[https://github.com/paramiko/paramiko/issues/1283|GH#1283]], [[CVE:2018-1000805|CVE-2018-1000805]]) in Paramiko’s server mode (not client mode) where hostile clients could trick the server into thinking they were authenticated without actually submitting valid authentication * Modify protocol message handling such that `Transport` does not respond to `MSG_UNIMPLEMENTED` with its own `MSG_UNIMPLEMENTED`; this behaviour probably didn’t cause any outright errors, but it doesn’t seem to conform to the RFCs and could cause (non-infinite) feedback loops in some scenarios (usually those involving Paramiko on both ends) * Add `*.pub` files to the `MANIFEST` so distributed source packages contain some necessary test assets ([[https://github.com/paramiko/paramiko/pull/1262|GH#1262]]) * Updated `python-paramiko` to 2.3.3 in F-27: * Fix exploit ([[https://github.com/paramiko/paramiko/issues/1283|GH#1283]], [[CVE:2018-1000805|CVE-2018-1000805]]) in Paramiko’s server mode (not client mode) where hostile clients could trick the server into thinking they were authenticated without actually submitting valid authentication * Modify protocol message handling such that `Transport` does not respond to `MSG_UNIMPLEMENTED` with its own `MSG_UNIMPLEMENTED`; this behaviour probably didn’t cause any outright errors, but it doesn’t seem to conform to the RFCs and could cause (non-infinite) feedback loops in some scenarios (usually those involving Paramiko on both ends) * Add `*.pub` files to the `MANIFEST` so distributed source packages contain some necessary test assets ([[https://github.com/paramiko/paramiko/pull/1262|GH#1262]]) * Backport `pytest` support and application of the `black` code formatter (both of which previously only existed in the 2.4 branch and above) to everything 2.0 and newer, which makes back/forward porting bugfixes significantly easier ([[https://github.com/paramiko/paramiko/issues/1291|GH#1291]]) ==== Local Packages ==== * Updated `perl-File-Slurp` to 9999.21: * Fixed spelling mistakes in POD ([[CPAN:85251|CPAN RT#85251]]) * Fixed a typo in an example ([[CPAN:72116|CPAN RT#72116]], [[CPAN:80279|CPAN RT#80279]]) * Remove documentation mentions of Perl < 5.006 as that's required * Fix POD coverage tests by adding a few more ignored functions * Added `t/00-report-prereqs.t` and `t/edit_file.t` * Move the POD tests to `xt/author` and added more `xt/author` tests * Fix all trailing whitespace in accordance with `xt/author/eol.t` * Updated the `Makefile.PL` to get all of the prereqs in there * Add CI testing via TravisCI and !AppVeyor * Get rid of assumption of `.` in `@INC` in tests * Remove `t/TestDriver.pm` * Add `t/lib/FileSlurpTest.pm` * Make sure all tests use a properly acquired temporary file * Clean up prereqs a bit further * Document all failure cases in the `01-error*` tests * Moved the `CORE::` function overrides to their own test class to only be included when overriding is necessary * Unset `$^W` in a few strategic places to silence warnings when `Test::Harness` or `ExtUtils::MakeMaker` turn them on * Got rid of a few `MYMETA` leftovers in the `MANIFEST` * Add Git repository info to the `Makefile` * Add a contributors list for display on metacpan ----