Upload page content

You can upload content for the page named below. If you change the page name, you can also upload content for another page. If the page name is empty, we derive the page name from the file name.

File to load page content from
Page name
Comment

    PaulHowarth/Blog/2021-11-29

Monday 29th November 2021

Fedora Project

  • Updated python-paramiko to 2.8.1 in Rawhide:

    • Fix listdir failure when server uses a locale (GH#985, GH#992); now on Python 2.7 SFTPAttributes will decode abbreviated month names correctly rather than raise 'UnicodeDecodeError'

    • Deleting items from '~paramiko.hostkeys.HostKeys' would incorrectly raise 'KeyError' even for valid keys, due to a logic bug (GH#1024)

    • Update RSA and ECDSA key decoding subroutines to correctly catch exception types thrown by modern versions of Cryptography (specifically 'TypeError' and its internal 'UnsupportedAlgorithm') (GH#1257, GH#1266); these exception classes will now become '~paramiko.ssh_exception.SSHException' instances instead of bubbling up

    • Update '~paramiko.pkey.PKey' and subclasses to compare ('__eq__') via direct field/attribute comparison instead of hashing (while retaining the existing behaviour of '__hash__' via a slight refactor) (GH#908)

    • Warning:

    • This fixes a security flaw! If you are running Paramiko on 32-bit systems with low entropy (such as any 32-bit Python 2, or a 32-bit Python 3 that is running with 'PYTHONHASHSEED=0') it is possible for an attacker to craft a new keypair from an exfiltrated public key, which Paramiko would consider equal to the original key; this could enable attacks such as, but not limited to, the following:

      • Paramiko server processes would incorrectly authenticate the attacker (using their generated private key) as if they were the victim; we see this as the most plausible attack using this flaw
      • Paramiko client processes would incorrectly validate a connected server (when host key verification is enabled) while subjected to a man-in-the-middle attack; this impacts more users than the server-side version, but also carries higher requirements for the attacker, namely successful DNS poisoning or other MITM techniques

Local Packages

  • Updated perl-PPIx-Regexp to 0.082:

    • Add --version to eg/predump, and document all options with double dashes

    • Silence 'uninitialized' warning generated by /(?<=.{35})/

    • Try to quell weird Win32 test failures that seem to occur only in tests where I am using 'use open' to put the standard handles into UTF-8 mode; the fix (I hope) is to do this to the Test::Harness handles at run time instead of to the standard handles at compile time

    • Add file CONTRIBUTING

Recent