Accepting request 640130 from home:mimi_vx:branches:devel:languages:python

- update to 2.4.2 - refresh paramiko-test_extend_timeout.patch * Fix exploit (CVE pending) in Paramiko's server mode (not client mode) where hostile clients could trick the server into thinking they were authenticated without actually submitting valid authentication. * Modify protocol message handling such that Transport does not respond to MSG_UNIMPLEMENTED with its own MSG_UNIMPLEMENTED * Updated SSHConfig.lookup <paramiko.config.SSHConfig.lookup> so it returns a new, type-casting-friendly dict subclass (~paramiko.config.SSHConfigDict) in lieu of dict literals. OBS-URL: https://build.opensuse.org/request/show/640130 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-paramiko?expand=0&rev=73
2018-10-06 16:35:47 +00:00
parent 73ed2fe7e7
commit 8972085b00
5 changed files with 38 additions and 24 deletions
--- a/python-paramiko.changes
+++ b/python-paramiko.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Fri Oct  5 08:26:46 UTC 2018 - Ondřej Súkup <mimi.vx@gmail.com>
+
+- update to 2.4.2
+- refresh paramiko-test_extend_timeout.patch
+ * Fix exploit (CVE pending) in Paramiko's server mode (not client mode)
+     where hostile clients could trick the server into thinking they were
+     authenticated without actually submitting valid authentication.
+ * Modify protocol message handling such that Transport does not respond
+    to MSG_UNIMPLEMENTED with its own MSG_UNIMPLEMENTED
+ * Updated SSHConfig.lookup <paramiko.config.SSHConfig.lookup> so it returns
+    a new, type-casting-friendly dict subclass (~paramiko.config.SSHConfigDict)
+    in lieu of dict literals.
+
 -------------------------------------------------------------------
 Thu Mar 15 18:38:22 CET 2018 - ro@suse.de