The following Fedora EPEL 8 Security updates need testing:
Age URL
73
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1e00c3d01e
cutter-re-2.2.0-1.el8 rizin-0.5.1-1.el8
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-52d4a7be15
bitcoin-core-24.1-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
distribution-gpg-keys-1.88-1.el8
lua-readline-3.3-1.el8
python-paramiko-2.12.0-1.el8
Details about builds:
================================================================================
distribution-gpg-keys-1.88-1.el8 (FEDORA-EPEL-2023-dbd2a9c948)
GPG keys of various Linux distributions
--------------------------------------------------------------------------------
Update Information:
- update copr keys - add per distro/version link to proper key for remi - update
brave keys - add Docker key - add mullvad key
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 28 2023 Miroslav Such�� <msuchy(a)redhat.com> 1.88-1
- update copr keys
- add per distro/version link to proper key for remi
- update brave keys
- add Docker key
- add mullvad key
--------------------------------------------------------------------------------
================================================================================
lua-readline-3.3-1.el8 (FEDORA-EPEL-2023-0d3b83188b)
Lua interface to the readline and history libraries
--------------------------------------------------------------------------------
Update Information:
- Update to 3.3 (#2185584) - Upstream change: return `nil` if `ctrl-D` is
first char
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 28 2023 Robert Scheck <robert(a)fedoraproject.org> 3.3-1
- Update to 3.3 (#2185584)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2185584 - lua-readline-3.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2185584
--------------------------------------------------------------------------------
================================================================================
python-paramiko-2.12.0-1.el8 (FEDORA-EPEL-2023-294cf22ce7)
SSH2 protocol library for python
--------------------------------------------------------------------------------
Update Information:
Update to 2.12.0 for EL9 compatibility
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 6 2022 Paul Howarth <paul(a)city-fan.org> - 2.12.0-1
- Update to 2.12.0 (rhbz#2140281)
- Add a 'transport_factory' kwarg to 'SSHClient.connect' for advanced
users
to gain more control over early Transport setup and manipulation (GH#2054,
GH#2125)
- Update '~paramiko.client.SSHClient' so it explicitly closes its wrapped
socket object upon encountering socket errors at connection time; this
should help somewhat with certain classes of memory leaks, resource
warnings, and/or errors (though we hasten to remind everyone that Client
and Transport have their own '.close()' methods for use in non-error
situations!) (GH#1822)
- Raise '~paramiko.ssh_exception.SSHException' explicitly when blank private
key data is loaded, instead of the natural result of 'IndexError'; this
should help more bits of Paramiko or Paramiko-adjacent codebases to
correctly handle this class of error (GH#1599, GH#1637)
- Use SPDX-format license tag
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.11.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jun 14 2022 Python Maint <python-maint(a)redhat.com> - 2.11.0-2
- Rebuilt for Python 3.11
* Tue May 17 2022 Paul Howarth <paul(a)city-fan.org> - 2.11.0-1
- Update to 2.11.0
- Align signature verification algorithm with OpenSSH re: zero-padding
signatures that don't match their nominal size/length; this shouldn't
affect most users, but will help Paramiko-implemented SSH servers handle
poorly behaved clients such as PuTTY (GH#1933)
- OpenSSH 7.7 and older has a bug preventing it from understanding how to
perform SHA2 signature verification for RSA certificates (specifically
certs - not keys), so when we added SHA2 support it broke all clients using
RSA certificates with these servers; this has been fixed in a manner similar
to what OpenSSH's own client does - a version check is performed and the
algorithm used is downgraded if needed (GH#2017)
- Recent versions of Cryptography have deprecated Blowfish algorithm support;
in lieu of an easy method for users to remove it from the list of
algorithms Paramiko tries to import and use, we've decided to remove it
from our "preferred algorithms" list, which will both discourage use of a
weak algorithm, and avoid warnings (GH#2038, GH#2039)
- Windows-native SSH agent support as merged in 2.10 could encounter
'Errno 22' 'OSError' exceptions in some scenarios (e.g. server not
cleanly
closing a relevant named pipe); this has been worked around and should be
less problematic (GH#2008, GH#2010)
- Add SSH config token expansion (eg '%h', '%p') when parsing
'ProxyJump'
directives (GH#1951)
- Apply unittest 'skipIf' to tests currently using SHA1 in their critical
path, to avoid failures on systems starting to disable SHA1 outright in
their crypto backends (e.g. RHEL 9) (GH#2004, GH#2011)
* Tue Apr 26 2022 Paul Howarth <paul(a)city-fan.org> - 2.10.4-1
- Update to 2.10.4
- Update 'camelCase' method calls against the 'threading' module to be
'snake_case'; this and related tweaks should fix some deprecation warnings
under Python 3.10 (GH#1838, GH#1870, GH#2028)
- '~paramiko.pkey.PKey' instances' '__eq__' did not have the usual
safety
guard in place to ensure they were being compared to another 'PKey' object,
causing occasional spurious 'BadHostKeyException', among other things
(GH#1964, GH#2023, GH#2024)
- Servers offering certificate variants of hostkey algorithms (e.g.
'ssh-rsa-cert-v01(a)openssh.com') could not have their host keys verified by
Paramiko clients, as it only ever considered non-cert key types for that
part of connection handshaking (GH#2035)
* Mon Mar 21 2022 Paul Howarth <paul(a)city-fan.org> - 2.10.3-2
- Skip tests that would fail without SHA-1 signing support in backend, such as
on EL-9 (GH#2011)
* Sat Mar 19 2022 Paul Howarth <paul(a)city-fan.org> - 2.10.3-1
- Update to 2.10.3
- Certificate-based pubkey auth was inadvertently broken when adding SHA2
support in version 2.9.0 (GH#1963, GH#1977)
- Switch from module-global to thread-local storage when recording thread IDs
for a logging helper; this should avoid one flavor of memory leak for
long-running processes (GH#2002, GH#2003)
* Tue Mar 15 2022 Paul Howarth <paul(a)city-fan.org> - 2.10.2-1
- Update to 2.10.2
- Fix Python 2 compatibility breakage introduced in 2.10.1 (GH#2001)
- Re-enable sftp tests, no longer failing under mock
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2190476 - paramiko 2.4.3 cannot auth with RSA keypairs to RHEL 9 servers
https://bugzilla.redhat.com/show_bug.cgi?id=2190476
--------------------------------------------------------------------------------