* [Buildroot] [PATCH 1/1] package/python-paramiko: security bump to version 3.4.0
@ 2024-01-01 22:13 Fabrice Fontaine
2024-01-02 8:55 ` Thomas Petazzoni via buildroot
0 siblings, 1 reply; 3+ messages in thread
From: Fabrice Fontaine @ 2024-01-01 22:13 UTC (permalink / raw)
To: buildroot; +Cc: James Hilliard, Fabrice Fontaine, Asaf Kahlon
Address CVE 2023-48795 (aka the “Terrapin Attack”, a vulnerability found
in the SSH protocol re
https://github.com/paramiko/paramiko/blob/3.4.0/sites/www/changelog.rst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/python-paramiko/python-paramiko.hash | 4 ++--
package/python-paramiko/python-paramiko.mk | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/python-paramiko/python-paramiko.hash b/package/python-paramiko/python-paramiko.hash
index abc62fc8c2..893aac074e 100644
--- a/package/python-paramiko/python-paramiko.hash
+++ b/package/python-paramiko/python-paramiko.hash
@@ -1,5 +1,5 @@
# md5, sha256 from https://pypi.org/pypi/paramiko/json
-md5 08b1610e3ba9fa89e13973710cd48e35 paramiko-3.3.1.tar.gz
-sha256 6a3777a961ac86dbef375c5f5b8d50014a1a96d0fd7f054a43bc880134b0ff77 paramiko-3.3.1.tar.gz
+md5 be485ba66b576d8bc7e1c0ad96e87108 paramiko-3.4.0.tar.gz
+sha256 aac08f26a31dc4dffd92821527d1682d99d52f9ef6851968114a8728f3c274d3 paramiko-3.4.0.tar.gz
# Locally computed sha256 checksums
sha256 5fa25bf5f395fd26e701c2e1de4ca7d162816986dc791c22f8f4226857ad1bb2 LICENSE
diff --git a/package/python-paramiko/python-paramiko.mk b/package/python-paramiko/python-paramiko.mk
index 512a4630f5..8d921486c7 100644
--- a/package/python-paramiko/python-paramiko.mk
+++ b/package/python-paramiko/python-paramiko.mk
@@ -4,9 +4,9 @@
#
################################################################################
-PYTHON_PARAMIKO_VERSION = 3.3.1
+PYTHON_PARAMIKO_VERSION = 3.4.0
PYTHON_PARAMIKO_SOURCE = paramiko-$(PYTHON_PARAMIKO_VERSION).tar.gz
-PYTHON_PARAMIKO_SITE = https://files.pythonhosted.org/packages/44/03/158ae1dcb950bd96f04038502238159e116fafb27addf5df1ba35068f2d6
+PYTHON_PARAMIKO_SITE = https://files.pythonhosted.org/packages/cc/af/11996c4df4f9caff87997ad2d3fd8825078c277d6a928446d2b6cf249889
PYTHON_PARAMIKO_SETUP_TYPE = setuptools
PYTHON_PARAMIKO_LICENSE = LGPL-2.1+
PYTHON_PARAMIKO_LICENSE_FILES = LICENSE
--
2.43.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/python-paramiko: security bump to version 3.4.0
2024-01-01 22:13 [Buildroot] [PATCH 1/1] package/python-paramiko: security bump to version 3.4.0 Fabrice Fontaine
@ 2024-01-02 8:55 ` Thomas Petazzoni via buildroot
2024-01-12 15:21 ` Peter Korsgaard
0 siblings, 1 reply; 3+ messages in thread
From: Thomas Petazzoni via buildroot @ 2024-01-02 8:55 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: James Hilliard, Asaf Kahlon, buildroot
On Mon, 1 Jan 2024 23:13:17 +0100
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
> Address CVE 2023-48795 (aka the “Terrapin Attack”, a vulnerability found
> in the SSH protocol re
>
> https://github.com/paramiko/paramiko/blob/3.4.0/sites/www/changelog.rst
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> package/python-paramiko/python-paramiko.hash | 4 ++--
> package/python-paramiko/python-paramiko.mk | 4 ++--
> 2 files changed, 4 insertions(+), 4 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/python-paramiko: security bump to version 3.4.0
2024-01-02 8:55 ` Thomas Petazzoni via buildroot
@ 2024-01-12 15:21 ` Peter Korsgaard
0 siblings, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2024-01-12 15:21 UTC (permalink / raw)
To: Thomas Petazzoni via buildroot
Cc: Asaf Kahlon, James Hilliard, Fabrice Fontaine, Thomas Petazzoni
>>>>> "Thomas" == Thomas Petazzoni via buildroot <buildroot@buildroot.org> writes:
> On Mon, 1 Jan 2024 23:13:17 +0100
> Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
>> Address CVE 2023-48795 (aka the “Terrapin Attack”, a vulnerability found
>> in the SSH protocol re
>>
>> https://github.com/paramiko/paramiko/blob/3.4.0/sites/www/changelog.rst
>>
>> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
>> ---
>> package/python-paramiko/python-paramiko.hash | 4 ++--
>> package/python-paramiko/python-paramiko.mk | 4 ++--
>> 2 files changed, 4 insertions(+), 4 deletions(-)
> Applied to master, thanks.
FYI, 2023.02.x and 2023.11.x has paramiko 2.12. I would prefer to not
have to bump them to 3.4.0.
I see that Debian also has paramiko 2.12, but so far no backported patch
for it. Hopefully that will show up soon:
https://security-tracker.debian.org/tracker/CVE-2023-48795
So I'll leave this for now.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-01-12 15:21 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-01-01 22:13 [Buildroot] [PATCH 1/1] package/python-paramiko: security bump to version 3.4.0 Fabrice Fontaine
2024-01-02 8:55 ` Thomas Petazzoni via buildroot
2024-01-12 15:21 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox