diff options
| author | Jeff Forcier <jeff@bitprophet.org> | 2022-05-16 20:52:22 -0400 |
|---|---|---|
| committer | Jeff Forcier <jeff@bitprophet.org> | 2022-05-16 20:52:22 -0400 |
| commit | 33df84c8b50fd63e46abbcbf2fdbe68ba8e530a1 (patch) | |
| tree | 3df27327f099901f91ead2e9d33e0dad85bbe766 /sites | |
| parent | d603ef12b76edca27b713c76c4544502961ff894 (diff) | |
| parent | 8a00929219120fcacdcbecd3a94e73ec12f04819 (diff) | |
Merge branch '2.10'
Diffstat (limited to 'sites')
| -rw-r--r-- | sites/www/changelog.rst | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 831d319e..becbf13d 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,18 @@ Changelog ========= +- :bug:`1933` Align signature verification algorithm with OpenSSH re: + zero-padding signatures which don't match their nominal size/length. This + shouldn't affect most users, but will help Paramiko-implemented SSH servers + handle poorly behaved clients such as PuTTY. Thanks to Jun Omae for catch & + patch. +- :bug:`2017` OpenSSH 7.7 and older has a bug preventing it from understanding + how to perform SHA2 signature verification for RSA certificates (specifically + certs - not keys), so when we added SHA2 support it broke all clients using + RSA certificates with these servers. This has been fixed in a manner similar + to what OpenSSH's own client does: a version check is performed and the + algorithm used is downgraded if needed. Reported by Adarsh Chauhan, with fix + suggested by Jun Omae. - :support:`2038` (via :issue:`2039`) Recent versions of Cryptography have deprecated Blowfish algorithm support; in lieu of an easy method for users to remove it from the list of algorithms Paramiko tries to import and use, we've |