summaryrefslogtreecommitdiffhomepage
path: root/sites
diff options
context:
space:
mode:
Diffstat (limited to 'sites')
-rw-r--r--sites/www/changelog.rst42
1 files changed, 40 insertions, 2 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index 77c7dbcd..d84df4f3 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -4,8 +4,46 @@ Changelog
- :bug:`2420` Modify a test-harness skiptest check to work with newer versions
of Cryptography. Props to Paul Howarth for the patch.
-- :bug:`-` Tweak ``ext-info-(c|s)`` detection during KEXINIT protocol phase;
- the original implementation made assumptions based on an OpenSSH
+- :bug:`2353` Fix a 64-bit-ism in the test suite so the tests don't encounter a
+ false negative on 32-bit systems. Reported by Stanislav Levin.
+- :release:`3.4.0 <2023-12-18>`
+- :feature:`-` `Transport` grew a new ``packetizer_class`` kwarg for overriding
+ the packet-handler class used internally. Mostly for testing, but advanced
+ users may find this useful when doing deep hacks.
+- :bug:`- major` Address `CVE 2023-48795 <https://terrapin-attack.com/>`_ (aka
+ the "Terrapin Attack", a vulnerability found in the SSH protocol re:
+ treatment of packet sequence numbers) as follows:
+
+ - The vulnerability only impacts encrypt-then-MAC digest algorithms in
+ tandem with CBC ciphers, and ChaCha20-poly1305; of these, Paramiko
+ currently only implements ``hmac-sha2-(256|512)-etm`` in tandem with
+ ``AES-CBC``. If you are unable to upgrade to Paramiko versions containing
+ the below fixes right away, you may instead use the
+ ``disabled_algorithms`` connection option to disable the ETM MACs and/or
+ the CBC ciphers (this option is present in Paramiko >=2.6).
+ - As the fix for the vulnerability requires both ends of the connection to
+ cooperate, the below changes will only take effect when the remote end is
+ OpenSSH >= 9.6 (or equivalent, such as Paramiko in server mode, as of
+ this patch version) and configured to use the new "strict kex" mode.
+ Paramiko will always attempt to use "strict kex" mode if offered by the
+ server, unless you override this by specifying ``strict_kex=False`` in
+ `Transport.__init__`.
+ - Paramiko will now raise an `SSHException` subclass (`MessageOrderError`)
+ when protocol messages are received in unexpected order. This includes
+ situations like receiving ``MSG_DEBUG`` or ``MSG_IGNORE`` during initial
+ key exchange, which are no longer allowed during strict mode.
+ - Key (re)negotiation -- i.e. ``MSG_NEWKEYS``, whenever it is encountered
+ -- now resets packet sequence numbers. (This should be invisible to users
+ during normal operation, only causing exceptions if the exploit is
+ encountered, which will usually result in, again, `MessageOrderError`.)
+ - Sequence number rollover will now raise `SSHException` if it occurs
+ during initial key exchange (regardless of strict mode status).
+
+ Thanks to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk for submitting
+ details on the CVE prior to release.
+
+- :bug:`- major` Tweak ``ext-info-(c|s)`` detection during KEXINIT protocol
+ phase; the original implementation made assumptions based on an OpenSSH
implementation detail.
- :release:`3.3.1 <2023-07-28>`
- :bug:`-` Cleaned up some very old root level files, mostly just to exercise
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-07 06:52:17 +0000