packages/python-paramiko
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
python-paramiko/backport-Use-args-not-kwargs-to-retain-py2-compat-for-now.patch
dongyuzhen 0e1cf07f8d fix CVE-2022-24302
2022-03-28 17:24:14 +08:00

73 lines
2.9 KiB
Diff
Raw Blame History

From 76b781754bfefe21706762442c422bac523701e4 Mon Sep 17 00:00:00 2001
From: Jeff Forcier <jeff@bitprophet.org>
Date: Mon, 14 Mar 2022 19:21:01 -0400
Subject: [PATCH] Use args, not kwargs, to retain py2 compat for now
This patch is the rear patch of CVE-2022-24302
Conflict:NA
Reference:https://github.com/paramiko/paramiko/commit/76b781754bfefe21706762442c422bac523701e4
---
paramiko/pkey.py | 5 +++--
sites/www/changelog.rst | 8 ++++++++
tests/test_pkey.py | 6 ++++--
3 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/paramiko/pkey.py b/paramiko/pkey.py
index 40afe19..c9fc60b 100644
--- a/paramiko/pkey.py
+++ b/paramiko/pkey.py
@@ -558,9 +558,10 @@ class PKey(object):
# existing files, so using all 3 in both cases is fine. Ditto the use
# of the 'mode' argument; it should be safe to give even for existing
# files (though it will not act like a chmod in that case).
- kwargs = dict(flags=os.O_WRONLY | os.O_TRUNC | os.O_CREAT, mode=o600)
+ # TODO 3.0: turn into kwargs again
+ args = [os.O_WRONLY | os.O_TRUNC | os.O_CREAT, o600]
# NOTE: yea, you still gotta inform the FLO that it is in "write" mode
- with os.fdopen(os.open(filename, **kwargs), mode="w") as f:
+ with os.fdopen(os.open(filename, *args), "w") as f:
# TODO 3.0: remove the now redundant chmod
os.chmod(filename, o600)
self._write_private_key(f, key, format, password=password)
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index 5867999..a71212d 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,14 @@
Changelog
=========
+- :bug:`2001` Fix Python 2 compatibility breakage introduced in 2.10.1. Spotted
+ by Christian Hammond.
+
+ .. warning::
+ This is almost certainly the last time we will fix Python 2 related
+ errors! Please see `the roadmap
+ <https://bitprophet.org/projects/#roadmap>`_.
+
- :bug:`-` (`CVE-2022-24302
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24302>`_) Creation
of new private key files using `~paramiko.pkey.PKey` subclasses was subject
diff --git a/tests/test_pkey.py b/tests/test_pkey.py
index 4223544..59c2001 100644
--- a/tests/test_pkey.py
+++ b/tests/test_pkey.py
@@ -708,8 +708,10 @@ class KeyTest(unittest.TestCase):
# Write out in new location
key.write_private_key_file(new, password=newpassword)
# Expected open via os module
- os_.open.assert_called_once_with(new, flags=os.O_WRONLY | os.O_CREAT | os.O_TRUNC, mode=o600)
- os_.fdopen.assert_called_once_with(os_.open.return_value, mode="w")
+ os_.open.assert_called_once_with(
+ new, os.O_WRONLY | os.O_CREAT | os.O_TRUNC, o600
+ )
+ os_.fdopen.assert_called_once_with(os_.open.return_value, "w")
# Old chmod still around for backwards compat
os_.chmod.assert_called_once_with(new, o600)
assert (
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink