./security/py-paramiko, SSH2 protocol library

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.4.2, Package name: py27-paramiko-2.4.2, Maintainer: pkgsrc-users

paramiko is a module for python 2.2 (or higher) that implements the SSH2
protocol for secure (encrypted and authenticated) connections to remote
machines. unlike SSL (aka TLS), SSH2 protocol does not require hierarchical
certificates signed by a powerful central authority. you may know SSH2 as
the protocol that replaced telnet and rsh for secure access to remote shells,
but the protocol also includes the ability to open arbitrary channels to
remote services across the encrypted tunnel (this is how sftp works,
for example).

Required to run:
[devel/py-setuptools] [security/py-asn1] [lang/python27] [security/py-cryptography] [security/py-bcrypt] [security/py-nacl]

Required to build:

Master sites:

SHA1: 7ab1e9aaf0b6eedb2098661d283f4d6f6d9c8963
RMD160: 1231cb22ca4457e5835015d4abc215621b24e4c2
Filesize: 1179.003 KB

Version history: (Expand)

CVS history: (Expand)

   2018-09-21 13:04:16 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
py-paramiko: updated to 2.4.2

Fix exploit (CVE pending) in Paramiko’s server mode (not client mode) where \ 
hostile clients could trick the server into thinking they were authenticated \ 
without actually submitting valid authentication.

Specifically, steps have been taken to start separating client and server \ 
related message types in the message handling tables within Transport and \ 
AuthHandler; this work is not complete but enough has been performed to close \ 
off this particular exploit (which was the only obvious such exploit for this \ 
particular channel).

Modify protocol message handling such that Transport does not respond to \ 
MSG_UNIMPLEMENTED with its own MSG_UNIMPLEMENTED. This behavior probably \ 
didn’t cause any outright errors, but it doesn’t seem to conform to the RFCs \ 
and could cause (non-infinite) feedback loops in some scenarios (usually those \ 
involving Paramiko on both ends).
Add *.pub files to the MANIFEST so distributed source packages contain some \ 
necessary test assets. Credit: Alexander Kapshuna.
Backport pytest support and application of the black code formatter (both of \ 
which previously only existed in the 2.4 branch and above) to everything 2.0 and \ 
newer. This makes back/forward porting bugfixes significantly easier.
Backport changes from 979 (added in Paramiko 2.3) to Paramiko 2.0-2.2, using \ 
duck-typing to preserve backwards compatibility. This allows these older \ 
versions to use newer Cryptography sign/verify APIs when available, without \ 
requiring them (as is the case with Paramiko 2.3+).
   2018-09-06 15:28:00 by Adam Ciarcinski | Files touched by this commit (1)
Log message:
   2018-03-29 17:35:32 by Adam Ciarcinski | Files touched by this commit (1)
Log message:
Added missing patch
   2018-03-13 19:35:29 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-paramiko: updated to 2.4.1

[Bug] Ed25519 auth key decryption raised an unexpected exception when given a \ 
unicode password string (typical in python 3). Report by Theodor van Nahl and \ 
fix by Pierce Lopez.
[Bug] Add newer key classes for Ed25519 and ECDSA to paramiko.__all__ so that \ 
code introspecting that attribute, or using from paramiko import * (such as some \ 
IDEs) sees them. Thanks to @patriksevallius for the patch.
[Bug] Fix a security flaw (CVE-2018-7750) in Paramiko’s server mode (emphasis \ 
on server mode; this does not impact client use!) where authentication status \ 
was not checked before processing channel-open and other requests typically only \ 
sent after authenticating. Big thanks to Matthijs Kooijman for the report.
   2017-11-15 10:24:14 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-paramiko: updated to 2.4.0


[Feature]: Add a new passphrase kwarg to SSHClient.connect so users may \ 
disambiguate key-decryption passphrases from password-auth passwords. (This is a \ 
backwards compatible change; password will still pull double duty as a \ 
passphrase when passphrase is not given.)
[Support]: Drop Python 2.6 and Python 3.3 support; now only 2.7 and 3.4+ are \ 
supported. If you’re unable to upgrade from 2.6 or 3.3, please stick to the \ 
Paramiko 2.3.x (or below) release lines.
[Support]: Include LICENSE file in wheel archives.
[Support]: Updated the test suite & related docs/metadata/config to be \ 
compatible with pytest instead of using the old, custom, crufty unittest-based \ 

This includes marking known-slow tests (mostly the SFTP ones) so they can be \ 
filtered out by inv test‘s default behavior; as well as other minor tweaks to \ 
test collection and/or display (for example, GSSAPI tests are collected, but \ 
skipped, instead of not even being collected by default as in test.py.)

[Support]: Update tearDown of client test suite to avoid hangs due to eternally \ 
blocking accept() calls on the internal server thread (which can occur when test \ 
code raises an exception before actually connecting to the server.)
   2017-10-25 08:38:53 by Adam Ciarcinski | Files touched by this commit (1) | Package updated
Log message:
   2017-10-12 14:42:26 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-paramiko: update to 2.3.1

[Bug] 1071: Certificate support broke the no-certificate case for Ed25519 keys \ 
(symptom is an AttributeError about public_blob.) This went uncaught due to cert \ 
autoload behavior (i.e. our test suite never actually ran the no-cert case, \ 
because the cert existed!) Both issues have been fixed. Thanks to John Hu for \ 
the report.
   2017-05-19 16:47:10 by Havard Eidnes | Files touched by this commit (3) | Package updated
Log message:
Upgrade py-paramiko from 1.15.3 to 1.18.2.

Pkgsrc changes:
Adapt PLIST.

Upstream changes:

1.18.2 2017-02-20
  [Bug] #895: Fix a bug in server-mode concerning multiple interactive
     auth steps (which were incorrectly responded to). Thanks to Dennis
     Kaarsemaker for catch & patch.
  [Bug] #713: (via #714 and #889) Don't pass initialization vectors
     to PyCrypto when dealing with counter-mode ciphers; newer PyCrypto
     versions throw an exception otherwise (older ones simply ignored
     this parameter altogether). Thanks to @jmh045000 for report &
  [Bug] #44: (via #891) SSHClient now gives its internal Transport
     a handle on itself, preventing garbage collection of the client
     until the session is closed. Without this, some code which returns
     stream or transport objects without the client that generated
     them, would result in premature session closure when the client
     was GCd. Credit: @w31rd0 for original report, Omer Anson for the
  [Bug] #862: (via #863) Avoid test suite exceptions on platforms
    lacking errno.ETIME (which seems to be some FreeBSD and some
    Windows environments.) Thanks to Sofian Brabez.
  [Bug] #853: Tweak how RSAKey.__str__ behaves so it doesn't
    cause TypeError under Python 3. Thanks to Francisco Couzo for
    the report.
  [Support] #866: (also #838) Remove an old test-related file we
    don't support, and add PyPy to Travis-CI config. Thanks to
    Pierce Lopez for the final patch and Pedro Rodrigues for an
    earlier edition.

1.18.1 2016-12-12
  [Bug] #859: (via #860) A tweak to the original patch implementing
    #398 was not fully applied, causing calls to invoke_shell to
    fail with AttributeError. This has been fixed. Patch credit:
    Kirk Byers.

1.18.0 2016-12-09
  [Feature] #398: Add an environment dict argument to
    Client.exec_command (plus the lower level Channel.update_environment
    and Channel.set_environment_variable methods) which implements
    the env SSH message type. This means the remote shell environment
    can be set without the use of VARNAME=value shell tricks,
    provided the server's AcceptEnv lists the variables you need
    to set. Thanks to Philip Lorenz for the pull request.
  [Feature] #780: (also #779, and may help users affected by
    #520) Add an optional timeout parameter to Transport.start_client
    (and feed it the value of the configured connection timeout
    when used within SSHClient.) This helps prevent situations
    where network connectivity isn't timing out, but the remote
    server is otherwise unable to service the connection in a timely
    manner. Credit to @sanseihappa.
  [Support] #819: Document how lacking gmp headers at install
    time can cause a significant performance hit if you build
    PyCrypto from source. (Most system-distributed packages already
    have this enabled.)
  [Support] #854: Fix incorrect docstring/param-list for
    Transport.auth_gssapi_keyex so it matches the real signature.
    Caught by @Score_Under.
  [Support] #792: Minor updates to the README and demos; thanks to Alan Yee.
  [Support] #801: Skip a Unix-only test when on Windows; thanks to Gabi Davar.

For pre-1.18.0 changes, see