./security/py-paramiko, SSH2 protocol library

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.10.4, Package name: py39-paramiko-2.10.4, Maintainer: pkgsrc-users

paramiko is a module for python 2.2 (or higher) that implements the SSH2
protocol for secure (encrypted and authenticated) connections to remote
machines. unlike SSL (aka TLS), SSH2 protocol does not require hierarchical
certificates signed by a powerful central authority. you may know SSH2 as
the protocol that replaced telnet and rsh for secure access to remote shells,
but the protocol also includes the ability to open arbitrary channels to
remote services across the encrypted tunnel (this is how sftp works,
for example).


Required to run:
[devel/py-setuptools] [security/py-cryptography] [security/py-bcrypt] [security/py-nacl] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 1043.121 KB

Version history: (Expand)


CVS history: (Expand)


   2022-05-05 19:59:35 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-paramiko: updated to 2.10.4

2.10.4 2022-04-25

[Bug]: Servers offering certificate variants of hostkey algorithms (eg \ 
ssh-rsa-cert-v01@openssh.com) could not have their host keys verified by \ 
Paramiko clients, as it only ever considered non-cert key types for that part of \ 
connection handshaking. This has been fixed.
[Bug]: PKey instances’ __eq__ did not have the usual safety guard in place to \ 
ensure they were being compared to another PKey object, causing occasional \ 
spurious BadHostKeyException (among other things). This has been fixed. Thanks \ 
to Shengdun Hua for the original report/patch and to Christopher Papke for the \ 
final version of the fix.
[Support]: Update camelCase method calls against the threading module to be \ 
snake_case; this and related tweaks should fix some deprecation warnings under \ 
Python 3.10. Thanks to Karthikeyan Singaravelan for the report, \ 
@Narendra-Neerukonda for the patch, and to Thomas Grainger and Jun Omae for \ 
patch workshopping.
   2022-04-21 13:00:02 by Thomas Klausner | Files touched by this commit (18)
Log message:
*: convert to versioned_dependencies for py-cryptography
   2022-01-04 21:55:40 by Thomas Klausner | Files touched by this commit (1595)
Log message:
*: bump PKGREVISION for egg.mk users

They now have a tool dependency on py-setuptools instead of a DEPENDS
   2021-11-29 10:33:19 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-paramiko: updated to 2.8.1

2.8.1 2021-11-28
[Bug]: (also 908) Update PKey and subclasses to compare (__eq__) via direct \ 
field/attribute comparison instead of hashing (while retaining the existing \ 
behavior of __hash__ via a slight refactor). Big thanks to Josh Snyder and Jun \ 
Omae for the reports, and to Josh Snyder for reproduction details & patch.

Warning
This fixes a security flaw! If you are running Paramiko on 32-bit systems with \ 
low entropy (such as any 32-bit Python 2, or a 32-bit Python 3 which is running \ 
with PYTHONHASHSEED=0) it is possible for an attacker to craft a new keypair \ 
from an exfiltrated public key, which Paramiko would consider equal to the \ 
original key.

This could enable attacks such as, but not limited to, the following:

Paramiko server processes would incorrectly authenticate the attacker (using \ 
their generated private key) as if they were the victim. We see this as the most \ 
plausible attack using this flaw.
Paramiko client processes would incorrectly validate a connected server (when \ 
host key verification is enabled) while subjected to a man-in-the-middle attack. \ 
This impacts more users than the server-side version, but also carries higher \ 
requirements for the attacker, namely successful DNS poisoning or other MITM \ 
techniques.
[Bug] 1257: (also 1266) Update RSA and ECDSA key decoding subroutines to \ 
correctly catch exception types thrown by modern versions of Cryptography \ 
(specifically TypeError and its internal UnsupportedAlgorithm). These exception \ 
classes will now become SSHException instances instead of bubbling up. Thanks to \ 
Ignat Semenov for the report and @tylergarcianet for an early patch.
[Bug] 1024: Deleting items from HostKeys would incorrectly raise KeyError even \ 
for valid keys, due to a logic bug. This has been fixed. Report & patch \ 
credit: Jia Zhang.
[Bug] 985: (via 992) Fix listdir failure when server uses a locale. Now on \ 
Python 2.7 SFTPAttributes will decode abbreviated month names correctly rather \ 
than raise UnicodeDecodeError`. Patch courtesy of Martin Packman.
   2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605)
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \ 
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
   2021-10-11 11:34:52 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-paramiko: updated to 2.8.0

2.8.0 2021-10-09
[Feature] Add a prefetch keyword argument to SFTPClient.get/SFTPClient.getfo so \ 
users who need to skip SFTP prefetching are able to conditionally turn it off. \ 
Thanks to Github user @h3ll0r for the PR.
[Bug] Newer server-side key exchange algorithms not intended to use SHA1 \ 
(diffie-hellman-group14-sha256, diffie-hellman-group16-sha512) were incorrectly \ 
using SHA1 after all, due to a bug causing them to ignore the hash_algo class \ 
attribute. This has been corrected. Big thanks to @miverson for the report and \ 
to Benno Rice for the patch.
[Support] Remove leading whitespace from OpenSSH RSA test suite static key \ 
fixture, to conform better to spec. Credit: Alex Gaynor.
[Support] Add missing test suite fixtures directory to MANIFEST.in, reinstating \ 
the ability to run Paramiko’s tests from an sdist tarball. Thanks to Sandro \ 
Tosi for reporting the issue and to Blazej Michalik for the PR.
[Support]: Update our CI to catch issues with sdist generation, installation and \ 
testing.
[Support]: Administrivia overhaul, including but not limited to:
Migrate CI to CircleCI
Primary dev branch is now main (renamed)
Many README edits for clarity, modernization etc; including a bunch more (and \ 
consistent) status badges & unification with main project site index
PyPI page much more fleshed out (long_description is now filled in with the \ 
README; sidebar links expanded; etc)
flake8, pytest configs split out of setup.cfg into their own files
Invoke/invocations (used by maintainers/contributors) upgraded to modern versions
   2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606)
Log message:
security: Remove SHA1 hashes for distfiles
   2020-09-08 19:43:12 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-paramiko: updated to 2.7.2

2.7.2:
[Bug] Fix incorrectly swapped order of p and q numbers when loading \ 
OpenSSH-format RSA private keys. At minimum this should address a slowdown when \ 
using such keys, and it also means Paramiko works with Cryptography 3.1 and \ 
above (which complains strenuously when this problem appears). Thanks to Alex \ 
Gaynor for the patch.
[Bug]: Fix incorrect string formatting causing unhelpful error message \ 
annotation when using Kerberos/GSSAPI. (Thanks, newer version of flake8!)
[Support] Remove leading whitespace from OpenSSH RSA test suite static key \ 
fixture, to conform better to spec. Credit: Alex Gaynor.
[Support] Add missing test suite fixtures directory to MANIFEST.in, reinstating \ 
the ability to run Paramiko’s tests from an sdist tarball. Thanks to Sandro \ 
Tosi for reporting the issue and to Blazej Michalik for the PR.
[Support]: Update our CI to catch issues with sdist generation, installation and \ 
testing.