pkgsrc.se | The NetBSD package collection

./security/py-paramiko, SSH2 protocol library

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 3.5.1nb1, Package name: py312-paramiko-3.5.1nb1, Maintainer: pkgsrc-users

paramiko is a module for python 2.2 (or higher) that implements the SSH2
protocol for secure (encrypted and authenticated) connections to remote
machines. unlike SSL (aka TLS), SSH2 protocol does not require hierarchical
certificates signed by a powerful central authority. you may know SSH2 as
the protocol that replaced telnet and rsh for secure access to remote shells,
but the protocol also includes the ability to open arbitrary channels to
remote services across the encrypted tunnel (this is how sftp works,
for example).

Required to run:
[devel/py-setuptools] [security/py-cryptography] [security/py-bcrypt] [security/py-nacl] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

https://files.pythonhosted.org/packages/source/p/paramiko/ (Download)

Filesize: 1529.404 KB

Version history: (Expand)

(2025-02-18) Updated to version: py312-paramiko-3.5.1nb1
(2025-02-04) Updated to version: py312-paramiko-3.5.1
(2024-09-16) Updated to version: py312-paramiko-3.5.0
(2024-08-13) Updated to version: py312-paramiko-3.4.1
(2023-12-19) Updated to version: py311-paramiko-3.4.0
(2023-12-18) Updated to version: py311-paramiko-3.3.1nb1

CVS history: (Expand)

2025-02-18 16:06:06 by Thomas Klausner | Files touched by this commit (1)

Log message:
py-paramiko: bump PKGREVISION for bcrypt rust/non-rust support

2025-02-18 16:05:41 by Thomas Klausner | Files touched by this commit (1)

Log message:
py-paramiko: Switch to bcrypt versioned dependency.

From Jonathan Perkin <jperkin@smartos.org>
via drecklypkg commit f68e441dd3510f8f8e3e6dcfeb81f101b5239c3a

2025-02-04 09:47:28 by Adam Ciarcinski | Files touched by this commit (2) | Package updated

Log message:
py-paramiko: updated to 3.5.1

3.5.1 2025-02-03
[Bug] 2490: Private key material is now explicitly ‘unpadded’ during \ 
decryption, removing a reliance on some lax OpenSSL behavior & making us \ 
compatible with future Cryptography releases. Patch courtesy of Alex Gaynor.

2024-11-11 08:29:31 by Thomas Klausner | Files touched by this commit (862)

Log message:
py-*: remove unused tool dependency

py-setuptools includes the py-wheel functionality nowadays

2024-09-16 10:20:43 by Adam Ciarcinski | Files touched by this commit (2) | Package updated

Log message:
py-paramiko: updated to 3.5.0

3.5.0 2024-09-15

[Feature]: Add support for AES-GCM encryption ciphers (128 and 256 bit \ 
variants). Thanks to Alex Gaynor for the report (& for cryptography review), \ 
Shen Cheng for the original PR, and Chris Mason for the updated PR; plus as \ 
usual to everyone who tested the patches and reported their results!

This functionality has been tested in client mode against OpenSSH 9.0, 9.2, and \ 
9.6, as well as against a number of proprietary appliance SSH servers.

2023-12-18 22:16:05 by Thomas Klausner | Files touched by this commit (2) | Package updated

Log message:
py-paramiko: update to 3.4.0.

- :release:`3.4.0 <2023-12-18>`
- :feature:`-` `Transport` grew a new ``packetizer_class`` kwarg for overriding
  the packet-handler class used internally. Mostly for testing, but advanced
  users may find this useful when doing deep hacks.
- :bug:`-` Address `CVE 2023-48795<https://terrapin-attack.com/>`_ (aka the
  "Terrapin Attack", a vulnerability found in the SSH protocol re: \ 
treatment of
  packet sequence numbers) as follows:

    - The vulnerability only impacts encrypt-then-MAC digest algorithms in
      tandem with CBC ciphers, and ChaCha20-poly1305; of these, Paramiko
      currently only implements ``hmac-sha2-(256|512)-etm`` in tandem with
      ``AES-CBC``. If you are unable to upgrade to Paramiko versions containing
      the below fixes right away, you may instead use the
      ``disabled_algorithms`` connection option to disable the ETM MACs and/or
      the CBC ciphers (this option is present in Paramiko >=2.6).
    - As the fix for the vulnerability requires both ends of the connection to
      cooperate, the below changes will only take effect when the remote end is
      OpenSSH >= 9.6 (or equivalent, such as Paramiko in server mode, as of
      this patch version) and configured to use the new "strict kex" mode.
      Paramiko will always attempt to use "strict kex" mode if offered \ 
by the
      server, unless you override this by specifying ``strict_kex=False`` in
      `Transport.__init__`.
    - Paramiko will now raise an `SSHException` subclass (`MessageOrderError`)
      when protocol messages are received in unexpected order. This includes
      situations like receiving ``MSG_DEBUG`` or ``MSG_IGNORE`` during initial
      key exchange, which are no longer allowed during strict mode.
    - Key (re)negotiation -- i.e. ``MSG_NEWKEYS``, whenever it is encountered
      -- now resets packet sequence numbers. (This should be invisible to users
      during normal operation, only causing exceptions if the exploit is
      encountered, which will usually result in, again, `MessageOrderError`.)
    - Sequence number rollover will now raise `SSHException` if it occurs
      during initial key exchange (regardless of strict mode status).

  Thanks to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk for submitting
  details on the CVE prior to release.

- :bug:`-` Tweak ``ext-info-(c|s)`` detection during KEXINIT protocol phase;
  the original implementation made assumptions based on an OpenSSH
  implementation detail.

2023-12-18 17:25:43 by Thomas Klausner | Files touched by this commit (2)

Log message:
py-paramiko: convert to wheel.mk

Update dependencies.

Bump PKGREVISION.

2023-07-31 18:16:48 by Adam Ciarcinski | Files touched by this commit (2) | Package updated

Log message:
py-paramiko: updated to 3.3.1

3.3.1 2023-07-28
[Bug]: Cleaned up some very old root level files, mostly just to exercise some \ 
of our doc build and release machinery. This changelog entry intentionally left \ 
blank! nothing-to-see-here-move-along.gif

3.3.0 2023-07-28
[Feature] Add an explicit max_concurrent_prefetch_requests argument to \ 
paramiko.client.SSHClient.get and paramiko.client.SSHClient.getfo, allowing \ 
users to limit the number of concurrent requests used during prefetch. Patch by \ 
@kschoelhorn, with a test by @bwinston-sdp.
[Feature] Add support and tests for Match final … (frequently used in \ 
ProxyJump configurations to exclude the jump host) to our SSH config parser. \ 
Patch by @commonism.