↵ Return to the main page of python3-paramiko
View build
Search for updates
Package Info
🠗 Changelog
🠗 Dependencies
🠗 Provides
🠗 Files
Date | Author | Change |
---|---|---|
2024-09-16 | Paul Howarth <paul at city dash fan dot org> - 3.5.0-1 | - Update to 3.5.0 (rhbz#2312503) - Add support for AES-GCM encryption ciphers (128 and 256 bit variants) (GH#982, GH#2157, GH#2444, rhbz#2311855); this functionality has been tested in client mode against OpenSSH 9.0, 9.2 and 9.6, as well as against a number of proprietary appliance SSH servers - Check for 'None' transport members inside '~paramiko.channel.Channel' when closing the channel; this likely doesn't come up much in the real world, but was causing warnings in the test suite |
2024-08-12 | Paul Howarth <paul at city dash fan dot org> - 3.4.1-1 | - Update to 3.4.1 - Massage our import of the TripleDES cipher to support Cryptography ≥ 43; this should prevent 'CryptographyDeprecationWarning' from appearing upon import (GH#2419, GH#2421) - Modify a test-harness skiptest check to work with newer versions of Cryptography (GH#2420) - Fix a 64-bit-ism in the test suite so the tests don't encounter a false negative on 32-bit systems (GH#2353) |
2024-07-22 | Paul Howarth <paul at city dash fan dot org> - 3.4.0-6 | - Fix detection of SHA1 signing support https://github.com/paramiko/paramiko/pull/2420 https://github.com/pyca/cryptography/issues/11332 https://github.com/PyO3/pyo3/issues/3059 - Remove cache Sphinx build folder ".doctrees" |
2024-07-19 | Fedora Release Engineering <releng at fedoraproject dot org> - 3.4.0-5 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild |
2024-06-08 | Python Maint <python dash maint at redhat dot com> - 3.4.0-4 | - Rebuilt for Python 3.13 |
2024-01-26 | Fedora Release Engineering <releng at fedoraproject dot org> - 3.4.0-3 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild |
2024-01-22 | Fedora Release Engineering <releng at fedoraproject dot org> - 3.4.0-2 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild |
2023-12-19 | Gwyn Ciesla <gwync at protonmail dot com> - 3.4.0-1 | - 3.4.0 - 'Transport' grew a new 'packetizer_class' kwarg for overriding the packet-handler class used internally (mostly for testing, but advanced users may find this useful when doing deep hacks) - Address CVE 2023-48795 (https://terrapin-attack.com/) a.k.a. the "Terrapin Attack", a vulnerability found in the SSH protocol re: treatment of packet sequence numbers) as follows: - The vulnerability only impacts encrypt-then-MAC digest algorithms in tandem with CBC ciphers, and ChaCha20-poly1305; of these, Paramiko currently only implements 'hmac-sha2-(256|512)-etm' in tandem with 'AES-CBC'; if you are unable to upgrade to Paramiko versions containing the below fixes right away, you may instead use the 'disabled_algorithms' connection option to disable the ETM MACs and/or the CBC ciphers (this option is present in Paramiko ≥ 2.6) - As the fix for the vulnerability requires both ends of the connection to cooperate, the below changes will only take effect when the remote end is OpenSSH ≥ 9.6 (or equivalent, such as Paramiko in server mode, as of this patch version) and configured to use the new "strict kex" mode (Paramiko will always attempt to use "strict kex" mode if offered by the server, unless you override this by specifying 'strict_kex=False' in 'Transport.__init__') - Paramiko will now raise an 'SSHException' subclass ('MessageOrderError') when protocol messages are received in unexpected order; this includes situations like receiving 'MSG_DEBUG' or 'MSG_IGNORE' during initial key exchange, which are no longer allowed during strict mode - Key (re)negotiation -- i.e. 'MSG_NEWKEYS', whenever it is encountered -- now resets packet sequence numbers (this should be invisible to users during normal operation, only causing exceptions if the exploit is encountered, which will usually result in, again, 'MessageOrderError') - Sequence number rollover will now raise 'SSHException' if it occurs during initial key exchange (regardless of strict mode status) - Tweak 'ext-info-(c|s)' detection during KEXINIT protocol phase; the original implementation made assumptions based on an OpenSSH implementation detail |
2023-07-30 | Paul Howarth <paul at city dash fan dot org> - 3.3.1-1 | - Update to 3.3.1 (rhbz#2227478) - Cleaned up some very old root level files, mostly just to exercise some of our doc build and release machinery |
2023-07-28 | Gwyn Ciesla <gwync at protonmail dot com> - 3.3.0-1 | - 3.3.0 - Add support and tests for 'Match final ..' (frequently used in ProxyJump configurations to exclude the jump host) to our SSH config parser (GH#1907, GH#1992) - Add an explicit 'max_concurrent_prefetch_requests' argument to 'paramiko.client.SSHClient.get' and 'paramiko.client.SSHClient.getfo', allowing users to limit the number of concurrent requests used during prefetch (GH#1587, GH#2058) |