Fedora Packages

python3-paramiko-3.5.0-1.fc41 in Fedora 41

↵ Return to the main page of python3-paramiko
View build
Search for updates

Package Info
🠗 Changelog
🠗 Dependencies
🠗 Provides
🠗 Files

Changelog

Date Author Change
2024-09-16 Paul Howarth <paul at city dash fan dot org> - 3.5.0-1 - Update to 3.5.0 (rhbz#2312503) - Add support for AES-GCM encryption ciphers (128 and 256 bit variants) (GH#982, GH#2157, GH#2444, rhbz#2311855); this functionality has been tested in client mode against OpenSSH 9.0, 9.2 and 9.6, as well as against a number of proprietary appliance SSH servers - Check for 'None' transport members inside '~paramiko.channel.Channel' when closing the channel; this likely doesn't come up much in the real world, but was causing warnings in the test suite
2024-08-12 Paul Howarth <paul at city dash fan dot org> - 3.4.1-1 - Update to 3.4.1 - Massage our import of the TripleDES cipher to support Cryptography ≥ 43; this should prevent 'CryptographyDeprecationWarning' from appearing upon import (GH#2419, GH#2421) - Modify a test-harness skiptest check to work with newer versions of Cryptography (GH#2420) - Fix a 64-bit-ism in the test suite so the tests don't encounter a false negative on 32-bit systems (GH#2353)
2024-07-22 Paul Howarth <paul at city dash fan dot org> - 3.4.0-6 - Fix detection of SHA1 signing support https://github.com/paramiko/paramiko/pull/2420 https://github.com/pyca/cryptography/issues/11332 https://github.com/PyO3/pyo3/issues/3059 - Remove cache Sphinx build folder ".doctrees"
2024-07-19 Fedora Release Engineering <releng at fedoraproject dot org> - 3.4.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
2024-06-08 Python Maint <python dash maint at redhat dot com> - 3.4.0-4 - Rebuilt for Python 3.13
2024-01-26 Fedora Release Engineering <releng at fedoraproject dot org> - 3.4.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
2024-01-22 Fedora Release Engineering <releng at fedoraproject dot org> - 3.4.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
2023-12-19 Gwyn Ciesla <gwync at protonmail dot com> - 3.4.0-1 - 3.4.0 - 'Transport' grew a new 'packetizer_class' kwarg for overriding the packet-handler class used internally (mostly for testing, but advanced users may find this useful when doing deep hacks) - Address CVE 2023-48795 (https://terrapin-attack.com/) a.k.a. the "Terrapin Attack", a vulnerability found in the SSH protocol re: treatment of packet sequence numbers) as follows: - The vulnerability only impacts encrypt-then-MAC digest algorithms in tandem with CBC ciphers, and ChaCha20-poly1305; of these, Paramiko currently only implements 'hmac-sha2-(256|512)-etm' in tandem with 'AES-CBC'; if you are unable to upgrade to Paramiko versions containing the below fixes right away, you may instead use the 'disabled_algorithms' connection option to disable the ETM MACs and/or the CBC ciphers (this option is present in Paramiko ≥ 2.6) - As the fix for the vulnerability requires both ends of the connection to cooperate, the below changes will only take effect when the remote end is OpenSSH ≥ 9.6 (or equivalent, such as Paramiko in server mode, as of this patch version) and configured to use the new "strict kex" mode (Paramiko will always attempt to use "strict kex" mode if offered by the server, unless you override this by specifying 'strict_kex=False' in 'Transport.__init__') - Paramiko will now raise an 'SSHException' subclass ('MessageOrderError') when protocol messages are received in unexpected order; this includes situations like receiving 'MSG_DEBUG' or 'MSG_IGNORE' during initial key exchange, which are no longer allowed during strict mode - Key (re)negotiation -- i.e. 'MSG_NEWKEYS', whenever it is encountered -- now resets packet sequence numbers (this should be invisible to users during normal operation, only causing exceptions if the exploit is encountered, which will usually result in, again, 'MessageOrderError') - Sequence number rollover will now raise 'SSHException' if it occurs during initial key exchange (regardless of strict mode status) - Tweak 'ext-info-(c|s)' detection during KEXINIT protocol phase; the original implementation made assumptions based on an OpenSSH implementation detail
2023-07-30 Paul Howarth <paul at city dash fan dot org> - 3.3.1-1 - Update to 3.3.1 (rhbz#2227478) - Cleaned up some very old root level files, mostly just to exercise some of our doc build and release machinery
2023-07-28 Gwyn Ciesla <gwync at protonmail dot com> - 3.3.0-1 - 3.3.0 - Add support and tests for 'Match final ..' (frequently used in ProxyJump configurations to exclude the jump host) to our SSH config parser (GH#1907, GH#1992) - Add an explicit 'max_concurrent_prefetch_requests' argument to 'paramiko.client.SSHClient.get' and 'paramiko.client.SSHClient.getfo', allowing users to limit the number of concurrent requests used during prefetch (GH#1587, GH#2058)

Dependencies

Provides

  • python-paramiko
  • python3-paramiko
  • python3.13-paramiko
  • python3.13dist(paramiko)
  • python3dist(paramiko)

Files


Sources on Pagure