openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Revisions of python-paramiko

buildservice-autocommit accepted request 1134140 from

Steve Kowalik (StevenK) 4 months ago (revision 120)

baserev update by copy to link target

Steve Kowalik (StevenK) committed 4 months ago (revision 119)

- Add patch use-64-bit-maxsize-everywhere.patch:
  * Use the 64-bit value of sys.maxsize.

Steve Kowalik (StevenK) committed 4 months ago (revision 118)

- Update to 3.4.0: (CVE-2023-48795, bsc#1218168)
  * Transport grew a new packetizer_class kwarg for overriding the
    packet-handler class used internally.
  * Address CVE 2023-48795 (aka the "Terrapin Attack", a vulnerability found
    in the SSH protocol re: treatment of packet sequence numbers) as follows:
    + The vulnerability only impacts encrypt-then-MAC digest algorithms in
      tandem with CBC ciphers, and ChaCha20-poly1305; of these, Paramiko
      currently only implements hmac-sha2-(256|512)-etm in tandem with
      AES-CBC.
    + As the fix for the vulnerability requires both ends of the connection
      to cooperate, the below changes will only take effect when the remote
      end is OpenSSH >= 9.6 (or equivalent, such as Paramiko in server mode,
      as of this patch version) and configured to use the new
      "strict kex" mode.
    + Paramiko will now raise an SSHException subclass (MessageOrderError)
      when protocol messages are received in unexpected order. This includes
      situations like receiving MSG_DEBUG or MSG_IGNORE during initial key
      exchange, which are no longer allowed during strict mode.
    + Key (re)negotiation -- i.e. MSG_NEWKEYS, whenever it is encountered --
      now resets packet sequence numbers. (This should be invisible to users
      during normal operation, only causing exceptions if the exploit is
      encountered, which will usually result in, again, MessageOrderError.)
    + Sequence number rollover will now raise SSHException if it occurs
      during initial key exchange (regardless of strict mode status).
  * Tweak ext-info-(c|s) detection during KEXINIT protocol phase; the
    original implementation made assumptions based on an OpenSSH
    implementation detail.

buildservice-autocommit accepted request 1116019 from

Dirk Mueller (dirkmueller) 7 months ago (revision 117)

baserev update by copy to link target

Dirk Mueller (dirkmueller) committed 7 months ago (revision 116)

  * [Feature] #1951: Add SSH config token expansion (eg %h, %p) when
  * [Support] #2004: (via #2011) Apply unittest skipIf to tests currently
    using SHA1 in their critical path, to avoid failures on systems starting
  * [Support] #1838: (via #1870/#2028) Update camelCase method calls
    against the threading module to be snake_case; this and related tweaks
  * [Support] #2038: (via #2039) Recent versions of Cryptography have
    deprecated Blowfish algorithm support; in lieu of an easy method for
    users to remove it from the list of algorithms Paramiko tries to import
    and use, we’ve decided to remove it from our “preferred algorithms” list.
    This will both discourage use of a weak algorithm, and avoid warnings.
  * [Bug] #2017: OpenSSH 7.7 and older has a bug preventing it from
    understanding how to perform SHA2 signature verification for RSA
    certificates (specifically certs - not keys), so when we added SHA2
    support it broke all clients using RSA certificates with these servers.
    This has been fixed in a manner similar to what OpenSSH’s own client
    does: a version check is performed and the algorithm used is downgraded
  * [Bug] #1933: Align signature verification algorithm with OpenSSH re:
    zero-padding signatures which don’t match their nominal size/length. This
    shouldn’t affect most users, but will help Paramiko-implemented SSH
- Update to 2.10.3 (bsc#1197279, CVE-2022-24302)
  - [Feature] #1846: Add a prefetch keyword argument to
  - [Support] #1727: Add missing test suite fixtures directory to
- Set environment to utf-8 to allow tests to pass on Python 2. (bsc#1178341)
  * gh#paramiko/paramiko#1655
- update to 2.7.2 (bsc#1166758, bsc#1166758, bsc#1205132)
- update to 2.6.0 (bsc#1200603)
- update to 2.5.0
  extend timeout in testsuite to pass on ppc64le
     key-decryption passphrases from password-auth passwords.
  * Certificate support broke the no-certificate case for Ed25519 keys

buildservice-autocommit accepted request 1114537 from

Matej Cepl (mcepl) 7 months ago (revision 115)

baserev update by copy to link target

Matej Cepl (mcepl) accepted request 1114462 from

Ondřej Súkup (mimi_vx) 7 months ago (revision 114)

- refresh remove-icecream-dep.patch
- update to 3.3.1
 detailed changelog: https://www.paramiko.org/changelog.html#

buildservice-autocommit accepted request 1086711 from

Daniel Garcia (dgarcia) 12 months ago (revision 113)

baserev update by copy to link target

Daniel Garcia (dgarcia) committed 12 months ago (revision 112)

- Delete paramiko-pr1665-remove-pytest-relaxed.patch
- Add remove-icecream-dep.patch
- Update to 3.1.0:
  * [Feature] #2173: Accept single tabs as field separators (in
    addition to single spaces) in
    <paramiko.hostkeys.HostKeyEntry.from_line> for parity with
    OpenSSH’s KnownHosts parser. Patched by Alex Chavkin.
  * [Feature] #2013: (solving #2009, plus others) Add an explicit
    channel_timeout keyword argument to
    paramiko.client.SSHClient.connect, allowing users to configure the
    previously-hardcoded default value of 3600 seconds. Thanks to
    @VakarisZ and @ilija-lazoroski for the report and patch, with
    credit to Mike Salvatore for patch review.
  * [Support] #2178: Apply codespell to the codebase, which found a
    lot of very old minor spelling mistakes in docstrings. Also
    modernize many instances of *largs vs *args and **kwarg vs
    **kwargs. Patch courtesy of Yaroslav Halchenko, with review from
    Brian Skinn.
- 3.0.0:
  * [Bug]: A handful of lower-level classes (notably
    paramiko.message.Message and paramiko.pkey.PKey) previously
    returned bytes objects from their implementation of __str__, even
    under Python 3; and there was never any __bytes__ method.
  * These issues have been fixed by renaming __str__ to __bytes__ and
    relying on Python’s default “stringification returns the output of
    __repr__” behavior re: any real attempts to str() such objects.
  * [Bug] #2165: Streamline some redundant (and costly) byte
    conversion calls in the packetizer and the core SFTP module. This
    should lead to some SFTP speedups at the very least. Thanks to
    Alex Gaynor for the patch.

buildservice-autocommit accepted request 1083119 from

Dirk Mueller (dirkmueller) about 1 year ago (revision 111)

baserev update by copy to link target

Dirk Mueller (dirkmueller) committed about 1 year ago (revision 110)

Dirk Mueller (dirkmueller) committed about 1 year ago (revision 109)

- Move documentation into main package for SLE15

- add sle15_python_module_pythons (jsc#PED-68)

buildservice-autocommit accepted request 1036980 from

Matej Cepl (mcepl) over 1 year ago (revision 108)

baserev update by copy to link target

Matej Cepl (mcepl) accepted request 1036973 from

Benjamin Greiner (bnavigator) over 1 year ago (revision 107)

- Update to 2.12.0
  * [Feature] #2125: (also re: #2054) Add a transport_factory kwarg
    to SSHClient.connect for advanced users to gain more control
    over early Transport setup and manipulation. Thanks to Noah
    Pederson for the patch.
- Release 2.11.1
  * [Bug]: bug:1637 (via #1599) Raise SSHException explicitly when
    blank private key data is loaded, instead of the natural result
    of IndexError. This should help more bits of Paramiko or
    Paramiko-adjacent codebases to correctly handle this class of
    error. Credit: Nicholas Dietz.
  * [Bug] #1822: (via, and relating to, far too many other issues
    to mention here) Update SSHClient so it explicitly closes its
    wrapped socket object upon encountering socket errors at
    connection time. This should help somewhat with certain classes
    of memory leaks, resource warnings, and/or errors (though we
    hasten to remind everyone that Client and Transport have their
    own .close() methods for use in non-error situations!). Patch
    courtesy of @YoavCohen.
- Rename and refresh:
  - paramiko-pr1655-remove-pytest-relaxed.patch
  + paramiko-pr1665-remove-pytest-relaxed.patch
  * gh#paramiko/paramiko#1665

buildservice-autocommit accepted request 979467 from

Matej Cepl (mcepl) almost 2 years ago (revision 106)

baserev update by copy to link target

Matej Cepl (mcepl) accepted request 979399 from

Michael Ströder (stroeder) almost 2 years ago (revision 105)

update to 2.11.0

buildservice-autocommit accepted request 973836 from

Dirk Mueller (dirkmueller) almost 2 years ago (revision 104)

baserev update by copy to link target

Dirk Mueller (dirkmueller) committed about 2 years ago (revision 103)

- update to 2.10.4:
  * Servers offering certificate variants of hostkey algorithms (eg
    ssh-rsa-cert-v01@openssh.com) could not have their host keys verified by
    Paramiko clients, as it only ever considered non-cert key types for that
    part of connection handshaking. This has been fixed.
  * gq PKey instances’ __eq__ did not have the usual safety guard in place to
    ensure they were being compared to another PKey object, causing occasional
    spurious BadHostKeyException (among other things). This has been fixed.
  * Update camelCase method calls against the threading module to be snake_case;
    this and related tweaks should fix some deprecation warnings under Python 3.10.

buildservice-autocommit accepted request 967774 from