python/python-paramiko
SHA256
15
0
Fork 0
forked from pool/python-paramiko
Code Pull Requests Activity

Accepting request 502890 from home:mimi_vx:branches:devel:languages:python

Browse Source 
- update to 2.1.3
* Make util.log_to_file append instead of replace.
* SSHClient and Transport could cause a memory leak if there’s a connection
	 problem or protocol error, even if Transport.close() is called.
* Prior support for ecdsa-sha2-nistp(384|521) algorithms didn’t fully extend
	 to covering host keys, preventing connection to hosts which only offer
	 these key types and no others. This is now fixed.
* Prefer newer ecdsa-sha2-nistp keys over RSA and DSA keys during host key
	 selection. This improves compatibility with OpenSSH, both in terms of general
	 behavior, and also re: ability to properly leverage OpenSSH-modified
	 known_hosts files.
* The RC4/arcfour family of ciphers has been broken since version 2.0; but since
	 the algorithm is now known to be completely insecure, we are opting
	 to remove support outright instead of fixing it.
* Move sha1 above the now-arguably-broken md5 in the list of preferred MAC
	 algorithms, as an incremental security improvement for users whose target
	 systems offer both.
* Writing encrypted/password-protected private key files was silently broken
	 since 2.0 due to an incorrect API call
     Includes a directly related fix, namely adding the ability to read AES-256-CBC
	 ciphered private keys (which is now what we tend to write out as it is
	 Cryptography’s default private key cipher.)
* Allow any type implementing the buffer API to be used with BufferedFile,
	 Channel, and SFTPFile. This resolves a regression introduced in 1.13
	 with the Python 3 porting changes, when using types such as memoryview.
* Enhance default cipher preference order such that aes(192|256)-cbc are preferred
	 over blowfish-cbc.
* SSHClient now requests the type of host key it has (e.g. from known_hosts)
	 and does not consider a different type to be a “Missing” host key. This fixes
	 a common case where an ECDSA key is in known_hosts and the server also has

OBS-URL: https://build.opensuse.org/request/show/502890
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-paramiko?expand=0&rev=62
This commit is contained in:
Tomas Cech
2017-06-14 09:20:40 +00:00
committed by Git OBS Bridge
parent 036cf9fd2a
commit 1bf9ed68c1
4 changed files with 44 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
python-paramiko.changes
View File

@@ -1,3 +1,39 @@
-------------------------------------------------------------------
Sun Jun 11 16:32:09 UTC 2017 - mimi.vx@gmail.com
- update to 2.1.3
* Make util.log_to_file append instead of replace.
* SSHClient and Transport could cause a memory leak if theres a connection
problem or protocol error, even if Transport.close() is called.
* Prior support for ecdsa-sha2-nistp(384|521) algorithms didnt fully extend
to covering host keys, preventing connection to hosts which only offer
these key types and no others. This is now fixed.
* Prefer newer ecdsa-sha2-nistp keys over RSA and DSA keys during host key
selection. This improves compatibility with OpenSSH, both in terms of general
behavior, and also re: ability to properly leverage OpenSSH-modified
known_hosts files.
* The RC4/arcfour family of ciphers has been broken since version 2.0; but since
the algorithm is now known to be completely insecure, we are opting
to remove support outright instead of fixing it.
* Move sha1 above the now-arguably-broken md5 in the list of preferred MAC
algorithms, as an incremental security improvement for users whose target
systems offer both.
* Writing encrypted/password-protected private key files was silently broken
since 2.0 due to an incorrect API call
Includes a directly related fix, namely adding the ability to read AES-256-CBC
ciphered private keys (which is now what we tend to write out as it is
Cryptographys default private key cipher.)
* Allow any type implementing the buffer API to be used with BufferedFile,
Channel, and SFTPFile. This resolves a regression introduced in 1.13
with the Python 3 porting changes, when using types such as memoryview.
* Enhance default cipher preference order such that aes(192|256)-cbc are preferred
over blowfish-cbc.
* SSHClient now requests the type of host key it has (e.g. from known_hosts)
and does not consider a different type to be a “Missing” host key. This fixes
a common case where an ECDSA key is in known_hosts and the server also has
an RSA host key.
* Overhaul the codebase to be PEP-8
-------------------------------------------------------------------
Wed Apr 19 17:24:58 UTC 2017 - toddrme2178@gmail.com