[ol9_developer_EPEL] python3-paramiko-2.12.0-3.el9.noarch

Name:	python3-paramiko
Version:	2.12.0
Release:	3.el9
Architecture:	noarch
Group:	Unspecified
Size:	1416089
License:	LGPL-2.1-or-later
RPM:	python3-paramiko-2.12.0-3.el9.noarch.rpm
Source RPM:	python-paramiko-2.12.0-3.el9.src.rpm
Build Date:	Thu Oct 10 2024
Build Host:	build-ol9-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://github.com/paramiko/paramiko
Summary:	SSH2 protocol library for python
Description:	Paramiko (a combination of the Esperanto words for "paranoid" and "friend") is a module for python 2.3 or greater that implements the SSH2 protocol for secure (encrypted and authenticated) connections to remote machines. Unlike SSL (aka TLS), the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and rsh for secure access to remote shells, but the protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel (this is how sftp works, for example). Python 3 version.

Changelog (Show File list) (Show related packages)

Thu Sep 19 2024 Paul Howarth <paul@city-fan.org> - 2.12.0-3

- Add support for AES-GCM ciphers (rhbz#2311864)
- Remove cache Sphinx build folder ".doctrees"

Fri Dec 29 2023 Paul Howarth <paul@city-fan.org> - 2.12.0-2

- Address CVE 2023-48795 (a.k.a. the "Terrapin Attack", a vulnerability found
  in the SSH protocol re: treatment of packet sequence numbers) as follows:
  - The vulnerability only impacts encrypt-then-MAC digest algorithms in tandem
    with CBC ciphers, and ChaCha20-poly1305; of these, Paramiko currently only
    implements ``hmac-sha2-(256|512)-etm`` in tandem with 'AES-CBC'
  - As the fix for the vulnerability requires both ends of the connection to
    cooperate, the below changes will only take effect when the remote end is
    OpenSSH ≥ 9.6 (or equivalent, such as Paramiko in server mode, as of this
    patch version) and configured to use the new "strict kex" mode
  - Paramiko will always attempt to use "strict kex" mode if offered by the
    server, unless you override this by specifying 'strict_kex=False' in
    'Transport.__init__'
  - Paramiko will now raise an 'SSHException' subclass ('MessageOrderError')
    when protocol messages are received in unexpected order; this includes
    situations like receiving 'MSG_DEBUG' or 'MSG_IGNORE' during initial key
    exchange, which are no longer allowed during strict mode
  - Key (re)negotiation, i.e. 'MSG_NEWKEYS', whenever it is encountered, now
    resets packet sequence numbers (this should be invisible to users during
    normal operation, only causing exceptions if the exploit is encountered,
    which will usually result in, again, 'MessageOrderError')
  - Sequence number rollover will now raise 'SSHException' if it occurs during
    initial key exchange (regardless of strict mode status)
- Tweak 'ext-info-(c|s)' detection during KEXINIT protocol phase; the original
  implementation made assumptions based on an OpenSSH implementation detail
- 'Transport' grew a new 'packetizer_class' kwarg for overriding the
  packet-handler class used internally; this is mostly for testing, but advanced
  users may find this useful when doing deep hacks
- A handful of lower-level classes (notably 'paramiko.message.Message' and
  'paramiko.pkey.PKey') previously returned 'bytes' objects from their
  implementation of '__str__', even under Python 3, and there was never any
  '__bytes__' method; these issues have been fixed by renaming '__str__' to
  '__bytes__' and relying on Python's default "stringification returns the
  output of '__repr__'" behavior re: any real attempts to 'str()' such objects

Sun Nov 06 2022 Paul Howarth <paul@city-fan.org> - 2.12.0-1

- Update to 2.12.0 (rhbz#2140281)
  - Add a 'transport_factory' kwarg to 'SSHClient.connect' for advanced users
    to gain more control over early Transport setup and manipulation (GH#2054,
    GH#2125)
  - Update '~paramiko.client.SSHClient' so it explicitly closes its wrapped
    socket object upon encountering socket errors at connection time; this
    should help somewhat with certain classes of memory leaks, resource
    warnings, and/or errors (though we hasten to remind everyone that Client
    and Transport have their own '.close()' methods for use in non-error
    situations!) (GH#1822)
  - Raise '~paramiko.ssh_exception.SSHException' explicitly when blank private
    key data is loaded, instead of the natural result of 'IndexError'; this
    should help more bits of Paramiko or Paramiko-adjacent codebases to
    correctly handle this class of error (GH#1599, GH#1637)
- Use SPDX-format license tag