What's Changed:
- Extend dynamicRef keyword by @nezhar
- Add FORMAT_CHECKER attribute for Validator by @TiborVoelcker
- Remove stray double-quote by @lurch
- Ensure proper sorting of list in error message by @ssbarnea
Signed-off-by: Javier Marcet <javier@marcet.info>
2.11.0:
- [Feature] Add SSH config token expansion (eg %h, %p) when parsing
ProxyJump directives. Patch courtesy of Bruno Inec.
- [Support] (via #2011) Apply unittest skipIf to tests currently
using SHA1 in their critical path, to avoid failures on systems
starting to disable SHA1 outright in their crypto backends (eg RHEL
9). Report & patch via Paul Howarth.
- [Support] Update camelCase method calls against the threading
module to be snake_case; this and related tweaks should fix some
deprecation warnings under Python 3.10. Thanks to Karthikeyan
Singaravelan for the report, @Narendra-Neerukonda for the patch,
and to Thomas Grainger and Jun Omae for patch workshopping.
- [Support] Recent versions of Cryptography have deprecated Blowfish
algorithm support; in lieu of an easy method for users to remove it
from the list of algorithms Paramiko tries to import and use, we’ve
decided to remove it from our “preferred algorithms” list. This will
both discourage use of a weak algorithm, and avoid warnings. Credit
for report/patch goes to Mike Roest.
2.10.5:
- [Bug] Windows-native SSH agent support as merged in 2.10 could
encounter Errno 22 OSError exceptions in some scenarios (eg server
not cleanly closing a relevant named pipe). This has been worked
around and should be less problematic. Reported by Danilo Campana
Fuchs and patched by Jun Omae.
- [Bug] OpenSSH 7.7 and older has a bug preventing it from
understanding how to perform SHA2 signature verification for RSA
certificates (specifically certs - not keys), so when we added SHA2
support it broke all clients using RSA certificates with these
servers. This has been fixed in a manner similar to what OpenSSH’s
own client does: a version check is performed and the algorithm used
is downgraded if needed. Reported by Adarsh Chauhan, with fix
suggested by Jun Omae.
- [Bug] Align signature verification algorithm with OpenSSH re:
zero-padding signatures which don’t match their nominal size/length.
This shouldn’t affect most users, but will help Paramiko-implemented
SSH servers handle poorly behaved clients such as PuTTY. Thanks to
Jun Omae for catch & patch.
Signed-off-by: Javier Marcet <javier@marcet.info>
- [Bug] Servers offering certificate variants of hostkey algorithms
(eg ssh-rsa-cert-v01@openssh.com) could not have their host keys
verified by Paramiko clients, as it only ever considered non-cert key
types for that part of connection handshaking. This has been fixed.
- [Bug] PKey instances’ __eq__ did not have the usual safety guard in
place to ensure they were being compared to another PKey object,
causing occasional spurious BadHostKeyException (among other things).
This has been fixed. Thanks to Shengdun Hua for the original report
/patch and to Christopher Papke for the final version of the fix.
- [Support] Update camelCase method calls against the threading
module to be snake_case; this and related tweaks should fix some
deprecation warnings under Python 3.10. Thanks to Karthikeyan
Singaravelan for the report, @Narendra-Neerukonda for the patch, and
to Thomas Grainger and Jun Omae for patch workshopping.
Signed-off-by: Javier Marcet <javier@marcet.info>
As we are using this package in Turris OS
and Daniel Golle decided to no longer maintain this
and some other Python packages I'd like to take
this package maintainership as was originally
suggested in https://github.com/openwrt/packages/pull/17911
by Josef Schlehofer (@BKPepe).
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
As we are using this package in Turris OS
and Daniel Golle decided to no longer maintain this
and some other Python packages I'd like to take
this package maintainership as was originally
suggested in https://github.com/openwrt/packages/pull/17911
by Josef Schlehofer (@BKPepe).
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
- Add support for pre-initialized stream socket in new WebSocketApp
- Remove rel.saferead() in examples (f0bf03d)
- Increase scope of linting checks (dca4022)
- Start adding type hints (a8a4099)
Signed-off-by: Javier Marcet <javier@marcet.info>
2.10.2:
- [Bug] Fix Python 2 compatibility breakage introduced in 2.10.1.
Spotted by Christian Hammond.
2.10.3:
- [Bug] Switch from module-global to thread-local storage when
recording thread IDs for a logging helper; this should avoid one
flavor of memory leak for long-running processes. Catch & patch via
Richard Kojedzinszky.
- [Bug] Certificate-based pubkey auth was inadvertently broken when
adding SHA2 support; this has been fixed. Reported by Erik Forsberg
and fixed by Jun Omae.
Signed-off-by: Javier Marcet <javier@marcet.info>
It seems that Turris guys is using this package in the Turris OS, where
it is used for reForis (simple, basic UI for users)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[replace Daniel as maintainer, add commit message]
Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
It seems that Turris guys is using this package in the Turris OS, where
it is used for reForis (simple, basic UI for users)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[replace Daniel as maintainer, add commit message]
Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Includes fixes for:
* Windows builds updated to bzip2 1.0.8 to mitigate CVE-2016-3189 and
CVE-2019-12900
* CVE-2022-26488: Escalation of privilege via Windows Installer
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This package (more specifically, the host version) was added for mesa in
the video feed[1]; no packages in the packages feed require this
package.
As mesa will be updated to install Mako using host pip[2], there is no
need to continue maintaining the package here. It will be imported into
the abandoned packages repo[3].
[1]: 2e17cb9a1b (commitcomment-63047904)
[2]: https://github.com/openwrt/video/pull/25
[3]: https://github.com/openwrt/packages-abandoned/pull/26
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This adds a recipe, Py3Build/InstallBuildDepends, that installs the
requirements listed in HOST_PYTHON3_PACKAGE_BUILD_DEPENDS. This allows
other (non-Python) packages to install host Python packages by calling
this recipe, without having to know the internals of python3-package.mk.
This also updates apparmor to call this recipe.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2.10.1:
- [Bug]: (CVE-2022-24302) Creation of new private key files using
PKey subclasses was subject to a race condition between file creation
& mode modification, which could be exploited by an attacker with
knowledge of where the Paramiko-using code would write out such
files.
- This has been patched by using os.open and os.fdopen to ensure new
files are opened with the correct mode immediately. We’ve left the
subsequent explicit chmod in place to minimize any possible
disruption, though it may get removed in future backwards-
incompatible updates.
- Thanks to Jan Schejbal for the report & feedback on the solution,
and to Jeremy Katz at Tidelift for coordinating the disclosure.
2.10.0:
- [Feature] Add support for OpenSSH’s Windows agent as a fallback
when Putty/WinPageant isn’t available or functional. Reported by
@benj56 with patches/PRs from @lewgordon and Patrick Spendrin.
- [Feature] Add support for the %C token when parsing SSH config
files. Foundational PR submitted by @jbrand42.
- [Bug] Significantly speed up low-level read/write actions on
SFTPFile objects by using bytearray/memoryview. This is unlikely to
change anything for users of the higher level methods like
SFTPClient.get or SFTPClient.getfo, but users of SFTPClient.open will
likely see orders of magnitude improvements for files larger than a
few megabytes in size.
- Thanks to @jkji for the original report and to Sevastian Tchernov
for the patch.
- [Support] Add six explicitly to install-requires; it snuck into
active use at some point but has only been indicated by transitive
dependency on bcrypt until they somewhat-recently dropped it. This
will be short-lived until we drop Python 2 support. Thanks to
Sondre Lillebø Gundersen for catch & patch.
Signed-off-by: Javier Marcet <javier@marcet.info>
I can't seem to see any package that needs it.
This was added for cryptography, since it was needed up to version 2.7
asn1-crypto doesn't have a user since commit 9d892e3cf8
So, remove it.
Abandoned packaged PR: https://github.com/openwrt/packages-abandoned/pull/23
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
With the removal of Seafile, these library packages no longer have any
in-repo users. They will be imported into the abandoned packages
repo[1].
[1]: https://github.com/openwrt/packages-abandoned/pull/24
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
- 1.3.1:
- Fix 10 year old bug and improve dispatcher handling for
run_forever
- Fix run_forever to never return None, only return True or False,
and add two tests
- Remove Python 3.6 support, EOL in Dec 2021
- 1.3.0:
- BREAKING: Set Origin header to use https:// scheme when wss://
WebSocket URL is passed
- Replace deprecated/broken WebSocket URLs with working ones
(6ad5197)
- Add documentation referencing rel for automatic reconnection with
run_forever()
- Add missing opcodes 1012, 1013
- Add errno.ENETUNREACH to improve error handling (da1b050)
- Minor documentation improvements and typo fixes
- 1.2.3:
- Fix broken run_forever() functionality
- 1.2.2:
- Migrate wsdump script in setup.py from scripts to newer
entry_points
- Add support for ssl.SSLContext for arbitrary SSL parameters
- Remove keep_running variable
- Remove HAVE_CONTEXT_CHECK_HOSTNAME variable (dac1692)
- Replace deprecated ssl.PROTOCOL_TLS with ssl.PROTOCOL_TLS_CLIENT
- Simplify code and improve Python 3 support
- Fill default license template fields
- Update CI tests
- Improve documentation
Signed-off-by: Javier Marcet <javier@marcet.info>
- BACKWARD COMPATIBILITY:
- Dropped support for EOL Pythons 2.7, 3.4 and 3.5
- Dropped support for LSB and uname back-ends when --root-dir is
specified
- Moved distro.py to src/distro/distro.py
- ENHANCEMENTS:
- Documented that distro.version() can return an empty string on
- rolling releases
- Documented support for Python 3.10
- Added official support for Rocky Linux distribution
- Added a shebang to distro.py to allow standalone execution
- Added support for AIX platforms
- Added compliance for PEP-561
- BUG FIXES:
- Fixed include_uname parameter oversight
- Fixed crash when uname -rs output is empty
- Fixed Amazon Linux identifier in distro.id() documentation
- Fixed OpenSuse >= 15 support
- Fixed encoding issues when opening distro release files
- Fixed linux_distribution regression
Signed-off-by: Javier Marcet <javier@marcet.info>
Includes fix for CVE-2022-21716 (The Twisted SSH client and server
implementation naively accepted an infinite amount of data for the
peer's SSH version identifier.)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
1. updated to 5.9.0
2. psutil can not be built on macos due to build script detects Darwin
using sys.platform and changes build logic to build for Darwin, but
OpenWrt is Linux.
This commit add patch to allow redefining sys.platform and uses
env var TARGET_SYS_PLATFORM to specify linux as sys platfrom.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
- Removed PYPI_SOURCE_EXT as this release provides tarball with .tar.gz
extension, which is default.
- Changelog: https://dnspython.readthedocs.io/en/stable/whatsnew.html
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
setup.py detects macos (darwin) and adds -flat_namespace flag. This
flag is not compatible with GCC that is used to compile target.
This patch patch disables darwin detection
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
The last tagged release (v1.9.3) was in 2017. This updates the package
to the most recent commit of the master branch.
This also sets myself at the maintainer.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
- [Bug]: Enhanced log output when connecting to servers that do not
support server-sig-algs extensions, making the new-as-of-2.9
defaulting to SHA2 pubkey algorithms more obvious when it kicks in.
- [Bug]: Connecting to servers which support server-sig-algs but
which have no overlap between that list and what a Paramiko client
supports, now raise an exception instead of defaulting to
rsa-sha2-512 (since the use of server-sig-algs allows us to know
what the server supports).
Signed-off-by: Javier Marcet <javier@marcet.info>
